Online Anomaly Detection Based on Support Vector Clustering

A two-phase online anomaly detection method based on support vector clustering (SVC) in the presence of non-stationary data is developed in this paper which permits arbitrary-shaped data clusters to be precisely treated. In the first step, offline learning is performed to achieve an appropriate detection model. Then the current model dynamically evolves to match the rapidly changing real-world data. To reduce the dimension of the quadratic programming (QP) problem emerging in the SVC, self-organizing map (SOM) and a replacement mechanism are used to summarize the incoming data. Thus, the proposed method can be efficiently and effectively useable in real time applications. The performance of the proposed method is evaluated by a simulated dataset, three subsets extracted from the KDD Cup 99 dataset, and the keystroke dynamics dataset. Results illustrate capabilities of the proposed method in detection of new attacks as well as normal pattern changes over the time.