Can Support Vectors Detect Exploits?

Abstract

An exploit is software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in operating system or other software products to cause unintended or unanticipated behaviour of computer software, hardware, or other electronic devices. Such behaviour includes actions like unauthorized gaining control of a computer system, unauthorized privilege escalation, or a denial-of-service attack. Although anti-malware products and signature-based intrusion detection systems provide reasonable level of security, they will not detect and prevent execution of new exploits or exploits that tend to evolve, as there is no signature in the anti-malware or intrusion detection database. To raise the overall level of security we have introduced one kernel-based machine learning method, named support vector machines, into an intrusion detection system that is capable of detecting exploits without employing signature database. Experimental evaluation of our solution is conducted on the custom dataset generated in isolated environment.