Severity-Regularized Deep Support Vector Data Description with Application to Intrusion Detection in Cybersecurity

Anomalies in real systems differ widely in impact, as such, missing a high-severity event can be far costlier and consequential than flagging a benign outlier. This paper introduces Severity-Regularized Deep Support Vector Data Description, an extention of deep support vector data description that incorporates severity for various anomaly types, reflecting the application-specific importance assigned to each type. The formulation retains the well-known deep support vector data description decision geometry and scoring system while allowing for specific control over the balance between false alarm rate and the prioritization of detecting anomalies with greater impact. In the proposed loss function, we introduce regularizing parameters that control the importance assign to each anomaly type. Experiments are carried out on a demanding simulated dataset and a real-world intrusion detection case study utilizing the Australian Defence Force Academy Linux Dataset. The results demonstrate the effectiveness of the proposed approach in detecting highly severe anomalies while maintaining competitive overall performance.