Intrusion detection model using fusion of PCA and optimized SVM

Intrusion detection systems (IDS) play a major role in detecting the attacks that occur in the computer or networks. Anomaly intrusion detection models detect new attacks by observing the deviation from profile. However there are many problems in the traditional IDS such as high false alarm rate, low detection capability against new network attacks and insufficient analysis capacity. The use of machine learning for intrusion models automatically increases the performance with an improved experience. This paper proposes a novel method of integrating principal component analysis (PCA) and support vector machine (SVM) by optimizing the kernel parameters using automatic parameter selection technique. This technique reduces the training and testing time to identify intrusions thereby improving the accuracy. The proposed method was tested on KDD data set. The datasets were carefully divided into training and testing considering the minority attacks such as U2R and R2L to be present in the testing set to identify the occurrence of unknown attack. The results indicate that the proposed method is successful in identifying intrusions. The experimental results show that the classification accuracy of the proposed method outperforms other classification techniques using SVM as the classifier and other dimensionality reduction or feature selection techniques. Minimum resources are consumed as the classifier input requires reduced feature set and thereby minimizing training and testing overhead time.

[1]  Qingsheng Zhu,et al.  Finding key attribute subset in dataset for outlier detection , 2011, Knowl. Based Syst..

[2]  Muhammad Hussain,et al.  Enhancing SVM performance in intrusion detection using optimal feature subset selection based on genetic principal components , 2014, Neural Computing and Applications.

[3]  Sung Deok Cha,et al.  Empirical evaluation of SVM-based masquerade detection using UNIX commands , 2005, Comput. Secur..

[4]  I. Sumaiya Thaseen,et al.  A hybrid anomaly detection model using G-LDA , 2014, 2014 IEEE International Advance Computing Conference (IACC).

[5]  T. Ambwani,et al.  Multi class support vector machine implementation to intrusion detection , 2003, Proceedings of the International Joint Conference on Neural Networks, 2003..

[6]  Chih-Fong Tsai,et al.  A triangle area based nearest neighbors approach to intrusion detection , 2010, Pattern Recognit..

[7]  Lekha Bhambhu,et al.  DATA CLASSIFICATION USING SUPPORT VECTOR MACHINE , 2009 .

[8]  Siyang Zhang,et al.  A novel hybrid KPCA and SVM with GA model for intrusion detection , 2014, Appl. Soft Comput..

[9]  S. Srinoy,et al.  Anomaly-Based Intrusion Detection using Fuzzy Rough Clustering , 2006, 2006 International Conference on Hybrid Information Technology.

[10]  Trevor Hastie,et al.  Regularization Paths for Generalized Linear Models via Coordinate Descent. , 2010, Journal of statistical software.

[11]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Worm Detection and Signature Generation , 2005, RAID.

[12]  Bernhard Schölkopf,et al.  Estimating the Support of a High-Dimensional Distribution , 2001, Neural Computation.

[13]  Zhang Yi,et al.  A hierarchical intrusion detection model based on the PCA neural networks , 2007, Neurocomputing.

[14]  C. A. Kumar,et al.  An analysis of supervised tree based classifiers for intrusion detection system , 2013, 2013 International Conference on Pattern Recognition, Informatics and Mobile Engineering.

[15]  Cherukuri Aswani Kumar,et al.  Analysis of unsupervised dimensionality reduction techniques , 2009, Comput. Sci. Inf. Syst..

[16]  Lijuan Cao,et al.  A comparison of PCA, KPCA and ICA for dimensionality reduction in support vector machine , 2003, Neurocomputing.

[17]  Yinhui Li,et al.  An efficient intrusion detection system based on support vector machines and gradually feature removal method , 2012, Expert Syst. Appl..

[18]  Eleazar Eskin,et al.  Anomaly Detection over Noisy Data using Learned Probability Distributions , 2000, ICML.

[19]  Ajith Abraham,et al.  Modeling intrusion detection system using hybrid intelligent systems , 2007, J. Netw. Comput. Appl..

[20]  Chou-Yuan Lee,et al.  An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection , 2012, Appl. Soft Comput..

[21]  Roberto Battiti,et al.  Identifying intrusions in computer networks with principal component analysis , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[22]  Bhavani M. Thuraisingham,et al.  A new intrusion detection system using support vector machines and hierarchical clustering , 2007, The VLDB Journal.

[23]  Salvatore J. Stolfo,et al.  Anagram: A Content Anomaly Detector Resistant to Mimicry Attack , 2006, RAID.

[24]  Zhu Wang,et al.  A research using hybrid RBF/Elman neural networks for intrusion detection system secure model , 2009, Comput. Phys. Commun..

[25]  WangGang,et al.  A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering , 2010 .

[26]  Philip K. Chan,et al.  PHAD: packet header anomaly detection for identifying hostile network traffic , 2001 .

[27]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[28]  Chih-Jen Lin,et al.  A Practical Guide to Support Vector Classication , 2008 .

[29]  Dong Seong Kim,et al.  Fusions of GA and SVM for Anomaly Detection in Intrusion Detection System , 2005, ISNN.

[30]  Tai-Myoung Chung,et al.  Effective Value of Decision Tree with KDD 99 Intrusion Detection Datasets for Intrusion Detection System , 2008, 2008 10th International Conference on Advanced Communication Technology.

[31]  Ajith Abraham,et al.  Feature deduction and ensemble design of intrusion detection systems , 2005, Comput. Secur..

[32]  Philip K. Chan,et al.  Detecting novel attacks by identifying anomalous network packet headers , 2001 .

[33]  Hussein A. Abbass,et al.  An adaptive genetic-based signature learning system for intrusion detection , 2009, Expert Syst. Appl..

[34]  I. Sumaiya Thaseen,et al.  Network attacks identification using consistency based feature selection and self organizing maps , 2014, 2014 First International Conference on Networks & Soft Computing (ICNSC2014).

[35]  Fatima Ardjani,et al.  Optimization of SVM Multiclass by Particle Swarm (PSO-SVM) , 2010 .