Intrusion Detection System Based on Cost Based Support Vector Machine

In this paper, a novel intrusion detection system (IDS) is developed using a cost based support vector machine (SVM). While developing an IDS, due to the imbalanced characteristics it is very difficult to differentiate the attack events from a non-attack (normal) event in any network environment. The cost based SVM facilitates to put much weight to one pattern over another ones to differentiate attack and non-attack cases with a high accuracy. The same can be applied on a multiclass attack problems by using cost factor to each ratio of different types of attacks. In this study, the cost based SVM has been applied to classify DARPA99 intrusion detection dataset. The experimental results show that the cost based SVM can outperform standard SVM while attempting to differentiate a case as either attack or non-attack (normal). Furthermore, we applied the cost based SVM with an RBF kernel to a multiclass attack problem. Experimental result achieved about 99 % detection accuracy when it was applied to detect the type of attacks as either of Normal, DOS, Probe and R2L from DARPA99 dataset.

[1]  Iftikhar Ahmad,et al.  A Review of Classification Approaches Using Support Vector Machine in Intrusion Detection , 2011 .

[2]  Hervé Debar,et al.  An application of a recurrent network to an intrusion detection system , 1992, [Proceedings 1992] IJCNN International Joint Conference on Neural Networks.

[3]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[4]  Peng Wu,et al.  Security audit system using Adaptive Genetic Algorithm and Support Vector Machine , 2010, 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE).

[5]  Rung Ching Chen,et al.  Using Rough Set and Support Vector Machine for Network Intrusion Detection System , 2009, 2009 First Asian Conference on Intelligent Information and Database Systems.

[6]  Risto Miikkulainen,et al.  Intrusion Detection with Neural Networks , 1997, NIPS.

[7]  Katharina Morik,et al.  Combining Statistical Learning with a Knowledge-Based Approach - A Case Study in Intensive Care Monitoring , 1999, ICML.

[8]  Andrew H. Sung,et al.  Biased Support Vector Machines and Kernel Methods for Intrusion Detection , 2007, World Congress on Engineering.

[9]  Jingwen Tian,et al.  Intrusion Detection Method Based on Classify Support Vector Machine , 2009, 2009 Second International Conference on Intelligent Computation Technology and Automation.

[10]  Yinglong Ma,et al.  An intrusion detection method based on KICA and SVM , 2008, 2008 7th World Congress on Intelligent Control and Automation.

[11]  Guan Xiaoqing,et al.  Network intrusion detection method based on Agent and SVM , 2010, 2010 2nd IEEE International Conference on Information Management and Engineering.

[12]  Li Hongwei,et al.  Ad hoc-based feature selection and support vector machine classifier for intrusion detection , 2007, 2007 IEEE International Conference on Grey Systems and Intelligent Services.

[13]  Vladimir N. Vapnik,et al.  The Nature of Statistical Learning Theory , 2000, Statistics for Engineering and Information Science.

[14]  Jingbo Yuan,et al.  Intrusion Detection Model Based on Improved Support Vector Machine , 2010, 2010 Third International Symposium on Intelligent Information Technology and Security Informatics.

[15]  Andrew H. Sung,et al.  Intrusion detection using an ensemble of intelligent paradigms , 2005, J. Netw. Comput. Appl..

[16]  Simon Haykin,et al.  Neural Networks: A Comprehensive Foundation , 1998 .

[17]  Mamun Bin Ibne Reaz,et al.  A novel SVM-kNN-PSO ensemble method for intrusion detection system , 2016, Appl. Soft Comput..