Improving Anomalous Rare Attack Detection Rate for Intrusion Detection System Using Support Vector Machine and Genetic Programming

Commonly addressed problem in intrusion detection system (IDS) research works that employed NSL-KDD dataset is to improve the rare attacks detection rate. However, some of the rare attacks are hard to be recognized by the IDS model due to their patterns are totally missing from the training set, hence, reducing the rare attacks detection rate. This problem of missing rare attacks can be defined as anomalous rare attacks and hardly been solved in IDS literature. Hence, in this letter, we proposed a new classifier to improve the anomalous attacks detection rate based on support vector machine (SVM) and genetic programming (GP). Based on the experimental results, our classifier, GPSVM, managed to get higher detection rate on the anomalous rare attacks, without significant reduction on the overall accuracy. This is because, GPSVM optimization task is to ensure the accuracy is balanced between classes without reducing the generalization property of SVM.

[1]  Nitesh V. Chawla,et al.  SMOTE: Synthetic Minority Over-sampling Technique , 2002, J. Artif. Intell. Res..

[2]  Jinhua Huang,et al.  Intrusion detection system based on improved BP Neural Network and Decision Tree , 2012, 2012 IEEE Fifth International Conference on Advanced Computational Intelligence (ICACI).

[3]  Una-May O'Reilly,et al.  Genetic Programming II: Automatic Discovery of Reusable Programs. , 1994, Artificial Life.

[4]  Victor Valeriu Patriciu,et al.  Intrusions detection based on Support Vector Machine optimized with swarm intelligence , 2014, 2014 IEEE 9th IEEE International Symposium on Applied Computational Intelligence and Informatics (SACI).

[5]  Andy Liaw,et al.  Classification and Regression by randomForest , 2007 .

[6]  Yinhui Li,et al.  An efficient intrusion detection system based on support vector machines and gradually feature removal method , 2012, Expert Syst. Appl..

[7]  Chandler Jake,et al.  Proceedings of the International Joint Conference on Artificial Intelligence (IJCAI) , 2016 .

[8]  Chih-Fong Tsai,et al.  A triangle area based nearest neighbors approach to intrusion detection , 2010, Pattern Recognit..

[9]  Marc Parizeau,et al.  Genericity in Evolutionary Computation Software Tools: Principles and Case-study , 2006, Int. J. Artif. Intell. Tools.

[10]  Concha Bielza,et al.  Discrete Bayesian Network Classifiers , 2014, ACM Comput. Surv..

[11]  Siyang Zhang,et al.  A novel hybrid KPCA and SVM with GA model for intrusion detection , 2014, Appl. Soft Comput..

[12]  Wei-Yin Loh,et al.  Classification and regression trees , 2011, WIREs Data Mining Knowl. Discov..

[13]  C. S. Ravichandran,et al.  Efficient Classifier for R2L and U2R Attacks , 2012 .

[14]  Ian H. Witten,et al.  Generating Accurate Rule Sets Without Global Optimization , 1998, ICML.

[15]  Karl Rihaczek,et al.  1. WHAT IS DATA MINING? , 2019, Data Mining for the Social Sciences.

[16]  Saurabh Mukherjee,et al.  A Novel Multi-Classifier Layered Approach to Improve Minority Attack Detection in IDS☆ , 2012 .

[17]  Mark A. Hall,et al.  Correlation-based Feature Selection for Machine Learning , 2003 .

[18]  Ian Witten,et al.  Data Mining , 2000 .

[19]  Tapio Elomaa,et al.  A Walk from 2-Norm SVM to 1-Norm SVM , 2009, 2009 Ninth IEEE International Conference on Data Mining.

[20]  Vladimir N. Vapnik,et al.  The Nature of Statistical Learning Theory , 2000, Statistics for Engineering and Information Science.

[21]  Nello Cristianini,et al.  Controlling the Sensitivity of Support Vector Machines , 1999 .

[22]  D. Lalitha Bhaskari,et al.  Intrusion Detection Using Random Forests Classifier with SMOTE and Feature Reduction , 2013, 2013 International Conference on Cloud & Ubiquitous Computing & Emerging Technologies.