A new intrusion detection method based on SVM with minimum within-class scatter

Intrusion detection has become an indispensable technique to ensure the security and reliability of information systems. Support vector machine (SVM) and its many improved algorithms have been successfully applied to intrusion detection systems in recent years. However, the training process of SVM ignores an important prior knowledge, the within-class structure in the training set. In this paper, we propose an improved classification algorithm, which combines minimum within-class scatter in Fisher discriminant analysis with traditional SVM. The central idea is to find an optimal separating hyperplane such that the margin is maximized, whereas the within-class scatter is kept as small as possible. This new algorithm is called SVM with minimum within-class scatter (WCS-SVM). A set of experiments is conducted on ten benchmarking datasets and KDDCUP'99 experimental data of MIT Lincoln Laboratory to test the generalization performance of the WCS-SVM algorithm. Experimental results show that the WCS-SVM algorithm has better discriminatory power than traditional SVM and kernel Fisher discriminant analysis and it has higher true detection rate and lower false positive rate for intrusion detection systems. Copyright © 2012 John Wiley & Sons, Ltd.

[1]  Yueting Zhuang,et al.  Adaptive key frame extraction using unsupervised clustering , 1998, Proceedings 1998 International Conference on Image Processing. ICIP98 (Cat. No.98CB36269).

[2]  R. Fisher THE USE OF MULTIPLE MEASUREMENTS IN TAXONOMIC PROBLEMS , 1936 .

[3]  Baver Okutmustur Reproducing kernel Hilbert spaces , 2005 .

[4]  Felipe Cucker,et al.  On the mathematical foundations of learning , 2001 .

[5]  G. Baudat,et al.  Generalized Discriminant Analysis Using a Kernel Approach , 2000, Neural Computation.

[6]  Vladimir N. Vapnik,et al.  The Nature of Statistical Learning Theory , 2000, Statistics for Engineering and Information Science.

[7]  Mikhail Belkin,et al.  Manifold Regularization : A Geometric Framework for Learning from Examples , 2004 .

[8]  Somesh Jha,et al.  Markov chains, classifiers, and intrusion detection , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[9]  S. V. Raghavan,et al.  Intrusion detection through learning behavior model , 2001, Comput. Commun..

[10]  Mikhail Belkin,et al.  Manifold Regularization: A Geometric Framework for Learning from Labeled and Unlabeled Examples , 2006, J. Mach. Learn. Res..

[11]  Bhavani M. Thuraisingham,et al.  A new intrusion detection system using support vector machines and hierarchical clustering , 2007, The VLDB Journal.

[12]  B. Scholkopf,et al.  Fisher discriminant analysis with kernels , 1999, Neural Networks for Signal Processing IX: Proceedings of the 1999 IEEE Signal Processing Society Workshop (Cat. No.98TH8468).

[13]  Johan A. K. Suykens,et al.  Least Squares Support Vector Machine Classifiers , 1999, Neural Processing Letters.

[14]  G. Wahba Support Vector Machines, Reproducing Kernel Hilbert Spaces and the Randomized GACV 1 , 1998 .

[15]  Volker Roth,et al.  Nonlinear Discriminant Analysis Using Kernel Functions , 1999, NIPS.

[16]  David R. Musicant,et al.  Lagrangian Support Vector Machines , 2001, J. Mach. Learn. Res..

[17]  Sheng-De Wang,et al.  Fuzzy support vector machines , 2002, IEEE Trans. Neural Networks.

[18]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[19]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[20]  Radford M. Neal Pattern Recognition and Machine Learning , 2007, Technometrics.

[21]  Vladimir Vapnik,et al.  An overview of statistical learning theory , 1999, IEEE Trans. Neural Networks.

[22]  Hongle Du,et al.  Intrusion Detection System Based on Improved SVM Incremental Learning , 2009, 2009 International Conference on Artificial Intelligence and Computational Intelligence.

[23]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[24]  Tony R. Martinez,et al.  Improved Heterogeneous Distance Functions , 1996, J. Artif. Intell. Res..