Prior Knowledge SVM-based Intrusion Detection Framework

In anomaly intrusion detection, normal profile of target system is built with labeled data sets. But it is time consuming and expensive to label data items. Human knowledge can be used to compensate the lack of labeled data. In this paper, we describe a weighted margin SVM (support vector machine) framework incorporating with pre-defined experienced detection rules to build up normal profile. With the redefinition of data item distance on heterogeneous properties, we use a modified version of LIBSVM to perform model training and detection. We use KDDCup99 ID data set for detection and several metrics are defined to explain effect of detection algorithm which shows our detection framework is more accurate and of good generalization ability than the old ones.

[1]  Jian Yin,et al.  Multi-events analysis for anomaly intrusion detection , 2004, Proceedings of 2004 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.04EX826).

[3]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[4]  Alexander J. Smola,et al.  Learning with non-positive kernels , 2004, ICML.

[5]  Lipo Wang,et al.  A gradual noisy chaotic neural network for solving the broadcast scheduling problem in packet radio networks , 2006, IEEE Trans. Neural Networks.

[6]  Takashi Matsuhisa Bayesian Communication under Rough Sets Information , 2006, 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology Workshops.

[7]  Qiang Chen,et al.  Probabilistic techniques for intrusion detection based on computer audit data , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[8]  Kenichi Yoshida,et al.  Entropy based intrusion detection , 2003, 2003 IEEE Pacific Rim Conference on Communications Computers and Signal Processing (PACRIM 2003) (Cat. No.03CH37490).

[9]  John C. Platt,et al.  Fast training of support vector machines using sequential minimal optimization, advances in kernel methods , 1999 .

[10]  Lipo Wang Support vector machines : theory and applications , 2005 .

[11]  Rohini K. Srihari,et al.  Incorporating prior knowledge with weighted margin support vector machines , 2004, KDD.

[12]  Andrew H. Sung,et al.  Intrusion detection using an ensemble of intelligent paradigms , 2005, J. Netw. Comput. Appl..

[13]  Guan Xiao,et al.  Network Intrusion Detection Based on Support Vector Machine , 2003 .

[14]  Thorsten Joachims,et al.  Transductive Inference for Text Classification using Support Vector Machines , 1999, ICML.

[15]  Yong Wang,et al.  Network Connection Based Intrusion detection Using Rough Set Classification , 2006, 2006 International Conference on Communications, Circuits and Systems.