Incremental SVM based on reserved set for network intrusion detection

Research highlights? We develop an improved incremental SVM algorithm, named RS-ISVM, to deal with network intrusion detection. ? To reduce the noise generated by feature differences, we propose a modified kernel function U-RBF, with the mean and mean square difference values of feature attributes embedded in kernel function RBF. ? Given the oscillation problem that usually occurs in traditional incremental SVM's follow-up learning process, we present a reserved set strategy which can keep those samples that are more likely to be the support vectors in the following computation process. ? Moreover, in order to shorten the training time, a concentric circle method is suggested to be used in selecting samples to form the reserved set. We develop an improved incremental SVM algorithm, named RS-ISVM, to deal with network intrusion detection. To reduce the noise generated by feature differences, we propose a modified kernel function U-RBF, with the mean and mean square difference values of feature attributes embedded in kernel function RBF. Then, given the oscillation problem that usually occurs in traditional incremental SVM's follow-up learning process, we present a reserved set strategy which can keep those samples that are more likely to be the support vectors in the following computation process. Moreover, in order to shorten the training time, a concentric circle method is suggested to be used in selecting samples to form the reserved set. Academic researches and data experiments show that RS-ISVM can ease the oscillation phenomenon in the learning process and achieve pretty good performance, meanwhile, its reliability is relative high.

[1]  Tai-Myoung Chung,et al.  Effective Value of Decision Tree with KDD 99 Intrusion Detection Datasets for Intrusion Detection System , 2008, 2008 10th International Conference on Advanced Communication Technology.

[2]  Gu Hongying DoS Intrusion Detection Based on Incremental Learning with Support Vector Machines , 2006 .

[3]  Yongdae Kim,et al.  A machine learning framework for network anomaly detection using SVM and GA , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[4]  Cheng Xiang,et al.  Design of Multiple-Level Hybrid Classifier for Intrusion Detection System , 2005, 2005 IEEE Workshop on Machine Learning for Signal Processing.

[5]  Simin Nadjm-Tehrani,et al.  Adaptive real-time anomaly detection with incremental clustering , 2007, Inf. Secur. Tech. Rep..

[6]  Fei Ren,et al.  Using Density-Based Incremental Clustering for Anomaly Detection , 2008, 2008 International Conference on Computer Science and Software Engineering.

[7]  Eleazar Eskin,et al.  Anomaly Detection over Noisy Data using Learned Probability Distributions , 2000, ICML.

[8]  Surat Srinoy,et al.  Intrusion Detection Model Based On Particle Swarm Optimization and Support Vector Machine , 2007, 2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications.

[9]  V. Rao Vemuri,et al.  Robust Support Vector Machines for Anomaly Detection in Computer Security , 2003, ICMLA.

[10]  Huan Liu,et al.  Handling concept drifts in incremental learning with support vector machines , 1999, KDD '99.

[11]  Jung-Min Park,et al.  Network anomaly detection with incomplete audit data , 2007, Comput. Networks.

[12]  Zhang Hong-da New algorithm for SVM-Based incremental learning , 2006 .

[13]  Hong Shen,et al.  Application of online-training SVMs for real-time intrusion detection with different considerations , 2005, Comput. Commun..

[14]  Ajith Abraham,et al.  Modeling intrusion detection system using hybrid intelligent systems , 2007, J. Netw. Comput. Appl..