Fuzzy Multi-Class Support Vector Machines for cooperative network intrusion detection

A large number of noise data always exits when obtaining information through Internet, which deteriorates intrusion detection performance. In order to avoid the affection of noise data, data preprocessing needs to be done before the construction of hyperplane in Support Vector Machine (SVM). By importing fuzzy theory into SVM, a new method is proposed for cooperative network intrusion detection. Due to the various attack methods in different network protocol, a fuzzy membership function is formatted under each protocol, which means a unique Multi-Class SVM is suitable for only one network protocol. To implement this approach, a fuzzy Multi-Class-SVM-based cooperative network intrusion detection model with multi-agent architecture is presented in this paper, which is composed of three types of agents corresponding to TCP, UDP, and ICMP protocols, respectively and a statistic-based agent. Moreover, simulation experiments are performed by using KDD CUP 1999 data set while it is shown in the results that the training time can be significantly shortened, storage space requirement can be sharply reduced, and classification accuracy is improved apparently by using the SVM method preprocessing the data.

[1]  Daihee Park,et al.  Traffic flooding attack detection with SNMP MIB using SVM , 2008, Comput. Commun..

[2]  Sun Jian,et al.  An Intrusion Detection Ensemble System Based on the Features Extracted by PCA and ICA , 2006 .

[3]  Tianqi Xu,et al.  Network Intrusion Detection Based on Support Vector Machine , 2009, 2009 International Conference on Management and Service Science.

[4]  Li-Zhong Xiao,et al.  An Algorithm for Automatic Clustering Number Determination in Networks Intrusion Detection: An Algorithm for Automatic Clustering Number Determination in Networks Intrusion Detection , 2008 .

[5]  Ajith Abraham,et al.  Modeling intrusion detection system using hybrid intelligent systems , 2007, J. Netw. Comput. Appl..

[6]  Li Kun,et al.  Fuzzy Multi-Class Support Vector Machine and Application in Intrusion Detection , 2005 .

[7]  Wei Zhang,et al.  Cooperative network intrusion detection based on data fusion: Cooperative network intrusion detection based on data fusion , 2009 .

[8]  Naiqi Wu,et al.  Cooperative Intrusion Detection Model Based on State Transition Analysis , 2007, CSCWD.

[9]  Bernhard Schölkopf,et al.  New Support Vector Algorithms , 2000, Neural Computation.

[10]  Robert Cole The Computer Network , 1986 .

[11]  Vladimir Vapnik,et al.  Statistical learning theory , 1998 .

[12]  Fabio Roli,et al.  Fusion of multiple classifiers for intrusion detection in computer networks , 2003, Pattern Recognit. Lett..

[13]  Yang Shao-quan,et al.  An Intrusion Detection System Based on Support Vector Machine , 2003 .

[14]  Guan Xiao,et al.  Network Intrusion Detection Based on Support Vector Machine , 2003 .

[15]  Hong Shen,et al.  Application of online-training SVMs for real-time intrusion detection with different considerations , 2005, Comput. Commun..