Anomaly intrusion detection based on wavelet kernel LS-SVM

In order to overcome the shortcomings in traditional anomaly intrusion detection methods, such as low detection rate and high false alarm rate, this paper proposes an intrusion detection method based on wavelet kernel Least Square Support Vector Machine (LS-SVM). As a new machine learning method, SVM has been used in Intrusion Detection System (IDS) recently and achieved certain effects. While the commonly used kernel functions of SVM such as RBF kernel and Gauss kernel are non-orthogonal, whose detection capacity and speed are unsatisfactory for complex non-linear system in IDS. LS-SVM is an evolution of classical SVM. It looks for the solution by solving linear equations instead of a convex quadratic programming in classical SVM. Wavelet kernel function has the capability of approximately orthogonal and multi-scale analysis, and has better classification and generalizing ability. Experiment on KDD CUP1999 shows our method could raise the accuracy of detection and decrease the false alarm rate.

[1]  Tony R. Martinez,et al.  Improved Heterogeneous Distance Functions , 1996, J. Artif. Intell. Res..

[2]  Yingxu Lai,et al.  A Data Mining Framework for Building Intrusion Detection Models Based on IPv6 , 2009, ISA.

[3]  Johan A. K. Suykens,et al.  Optimal control by least squares support vector machines , 2001, Neural Networks.

[4]  Michael Schatz,et al.  A Real-Time Intrusion Detection System Based on Learning Program Behavior , 2000, Recent Advances in Intrusion Detection.

[5]  Richard Baraniuk,et al.  Learning Minimum Volume Sets with Support Vector Machines , 2006, 2006 16th IEEE Signal Processing Society Workshop on Machine Learning for Signal Processing.

[6]  J. Suykens,et al.  Recurrent least squares support vector machines , 2000 .

[7]  Li Zhang,et al.  Wavelet support vector machine , 2004, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[8]  Andrew H. Sung,et al.  Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligence Techniques , 2003, Int. J. Digit. EVid..

[9]  Xueqin Zhang,et al.  Support Vector Machines for Anomaly Detection , 2006, 2006 6th World Congress on Intelligent Control and Automation.

[10]  Vladimir Vapnik,et al.  Statistical learning theory , 1998 .

[11]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).