A cooperative Network Intrusion Detection based on SVMs

SVM is not as favored for large-scale data training as for Network Intrusion Detection because the training complexity of SVM is highly dependent on the size of training sample set. And the network information includes a large number of noise data that impact on constructing the boundary (separating hyperplane) of SVM. Some redundant sample points and noisy points are firstly removed in this paper according to the distance in high-dimensional feature space. And K-nearest neighbor algorithm guarantees sample points removed is the noise points. Then the remaining sample points provide an SVM with high quality samples that likely to carry most of the support vectors(SVs) such that they maximize the benefit of learning the SVM. Because different network protocols have different attributes, which must affect the detection effect. This paper proposes cooperative network intrusion detection based on SVMs. Three types of detecting agents are generated according to TCP, UDP and ICMP protocol. Finally, the result of simulations run on the data of KDDCUP 1999 shows there are a better detection effect with cooperative network intrusion detection based on multi SVMs.

[1]  H. P. Huang,et al.  Fuzzy Support Vector Machines for Pattern Recognition and Data Mining , 2002 .

[2]  XuLei Yang,et al.  Weighted support vector machine for data classification , 2005 .

[3]  Sheng-De Wang,et al.  Fuzzy support vector machines , 2002, IEEE Trans. Neural Networks.

[4]  Nello Cristianini,et al.  An Introduction to Support Vector Machines and Other Kernel-based Learning Methods , 2000 .

[5]  Xiaodan Wang,et al.  A New Algorithm for SVM Incremental Learning , 2006, 2006 8th international Conference on Signal Processing.

[6]  Qinming He,et al.  Incremental batch learning with support vector machines , 2004, Fifth World Congress on Intelligent Control and Automation (IEEE Cat. No.04EX788).

[7]  Edward Y. Chang,et al.  Concept boundary detection for speeding up SVMs , 2006, ICML '06.

[8]  Leo Breiman,et al.  Bagging Predictors , 1996, Machine Learning.

[9]  Robert P. W. Duin,et al.  Outlier Detection Using Classifier Instability , 1998, SSPR/SPR.

[10]  Vladimir N. Vapnik,et al.  The Nature of Statistical Learning Theory , 2000, Statistics for Engineering and Information Science.

[11]  Christopher J. C. Burges,et al.  A Tutorial on Support Vector Machines for Pattern Recognition , 1998, Data Mining and Knowledge Discovery.

[12]  Naiqi Wu,et al.  Cooperative Intrusion Detection Model Based on State Transition Analysis , 2007, CSCWD.

[13]  Xiao Li An Algorithm for Automatic Clustering Number Determination in Networks Intrusion Detection , 2008 .

[14]  Li Xiao,et al.  A Chinese Web Page Classifier Based on Support Vector Machine and Unsupervised Clustering , 2001 .

[15]  Igor Durdanovic,et al.  Parallel Support Vector Machines: The Cascade SVM , 2004, NIPS.

[16]  Teng Shaohua,et al.  Intrusion Detection Based on Fuzzy Support Vector Machines , 2009, 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing.

[17]  Deqin Yan,et al.  An Improved Fuzzy Support Vector Machine for Credit Rating , 2007, NPC.

[18]  Yue Wang,et al.  Weighted support vector machine for data classification , 2005, Proceedings. 2005 IEEE International Joint Conference on Neural Networks, 2005..

[19]  Jiawei Han,et al.  Data Mining: Concepts and Techniques , 2000 .

[20]  Jiawei Han,et al.  Classifying large data sets using SVMs with hierarchical clusters , 2003, KDD '03.

[21]  Yang Shao-quan,et al.  An Intrusion Detection System Based on Support Vector Machine , 2003 .

[22]  Tianqi Xu,et al.  Network Intrusion Detection Based on Support Vector Machine , 2009, 2009 International Conference on Management and Service Science.

[23]  Bernhard Schölkopf,et al.  New Support Vector Algorithms , 2000, Neural Computation.

[24]  Barruquer Moner IX. References , 1971 .

[25]  Hongle Du,et al.  A Cooperative Network Intrusion detection Based on Fuzzy SVMs , 2010, J. Networks.

[26]  William W. Cohen,et al.  Proceedings of the 23rd international conference on Machine learning , 2006, ICML 2008.

[27]  J. Chiang,et al.  A new kernel-based fuzzy clustering approach: support vector clustering with cell growing , 2003, IEEE Trans. Fuzzy Syst..

[28]  Tao Liang Fast Incremental SVM Learning Algorithm Based on Active Set Iterations , 2006 .

[29]  Stefan Rüping,et al.  Incremental Learning with Support Vector Machines , 2001, ICDM.

[30]  K. Fernow New York , 1896, American Potato Journal.

[31]  Chen You An Efficient Feature Selection Algorithm Toward Building Lightweight Intrusion Detection System , 2007 .

[32]  Li-Zhong Xiao,et al.  An Algorithm for Automatic Clustering Number Determination in Networks Intrusion Detection: An Algorithm for Automatic Clustering Number Determination in Networks Intrusion Detection , 2008 .

[33]  Vladimir Cherkassky,et al.  The Nature Of Statistical Learning Theory , 1997, IEEE Trans. Neural Networks.

[34]  Shaohua Teng,et al.  Video Temporal Segmentation Using Support Vector Machine , 2008, AIRS.

[36]  Li Kun,et al.  Fuzzy Multi-Class Support Vector Machine and Application in Intrusion Detection , 2005 .

[37]  Li Hong,et al.  A Learning Strategy of SVM Used to Large Training Set , 2004 .