Haifeng Lv,Xiaoyu Ji,Yong Ding

DOI: https://doi.org/10.1088/1742-6596/2517/1/012016

2023-01-01

Journal of Physics Conference Series

Abstract:The intrusion detection system (IDS) plays an important part because it offers an efficient way to prevent and mitigate cyber attacks. Numerous deep learning methods for intrusion anomaly detection have been developed as a result of recent advances in artificial intelligence (AI) in order to strengthen internet security. The balance among the high detection rate (DR), the low false alarm rate (FAR) and disaster of dimensionality is the crucial apprehension while devising an effective IDS. For the binary classification of intrusion detection systems, we present in this study a mixed model called K-means-XGBoost consisting of K-means and (Extreme Gradient Boosting, XGBoost) algorithms. The distributed computation of our method is achieved in Spark platform to rapidly separate normal events and anomaly events. In phrases of accuracy, DR, F1-score, recall, precision, and error indices FAR, the proposed model’s performance is measured via the well-known dataset of NSL-KDD. The experimental outcomes indicate that our method is outstandingly better among accuracy, DR, F1-score, training time, and processing speed, compared to other models which are recently created. In particular, the accuracy, F1-score, and DR of the proposed model can achieve as high as 93.28%, 94.39%, and 99.22% in the NSL-KDD dataset, respectively.

张琨,许满武,刘凤玉,张宏

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.18.017

2004-01-01

Abstract:An intrusion detection system based on support vector machine is designed and implemented. The generalizing ability of intrusion detection system is still good when the priori knowledge is less (namely, the sample size is small). Comparison of detection ability between the above detection method and BP neural network shows that the intrusion detection system based on support vector machine can effectively detect intrusion and can dramatically shorten the training time under the same detection performance condition.

WANG TAO,GONG HUILI

DOI: https://doi.org/10.3969/j.issn.1008-0570.2006.36.031

2006-01-01

Abstract:In order to improve the safety of information system, the method of SVM based on statistics learning theory is used in the intrusion detection system, which ensures that SVM classifier has the higher accuracy in the absence of transcendent knowledge, and achieve the aim that SVM can accurately predict the abnormal state of system. By the use of this method, the limitation of traditional machine learning method is avoided and ensure the stronger extension ability.,which make intrusion detection system to have the bet- ter detecting performance.

ZHANG Kun,CAO Hong-xin,YAN Han,LIU Feng-yu

DOI: https://doi.org/10.3969/j.issn.1001-3695.2006.05.034

2006-01-01

Abstract:Apply SVM technique to network intrusion detection,and propose a network abnormal intrusion detection model based on SVM.The experimental results demonstrate that the proposed model has higher detection accuracy of intrusions,especially for some unknown attacks.It proves that SVM can effectively detect intrusion.

Zhang Xue-qin,Gu Chun-hua,Lin Jia-jin

DOI: https://doi.org/10.1109/chinacom.2006.344739

2006-01-01

Abstract:Support vector machine (SVM) has been applied to intrusion detection system (IDS) for its abilities to perform classification and regression. But for large-scale network intrusion detection problem, since solving a support vector machine is a typical quadratic optimization problem, which is influenced by the dimension and quantity of examples, many problems arise. KDDCUP'99 was used as the experiment dataset in this paper. A feature selection technology based on Fisher score was presented and used to construct a reduced feature subset of KDDCUP'99 dataset. SVM was used as a classifier. Experiment was run. The experiment results show, using Fisher score combined with SVM to select the important features is an effective method to reduce the dimension of the example feature space, and the classification accuracy has not dramatically decreased comparing to the original feature space.

Lihua Su,Wenhua Bai,Zhanghua Zhu,Xuan He

DOI: https://doi.org/10.1088/1742-6596/2037/1/012074

2021-01-01

Journal of Physics Conference Series

Abstract:There are some problems such as the high false negative rate and false positive rate in intrusion detection technology. The paper researches on the technology of intrusion detection based on support vector machine. The forming process of SVM classifier is analyzed. The choice of kernel function is discussed. The experimental results show that the SVM-based intrusion detection system with the appropriate kernel function has high detection-accuracy and it can effectively predict and classify the network attacks.

Bhoopesh Singh Bhati,C. S. Rai

DOI: https://doi.org/10.1007/s13369-019-03970-z

IF: 2.807

2019-07-02

Arabian Journal for Science and Engineering

Abstract:From the last few decades, people do various transaction activities like air ticket reservation, online banking, distance learning, group discussion and so on using the internet. Due to explosive growth of information exchange and electronic commerce in the recent decade, there is a need to implement some security mechanisms in order to protect sensitive information. Detection of any intrusive behavior is one of the most important activity for protecting our data and assets. Various intrusion detection systems are incorporated in the network for detecting intrusive behavior. In this paper, an analytical study of support vector machine (SVM)-based intrusion detection techniques is presented. Here, the methodology involves four major steps, namely, data collection, preprocessing, SVM technique for training and testing and decision. The simulated results have been analyzed based on overall detection accuracy, Receiver Operating Characteristic and (ROC) Confusion Matrix. NSL-KDD dataset is used to analyze the performance of SVM techniques. NSL-KDD dataset is a benchmark for intrusion detection technique and contains huge amount of network records. The analyzed results show that Linear SVM, Quadratic SVM, Fine Gaussian SVM and Medium Gaussian SVM give 96.1%, 98.6%, 98.7% and 98.5% overall detection accuracy, respectively.

multidisciplinary sciences

ZHANG Kun,CAO Hong-xin,LIU Feng-yu,LI Qian-mu

DOI: https://doi.org/10.3969/j.issn.1005-9830.2007.04.001

2007-01-01

Abstract:In view of the problems of using traditional machine learning method to detect the network intrusions,this paper proposes a network intrusion detection model based on support vector machine(SVM).Experimental results demonstrate that the proposed model has higher detection accuracy of intrusions and avoids the limitation of the detection methods based on traditional machine learning.In the training,considering the effect of different network data features on the intrusion detection results,a new weighted feature classification method is also brought forward,which improves the accuracy of network intrusion detection.

Mikel K. Ngueajio,Gloria Washington,Danda B. Rawat,Yolande Ngueabou

DOI: https://doi.org/10.48550/arXiv.2209.05579

2022-09-12

Cryptography and Security

Abstract:With the growing rates of cyber-attacks and cyber espionage, the need for better and more powerful intrusion detection systems (IDS) is even more warranted nowadays. The basic task of an IDS is to act as the first line of defense, in detecting attacks on the internet. As intrusion tactics from intruders become more sophisticated and difficult to detect, researchers have started to apply novel Machine Learning (ML) techniques to effectively detect intruders and hence preserve internet users' information and overall trust in the entire internet network security. Over the last decade, there has been an explosion of research on intrusion detection techniques based on ML and Deep Learning (DL) architectures on various cyber security-based datasets such as the DARPA, KDDCUP'99, NSL-KDD, CAIDA, CTU-13, UNSW-NB15. In this research, we review contemporary literature and provide a comprehensive survey of different types of intrusion detection technique that applies Support Vector Machines (SVMs) algorithms as a classifier. We focus only on studies that have been evaluated on the two most widely used datasets in cybersecurity namely: the KDDCUP'99 and the NSL-KDD datasets. We provide a summary of each method, identifying the role of the SVMs classifier, and all other algorithms involved in the studies. Furthermore, we present a critical review of each method, in tabular form, highlighting the performance measures, strengths, and limitations of each of the methods surveyed.

ZHANG Yi-Rong,XIAN Ming,XIAO Shun-Ping,WANG Guo-Yu

2006-01-01

Computer Science

Abstract:This paper presented the implementation of a hybird anomaly intrusion detection technique based on rough set attribute reduction and support vector machine(SVM). According to the high dimension of network records with feature attributes,the rough set attribute reduction approach is firstly utilized to reducing data space and then the v-SVM algorithm is introduced into processing normalized data set. Experiments on DARPA 1998 data set show that the proposed anomaly detection technique achieves a comparable precise detection rate as the v-SVM algorithm based on all feature attributes,however,evidently decreases detection time as well as storage space.

Xin Xu,Xuening Wang

DOI: https://doi.org/10.1007/11527503_82

2005-01-01

Abstract:Network intrusion detection is an important technique in computer security. However, the performance of existing intrusion detection systems (IDSs) is unsatisfactory since new attacks are constantly developed and the speed of network traffic volumes increases fast. To improve the performance of IDSs both in accuracy and speed, this paper proposes a novel adaptive intrusion detection method based on principal component analysis (PCA) and support vector machines (SVMs). By making use of PCA, the dimension of network data patterns is reduced significantly. The multi-class SVMs are employed to construct classification models based on training data processed by PCA. Due to the generalization ability of SVMs, the proposed method has good classification performance without tedious parameter tuning. Dimension reduction using PCA may improve accuracy further. The method is also superior to SVMs without PCA in fast training and detection speed. Experimental results on KDD-Cup99 intrusion detection data illustrate the effectiveness of the proposed method.

彭小金,武小年

DOI: https://doi.org/10.3969/j.issn.1008-1151.2014.03.002

2014-01-01

Abstract:In order to remove the redundancy and noise characteristics in network intrusion detection data set, reduce the data processing difficulty and improve the detection performance, a intrusion detection method based on feature selection and support vector machine is proposed. The method using the proposed feature selection algorithm base on the model of support vector machine classifier to select the best combination of features is applied to intrusion detection systems. Simulation results show that this method can not only reduce the number of features, thereby decreasing the training and testing time, but also improve the classification accuracy of intrusion detection.

Duan Danqing,Chen Songqiao,Yang Weiping

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.01.037

2006-01-01

Abstract:Intrusion Detection System(IDS)has become an important part of network security,the traditional abnormal detection are heavily dependent on the large training data set to get high accuracy rate,but to obtain sufficient training data is difficult in real network environment.In order to solve the problem of the excessive expense caused by obtaining the training data set,in this paper,we use the Support Vector Machine(SVM)active learning algorithm in network intrusion detection.Compared with the traditional self-learning algorithm,our experiment shows,active learning algorithm can immensely reduce the number of the training date and improve the performance of classifier in intrusion detection system.

Zy Ma,L Zhen,Xf Liao

DOI: https://doi.org/10.1109/ICNNB.2005.1614773

2005-01-01

Abstract:We implement multi-class SVMs (by one-versus-rest, one-versus-rest method and a new Decision Tree (DT) SVM) for intrusion detection. None of these methods show advantages over two-class method wherever in detection accuracy or time cost in our experiments. We also apply a support vector (SV) reduction algorithm and find that it decreases the training time dramatically while improves the detection rate.

XU Wenlong,YAO Lihong,PAN Li,NI Yousheng

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.18.050

2006-01-01

Abstract:Transductive support vector machines (TSVM) classifies the new data vector based on the information only related to this data vector. This paper proposes an anomaly network traffic detection method based on TSVM. The KDD-99 intrusion detection competition data set is used to illustrate the performances of the TSVM. The performance-comparisons of TSVM and traditional inductive SVM are presented. The results show that TSVM can be used in intrusion detection practically.

DUAN Dan-qing,CHEN Song-qiao,YANG Wei-ping,WANG Jia-yang

2008-01-01

Abstract:Proposed a method of detecting intrusion using SVM based on Rough Ret Theory(RST).The reduction algorithm based on RST is used to eliminate the redundant features of sample dataset,in order to reduce the space dimension of the sample data.Using this method,it can overcome the shortages of SVM — time-consuming of training and massive dataset storage.Experiment results show,using this method can improve the efficient of SVM by reduce the training time and test time,but not reduce the accuracy of SVM.

Li Zou,Xuemei Luo,Yan Zhang,Xiao Yang,Xiangwen Wang

DOI: https://doi.org/10.1109/access.2023.3251354

IF: 3.9

2023-01-01

IEEE Access

Abstract:Network intrusion detection is an important technology in national cyberspace security strategy and has become a research hotspot in various cyberspace security issues in recent years. The development of effective and efficient intelligent network intrusion detection methods using advanced machine learning algorithms is of great importance for defending against various network intrusions in complex network environments. In this study, a network intrusion detection method based on decision tree twin support vector machine and hierarchical clustering, named HC-DTTWSVM, is proposed, which can effectively detect different categories of network intrusion. First, the hierarchical clustering algorithm is applied to construct the decision tree for network traffic data, where the bottom-up merging approach is used to maximize the separation of the upper nodes of the decision tree, which reduces the error accumulation in the construction of the decision tree. Then, twin support vector machines are embedded in the constructed decision tree to implement the network intrusion detection model, which can effectively detect the network intrusion category in a top-down manner. The detection performance of the proposed HC-DTTWSVM method is evaluated on NSL-KDD and UNSW-NB15 intrusion detection benchmark datasets. Experimental results show that HC-DTTWSVM can effectively detect different categories of network intrusion and achieves comparable detection performance compared to some of the recently proposed network intrusion detection methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Qian Huang,Zhen Wang,Tao Wei,Yu Chen

2006-01-01

Abstract:This paper presents an algorithm for intrusion detection, based on one-class support vector machine (SVM) and online training of SVM. The algorithm formulates intrusion detection as a one-class classification problem. The model-building part of the algorithm works even when the training data is noisy, and therefore compared with regular SVM algorithms, it imposes fewer requirements on the training set and has a higher detection rate. For the testing data containing new types of attack, the algorithm can add such data to the training set and update the training result real-time. It tests the algorithm on KDD CUP' 99 benchmark data set for intrusion detection and the result shows that the algorithm is able to shorten the training time, and in the same time, obtain a high detection rate.

WU Xiao-nian,PENG Xiao-jin,YANG Yu-yang,FANG Kun

DOI: https://doi.org/10.11959/j.issn.1000-436x.2015127

2015-01-01

Abstract:To select optimized features for intrusion detection，a two-level feature selection method based on support vector machine was proposed.This method set an evaluation index named feature evaluation value for feature selection，which was the ratio of the detection rate and false alarm rate.Firstly，this method filtrated noise and irrelevant features to reduce the feature dimension respectively by Fisher score and information gain in the filtration mode.Then，a crossing feature subset was obtained based on the above two filtered feature sets.And combining support vector machine，the sequential backward selection algorithm in the wrapper mode was used to select the optimal feature subset from the crossing feature subset.The simulation test results show that，the better classification performance is obtained according to the selected optimal feature subset，and the modeling time and testing time of the system are reduced effectively.