Haifeng Lv,Xiaoyu Ji,Yong Ding

DOI: https://doi.org/10.1088/1742-6596/2517/1/012016

2023-01-01

Journal of Physics Conference Series

Abstract:The intrusion detection system (IDS) plays an important part because it offers an efficient way to prevent and mitigate cyber attacks. Numerous deep learning methods for intrusion anomaly detection have been developed as a result of recent advances in artificial intelligence (AI) in order to strengthen internet security. The balance among the high detection rate (DR), the low false alarm rate (FAR) and disaster of dimensionality is the crucial apprehension while devising an effective IDS. For the binary classification of intrusion detection systems, we present in this study a mixed model called K-means-XGBoost consisting of K-means and (Extreme Gradient Boosting, XGBoost) algorithms. The distributed computation of our method is achieved in Spark platform to rapidly separate normal events and anomaly events. In phrases of accuracy, DR, F1-score, recall, precision, and error indices FAR, the proposed model’s performance is measured via the well-known dataset of NSL-KDD. The experimental outcomes indicate that our method is outstandingly better among accuracy, DR, F1-score, training time, and processing speed, compared to other models which are recently created. In particular, the accuracy, F1-score, and DR of the proposed model can achieve as high as 93.28%, 94.39%, and 99.22% in the NSL-KDD dataset, respectively.

MAO Jian-yang,HUANG Dao

DOI: https://doi.org/10.3969/j.issn.1006-3080.2006.08.021

2006-01-01

Abstract:This paper presents a novel approach to incremental support vector machine (SVM) learning algorithm. It analyses the possible change of support vector set after new samples are added to training set. Based on the analysis result, a novel algorithm is presented. In this algorithm useless sample is discarded and knowledge is accumulated. The experiment result shows that this algorithm is more effective than traditional SVM while the classification precision is also guaranteed.

Yinggang Zhao,Qinming He

DOI: https://doi.org/10.1109/coginf.2006.365593

2006-01-01

Abstract:Incremental learning technique is usually used to solve large-scale problem. We firstly gave a modified support vector machine (SVM) classification method - support vector domain classifier (SVDC), then an incremental learning algorithm based on SVDC was proposed. The basic idea of this incremental algorithm is to obtain the initial target concepts using SVDC during the training procedure and then update these target concepts by an updating model. Different from the existed incremental learning approaches, in our algorithm, the model updating procedure equals to solve a quadratic programming (QP) problem, and the updated model still owns the property of spars solution. Compared with other existed incremental learning algorithms, the inverse procedure of our algorithm (i.e. decreasing learning) is easy to conduct without extra computation. Experiment results show our algorithm is effective and feasible

Yangguang Liu,Qi Chen,Yongchuan Tang,Qinming He

DOI: https://doi.org/10.1007/978-3-540-24655-8_45

2004-01-01

Abstract:Support Vector Machines (SVMs) have become a popular tool for learning with large amounts of high dimensional data. But it may sometimes be preferable to learn incrementally from previous SVM results, as SVMs which involve the solution of a quadratic programming problem suffer from the problem of large memory requirement and CPU time when trained in batch mode on large data sets. And the SVMs may be used in online learning setting. In this paper an approach for incremental learning with Support Vector Machines is presented. We define the normal solution of the incremental learning for SVMs which is defined as the solution minimizing a given positive-definite quadratic form in the coordinates of the difference vector between the normal vectors at the (k-1)-th and k-th incremental step and discuss the relation to standard SVM. It was shown that concept learned at last step will not change if new data satisfy separable condition and empirical evidence is given to prove that this approach can effectively deal with changes in the target concept that are results of the incremental learning setting according to three evaluation criteria: stability, improvement and recoverability.

Yinggang Zhao,Qinming He

2006-01-01

Abstract:category (forexample, samples withcategory labelyi=1), yettheother partofsample's category isunknown, then we Incremental learning technique isusually usedtosolvecandesign newtypeofclassifier basedonSVDD named large-scale problem. Wefirstly gaveamodif edsupport vectorsupport vector domain classifier (SVDC).Thisnewclassifier machine (SVM)classification method--support vectoronlyneedtodescribe thedatawithknowncategory, then domainclassifer (SVDC), thenanincremental learning obtaining thedescription boundary ofthisclass ofdata. algorithm basedonSVDCwasproposed. Thebasic ideaof Finally, we canclassify theunknownbinary-class data thisincremental algorithm istoobtain theinitial targetaccording totheobtained boundary. concepts using SVDCduring thetraining procedure andthen Inthis paper ourincremental learning algorithm isbased update these target concepts byanupdating model. Difierent on SVDC, andthisalgorithm ismotivated by the fromtheexisted incremental learning approaches, inour person-learning procedure. Whenlearning a complicated algorithm, themodelupdating procedure equals tosolve a concept, people usually obtain ainitial concept byusing part quadratic programming (QP)problem, andtheupdated model ofuseful information, thenupdate theobtained concept by still ownstheproperty ofspars solution. Compared withotherutilizing new information. Intermofourincremental existed incremental learningalgorithms, theinverse procedure algorithm basedonSVDC,itfirstly utilize partofdata ofouralgorithm (i.e. decreasing learning) iseasytoconduct(memoryspace permitting), thenobtain aconcept (namely the without extra computation. Experiment results showour parameter ofobtained decision hypersurface) by SVDC algorithm iseffective andfeasible. learning algorithm, finally according totheinformation of decision hypersurface acquired inlaststep, update the parameter ofdecision hypersurface gained inlast step utilizing

Yangguang Liu,Qinming He,Qi Chen

DOI: https://doi.org/10.1109/wcica.2004.1340997

2004-01-01

Abstract:Support Vector Machines (SVMs) have become a popular tool for learning with large amounts of high dimensional data. But it may sometimes be preferable to learn incrementally from previous SVM results, as SVMs which involve the solution of a quadratic programming problem suffer from the problem of large memory requirement and CPU time when trained in batch mode on large data sets. And the SVMs may be used in online learning setting. We proposed an approach for incremental batch learning with Support Vector Machines for classification and regression, and define the normal solution of the incremental batch learning with SVMs as the solution minimizing a given positive-definite quadratic form in the coordinates of the difference vector between the normal vectors at the (k-1)-th and k-th incremental batch step and discuss the relation to standard SVM. It is shown that concept learned at last step will not change if new data satisfy separable condition and empirical evidence is given to prove that this approach can effectively deal with changes in the target concept that are results of the incremental learning setting according to three evaluation criteria: stability, improvement and recoverability.

HUANG Qi-chun,LIU Yang-guang,HE Qin-ming

DOI: https://doi.org/10.3785/j.issn.1008-973X.2008.12.015

2008-01-01

Abstract:An incremental learning algorithm based on support vector machine was proposed to process large scale data or data generated in batches. Initial goal concept learned by standard support vector machine algorithm was updated by an updating model. The model solved a convex quadratic programming similar to standard support vector machine algorithm. The algorithm proves that not only classification hyperplane but also the representation of classification hyperplane arenot changed during incremental learning procedure if the new samples arenot in the boundary in separable case. Decreasing learning procedure is easy to implement without extra computation and learning time is inversely proportional to incremental learning step compared with existing incremental learning support vector algorithms. Results show that the algorithm satisfies the three criteria of stability, improvement and recoverability.

Qian Huang,Zhen Wang,Tao Wei,Yu Chen

2006-01-01

Abstract:This paper presents an algorithm for intrusion detection, based on one-class support vector machine (SVM) and online training of SVM. The algorithm formulates intrusion detection as a one-class classification problem. The model-building part of the algorithm works even when the training data is noisy, and therefore compared with regular SVM algorithms, it imposes fewer requirements on the training set and has a higher detection rate. For the testing data containing new types of attack, the algorithm can add such data to the training set and update the training result real-time. It tests the algorithm on KDD CUP' 99 benchmark data set for intrusion detection and the result shows that the algorithm is able to shorten the training time, and in the same time, obtain a high detection rate.

Chao Wang,Yunxiao Sun,Sicai Lv,Chonghua Wang,Hongri Liu,Bailing Wang

DOI: https://doi.org/10.3390/electronics12040930

IF: 2.9

2023-02-13

Electronics

Abstract:Intrusion detection systems (IDSs) play a significant role in the field of network security, dealing with the ever-increasing number of network threats. Machine learning-based IDSs have attracted a lot of interest owing to their powerful data-driven learning capabilities. However, it is challenging to train the supervised learning algorithms when there are no attack data at hand. Semi-supervised anomaly detection algorithms, which train the model with only normal data, are more suitable. In this study, we propose a novel semi-supervised anomaly detection-based IDS that leverages the capabilities of representation learning and two anomaly detectors. In detail, the autoencoder (AE) is applied to extract representative features of normal data in the first step, and then two semi-supervised detectors, the one-class support vector machine (OCSVM) and Gaussian mixture model (GMM), are trained on the derived features. The two detectors collaborate to detect anomalous samples. The OCSVM predicts the abnormal samples initially, and after that, the GMM is applied to recheck the misclassified samples further. The experiments demonstrate that the AE improves the detection rate, and two detectors are more promising than a single one.

engineering, electrical & electronic,computer science, information systems,physics, applied

Jun Zheng,Hui Yu,Furao Shen,Jinxi Zhao

DOI: https://doi.org/10.1007/s00521-011-0793-1

2010-01-01

Abstract:Support Vector Machines (SVMs) have gained outstanding generalization in many fields. However, standard SVM and most modified SVMs are in essence batch learning, which makes them unable to handle incremental learning well. Also, such SVMs are not able to handle large-scale data effectively because they are costly in terms of memory and computing consumption. In some situations, plenty of Support Vectors (SVs) are produced, which generally means a long testing time. In this paper, we propose an online incremental learning SVM for large data sets. The proposed method mainly consists of two components, Learning Prototypes (LPs) and Learning SVs (LSVs). Experimental results demonstrate that the proposed algorithm is effective for incremental learning problems and large-scale problems.

Mikel K. Ngueajio,Gloria Washington,Danda B. Rawat,Yolande Ngueabou

DOI: https://doi.org/10.48550/arXiv.2209.05579

2022-09-12

Cryptography and Security

Abstract:With the growing rates of cyber-attacks and cyber espionage, the need for better and more powerful intrusion detection systems (IDS) is even more warranted nowadays. The basic task of an IDS is to act as the first line of defense, in detecting attacks on the internet. As intrusion tactics from intruders become more sophisticated and difficult to detect, researchers have started to apply novel Machine Learning (ML) techniques to effectively detect intruders and hence preserve internet users' information and overall trust in the entire internet network security. Over the last decade, there has been an explosion of research on intrusion detection techniques based on ML and Deep Learning (DL) architectures on various cyber security-based datasets such as the DARPA, KDDCUP'99, NSL-KDD, CAIDA, CTU-13, UNSW-NB15. In this research, we review contemporary literature and provide a comprehensive survey of different types of intrusion detection technique that applies Support Vector Machines (SVMs) algorithms as a classifier. We focus only on studies that have been evaluated on the two most widely used datasets in cybersecurity namely: the KDDCUP'99 and the NSL-KDD datasets. We provide a summary of each method, identifying the role of the SVMs classifier, and all other algorithms involved in the studies. Furthermore, we present a critical review of each method, in tabular form, highlighting the performance measures, strengths, and limitations of each of the methods surveyed.

Alimov Abdulboriy,Ji Sun Shin

DOI: https://doi.org/10.1109/access.2024.3361041

IF: 3.9

2024-02-10

IEEE Access

Abstract:With the rapid growth of digitalization and the increasing volume of data, the cybersecurity threat landscape is expanding at an alarming rate. Intrusion Detection Systems (IDS) have been widely employed in conjunction with firewalls to safeguard networks. However, traditional IDS systems operate in a static manner, rendering them vulnerable to obsolescence and necessitating costly retraining efforts. As a result, the demand for dynamic models capable of handling continuous streams of network traffic has surged as they can learn from the incoming traffic without the need to old data and costly retraining. In response to this challenge, we have implemented an enhanced approach: an incremental majority voting IDS system, which utilizes existing tools and techniques to improve the robustness and adaptability of intrusion detection By leveraging the collective decision-making power of multiple machine learning models such as: KNN classifier, Softmax Regressor and Adaptive Random Forest classifier, our system aims to improve the accuracy, especially reducing false alarm rates, and effectiveness of intrusion detection in real-time scenarios. Through this research, we have managed to obtain a model which scores 96.43% of accuracy as well as giving 100% precision for majority type of attacks. By successfully handling the imbalanced nature of streaming data, our adopted model shows promising potential as a high-performing solution for IDS and can be considered one of the robust IDS models capable of dealing with real-world imbalanced datasets.

computer science, information systems,telecommunications,engineering, electrical & electronic

HE Yin,CHEN Xiao-Guang

2006-01-01

Abstract:An uplink Multi-Carrier CDMA(MC-CDMA) multi-user detector based on Incremental Support Vector Machine(ISVM) is proposed in this paper.The proposed detector minishes training set by discarding history samples and maintains strong ability of nonlinear classification with more proper incremental learning methods based on reasonable analysis of relationship between new training samples and old Support Vector Machine(SVM)’s hyperplane.Comparison curves are drawn between the proposed detector and traditional detection technologies,and simulation results show that the proposed detector based on ISVM can well approach the optimum detection performance.

Jin Ye,Xiangyang Cheng,Jian Zhu,Luting Feng,Ling Song

DOI: https://doi.org/10.1155/2018/9804061

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:The detection of DDoS attacks is an important topic in the field of network security. The occurrence of software defined network (SDN) (Zhang et al., 2018) brings up some novel methods to this topic in which some deep learning algorithm is adopted to model the attack behavior based on collecting from the SDN controller. However, the existing methods such as neural network algorithm are not practical enough to be applied. In this paper, the SDN environment by mininet and floodlight (Ning et al., 2014) simulation platform is constructed, 6-tuple characteristic values of the switch flow table is extracted, and then DDoS attack model is built by combining the SVM classification algorithms. The experiments show that average accuracy rate of our method is 95.24 % with a small amount of flow collecting. Our work is of good value for the detection of DDoS attack in SDN.

computer science, information systems,telecommunications

Zerong Zhao,Lina Ge,Guifen Zhang

DOI: https://doi.org/10.1145/3456415.3456431

2021-02-25

Abstract:In recent years, neural networks have been used to process network security data in intrusion detection, a process that is often highly nonlinear and strongly correlated. To address the problem that existing methods have high detection rates for known attack types, but have shortcomings in identifying emerging attack types, an intrusion detection (DBN-LSSVM) method combining a deep belief network (DBN) and a least-squares vector machine (LSSVM) is proposed. First, the original network dataset is pre-processed and the DBN is used to downscale the features of the dataset; then the PSO algorithm is used to optimize the input weights and implicit layer biases of LSSVM to establish an intrusion detection model; finally, simulation experiments are conducted on the KDD CUP 99 dataset. The experimental results show that compared with DBN-MSVM, DBN-BP, and SVM methods, the overall detection accuracy is significantly improved, and DBN-LSSVM has higher detection efficiency and better intrusion detection classification performance.

Li Zou,Xuemei Luo,Yan Zhang,Xiao Yang,Xiangwen Wang

DOI: https://doi.org/10.1109/access.2023.3251354

IF: 3.9

2023-01-01

IEEE Access

Abstract:Network intrusion detection is an important technology in national cyberspace security strategy and has become a research hotspot in various cyberspace security issues in recent years. The development of effective and efficient intelligent network intrusion detection methods using advanced machine learning algorithms is of great importance for defending against various network intrusions in complex network environments. In this study, a network intrusion detection method based on decision tree twin support vector machine and hierarchical clustering, named HC-DTTWSVM, is proposed, which can effectively detect different categories of network intrusion. First, the hierarchical clustering algorithm is applied to construct the decision tree for network traffic data, where the bottom-up merging approach is used to maximize the separation of the upper nodes of the decision tree, which reduces the error accumulation in the construction of the decision tree. Then, twin support vector machines are embedded in the constructed decision tree to implement the network intrusion detection model, which can effectively detect the network intrusion category in a top-down manner. The detection performance of the proposed HC-DTTWSVM method is evaluated on NSL-KDD and UNSW-NB15 intrusion detection benchmark datasets. Experimental results show that HC-DTTWSVM can effectively detect different categories of network intrusion and achieves comparable detection performance compared to some of the recently proposed network intrusion detection methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wu Liu,Ping Ren,Ke Liu,Duan Hai-xin

DOI: https://doi.org/10.1109/wicom.2011.6040153

2011-01-01

Abstract:This paper considers anomaly detection using an improved probabilistic neural networks. We first introduce a Basic Adaptive Boost Algorithm (BABA) and analysis its drawbacks and then introduce an Improved Adaptive Boost Algorithm (IABA) to classify the detected event as normal or intrusive. © 2011 IEEE.

陈光英,张千里,李星

DOI: https://doi.org/10.3321/j.issn:1000-436x.2002.05.010

2002-01-01

Abstract:An intrusion detection system based on SVM classification technique was designed and implemented. It uses the technique of support vector machine to recognize TCP network connections without the reference of the port numbers. If a connection is recognized in a category that is different from the type of service characterized by the port number, then the connection is considered abnormal. This paper also focused on how the trace time, the feature set size and the kernel function of SVM affect the recognition error rate. Results from preliminary experiments show that our system can detect abnormal TCP network connections.

Yuantao Chen,Jie Xiong,Weihong Xu,Jingwen Zuo

DOI: https://doi.org/10.1007/s10586-018-1772-4

2018-01-17

Cluster Computing

Abstract:In view of the long execution time and low execution efficiency of Support Vector Machine in large-scale training samples, the paper has proposed the online incremental and decremental learning algorithm based on variable support vector machine (VSVM). In deep understanding of the operation mechanism and correlation algorithms for VSVM, each sample has increased training datasets changes and it needs to update the classifier of learning algorithm. Firstly, they are given the online growth amount of learning algorithm taken full advantage of the incremental pre-calculated information, and doesn’t require retraining for the new incremental training datasets. Secondly, the incremental matrix inverse calculation process had greatly reduced the running time of algorithm, and it is given in order to verify out the validity of the online learning algorithm. Finally, the nine groups of datasets in the standard library have been selected in the pattern classification experiment. The experimental results are shown that the online learning algorithm given in the case to ensure the correct classification rates and effective training’s speed. With the implementation of the incremental process, training meetings, the need for large-scale data storage space, result in slow training, the online learning algorithm based on VSVM can solve the problem.