Haifeng Lv,Xiaoyu Ji,Yong Ding

DOI: https://doi.org/10.1088/1742-6596/2517/1/012016

2023-01-01

Journal of Physics Conference Series

Abstract:The intrusion detection system (IDS) plays an important part because it offers an efficient way to prevent and mitigate cyber attacks. Numerous deep learning methods for intrusion anomaly detection have been developed as a result of recent advances in artificial intelligence (AI) in order to strengthen internet security. The balance among the high detection rate (DR), the low false alarm rate (FAR) and disaster of dimensionality is the crucial apprehension while devising an effective IDS. For the binary classification of intrusion detection systems, we present in this study a mixed model called K-means-XGBoost consisting of K-means and (Extreme Gradient Boosting, XGBoost) algorithms. The distributed computation of our method is achieved in Spark platform to rapidly separate normal events and anomaly events. In phrases of accuracy, DR, F1-score, recall, precision, and error indices FAR, the proposed model’s performance is measured via the well-known dataset of NSL-KDD. The experimental outcomes indicate that our method is outstandingly better among accuracy, DR, F1-score, training time, and processing speed, compared to other models which are recently created. In particular, the accuracy, F1-score, and DR of the proposed model can achieve as high as 93.28%, 94.39%, and 99.22% in the NSL-KDD dataset, respectively.

MAO Jian-yang,HUANG Dao

DOI: https://doi.org/10.3969/j.issn.1006-3080.2006.08.021

2006-01-01

Abstract:This paper presents a novel approach to incremental support vector machine (SVM) learning algorithm. It analyses the possible change of support vector set after new samples are added to training set. Based on the analysis result, a novel algorithm is presented. In this algorithm useless sample is discarded and knowledge is accumulated. The experiment result shows that this algorithm is more effective than traditional SVM while the classification precision is also guaranteed.

Yangguang Liu,Qi Chen,Yongchuan Tang,Qinming He

DOI: https://doi.org/10.1007/978-3-540-24655-8_45

2004-01-01

Abstract:Support Vector Machines (SVMs) have become a popular tool for learning with large amounts of high dimensional data. But it may sometimes be preferable to learn incrementally from previous SVM results, as SVMs which involve the solution of a quadratic programming problem suffer from the problem of large memory requirement and CPU time when trained in batch mode on large data sets. And the SVMs may be used in online learning setting. In this paper an approach for incremental learning with Support Vector Machines is presented. We define the normal solution of the incremental learning for SVMs which is defined as the solution minimizing a given positive-definite quadratic form in the coordinates of the difference vector between the normal vectors at the (k-1)-th and k-th incremental step and discuss the relation to standard SVM. It was shown that concept learned at last step will not change if new data satisfy separable condition and empirical evidence is given to prove that this approach can effectively deal with changes in the target concept that are results of the incremental learning setting according to three evaluation criteria: stability, improvement and recoverability.

Yangguang Liu,Qinming He,Qi Chen

DOI: https://doi.org/10.1109/wcica.2004.1340997

2004-01-01

Abstract:Support Vector Machines (SVMs) have become a popular tool for learning with large amounts of high dimensional data. But it may sometimes be preferable to learn incrementally from previous SVM results, as SVMs which involve the solution of a quadratic programming problem suffer from the problem of large memory requirement and CPU time when trained in batch mode on large data sets. And the SVMs may be used in online learning setting. We proposed an approach for incremental batch learning with Support Vector Machines for classification and regression, and define the normal solution of the incremental batch learning with SVMs as the solution minimizing a given positive-definite quadratic form in the coordinates of the difference vector between the normal vectors at the (k-1)-th and k-th incremental batch step and discuss the relation to standard SVM. It is shown that concept learned at last step will not change if new data satisfy separable condition and empirical evidence is given to prove that this approach can effectively deal with changes in the target concept that are results of the incremental learning setting according to three evaluation criteria: stability, improvement and recoverability.

Yinggang Zhao,Qinming He

DOI: https://doi.org/10.1109/coginf.2006.365593

2006-01-01

Abstract:Incremental learning technique is usually used to solve large-scale problem. We firstly gave a modified support vector machine (SVM) classification method - support vector domain classifier (SVDC), then an incremental learning algorithm based on SVDC was proposed. The basic idea of this incremental algorithm is to obtain the initial target concepts using SVDC during the training procedure and then update these target concepts by an updating model. Different from the existed incremental learning approaches, in our algorithm, the model updating procedure equals to solve a quadratic programming (QP) problem, and the updated model still owns the property of spars solution. Compared with other existed incremental learning algorithms, the inverse procedure of our algorithm (i.e. decreasing learning) is easy to conduct without extra computation. Experiment results show our algorithm is effective and feasible

Yinggang Zhao,Qinming He

2006-01-01

Abstract:category (forexample, samples withcategory labelyi=1), yettheother partofsample's category isunknown, then we Incremental learning technique isusually usedtosolvecandesign newtypeofclassifier basedonSVDD named large-scale problem. Wefirstly gaveamodif edsupport vectorsupport vector domain classifier (SVDC).Thisnewclassifier machine (SVM)classification method--support vectoronlyneedtodescribe thedatawithknowncategory, then domainclassifer (SVDC), thenanincremental learning obtaining thedescription boundary ofthisclass ofdata. algorithm basedonSVDCwasproposed. Thebasic ideaof Finally, we canclassify theunknownbinary-class data thisincremental algorithm istoobtain theinitial targetaccording totheobtained boundary. concepts using SVDCduring thetraining procedure andthen Inthis paper ourincremental learning algorithm isbased update these target concepts byanupdating model. Difierent on SVDC, andthisalgorithm ismotivated by the fromtheexisted incremental learning approaches, inour person-learning procedure. Whenlearning a complicated algorithm, themodelupdating procedure equals tosolve a concept, people usually obtain ainitial concept byusing part quadratic programming (QP)problem, andtheupdated model ofuseful information, thenupdate theobtained concept by still ownstheproperty ofspars solution. Compared withotherutilizing new information. Intermofourincremental existed incremental learningalgorithms, theinverse procedure algorithm basedonSVDC,itfirstly utilize partofdata ofouralgorithm (i.e. decreasing learning) iseasytoconduct(memoryspace permitting), thenobtain aconcept (namely the without extra computation. Experiment results showour parameter ofobtained decision hypersurface) by SVDC algorithm iseffective andfeasible. learning algorithm, finally according totheinformation of decision hypersurface acquired inlaststep, update the parameter ofdecision hypersurface gained inlast step utilizing

Lu Lv,Wenhai Wang,Zeyin Zhang,Xinggao Liu

DOI: https://doi.org/10.1016/j.knosys.2020.105648

IF: 8.139

2020-01-01

Knowledge-Based Systems

Abstract:Intrusion detection is a challenging technology in the area of cyberspace security for protecting a system from malicious attacks. A novel accurate and effective misuse intrusion detection system that relies on specific attack signatures to distinguish between normal and malicious activities is therefore presented to detect various attacks based on an extreme learning machine with a hybrid kernel function (HKELM). First, the derivation and proof of the proposed hybrid kernel are given. A combination of the gravitational search algorithm (GSA) and differential evolution (DE) algorithm is employed to optimize the parameters of HKELM, which improves its global and local optimization abilities during prediction attacks. In addition, the kernel principal component analysis (KPCA) algorithm is introduced for dimensionality reduction and feature extraction of the intrusion detection data. Then, a novel intrusion detection approach, KPCA-DEGSA-HKELM, is obtained. The proposed approach is eventually applied to the classic benchmark KDD99 dataset, the real modern UNSW-NB15 dataset and the industrial intrusion detection dataset from the Tennessee Eastman process. The numerical results validate both the high accuracy and the time-saving benefit of the proposed approach.

LIU Ye,WANG Zebing,FENG Yan,GU Hongying

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.04.063

2006-01-01

Abstract:This paper proposes a novel method for DoS intrusion detection based on incremental learning with SVM whose main idea is to segment the training database which is composed of log files into sub-databases which are mutually exclusive each other, and each sub-database is trained in batch. During each training process, only support vector is reserved for future training and non-support-vector is discarded. Compared with the method based on traditional SVMs, this training algorithm obviously reduces training time and obtains high detection performance.

Alimov Abdulboriy,Ji Sun Shin

DOI: https://doi.org/10.1109/access.2024.3361041

IF: 3.9

2024-02-10

IEEE Access

Abstract:With the rapid growth of digitalization and the increasing volume of data, the cybersecurity threat landscape is expanding at an alarming rate. Intrusion Detection Systems (IDS) have been widely employed in conjunction with firewalls to safeguard networks. However, traditional IDS systems operate in a static manner, rendering them vulnerable to obsolescence and necessitating costly retraining efforts. As a result, the demand for dynamic models capable of handling continuous streams of network traffic has surged as they can learn from the incoming traffic without the need to old data and costly retraining. In response to this challenge, we have implemented an enhanced approach: an incremental majority voting IDS system, which utilizes existing tools and techniques to improve the robustness and adaptability of intrusion detection By leveraging the collective decision-making power of multiple machine learning models such as: KNN classifier, Softmax Regressor and Adaptive Random Forest classifier, our system aims to improve the accuracy, especially reducing false alarm rates, and effectiveness of intrusion detection in real-time scenarios. Through this research, we have managed to obtain a model which scores 96.43% of accuracy as well as giving 100% precision for majority type of attacks. By successfully handling the imbalanced nature of streaming data, our adopted model shows promising potential as a high-performing solution for IDS and can be considered one of the robust IDS models capable of dealing with real-world imbalanced datasets.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kaijian Liu,Zhen Fan,Meiqin Liu,Senlin Zhang

DOI: https://doi.org/10.1109/cyber.2018.8688271

2018-01-01

Abstract:This paper reviews the problem of instrusion detection for Smart Home and different approach to detect instrusion. A hybrid instrusion detection method based on Convolutional Neural Networks(CNN) and K-means is proposed in this paper. At smart home device node, K-means is used to generate the rule base by clustering, then Principal Component Analysis(PCA) is used to extract the dimensionality reduced features. During the test process, PCA is also used to extract the dimensionality reduced features, the feature matching is performed with the rule base to determine the intrusion data. At the smart home server side, a CNN model is proposed to detect the specific type of intrusion. Combined with Synthetic Minority Oversampling Technique(SMOTE) and under sampling techniques, the CNN model has great performance in reducing missing report rate(MRR) in minority categories. The results of the experiment conducted in KDD99 dataset show that such a hybrid method can improve the detection rate of smart home intrusion detection system and reduce MRR in minority categories.

S. K. Lakshminarayana,P. I. Basarkod

DOI: https://doi.org/10.1007/s11277-023-10722-8

IF: 2.017

2023-09-13

Wireless Personal Communications

Abstract:The Internet of Things and cyber physical systems are emerging networks that enable several additional layers of services to improve various facets of human life. The risk of network intrusions also rises as a result of these additional connected vulnerabilities. One method for detecting attacks and anomalies in the network is the intrusion detection system (IDS). But an efficient IDS is defined by two characteristics i.e., computational efficiency and classification efficiency with less false alarm rates, which can be achieved by preprocessing network traffic and identification of essential features. A k-nearest neighbor-(KNN) algorithm was used prominently in the development of network IDS due to its better detection rates. But it is very challenging to pick up an appropriate K-value for KNN and especially, when the data classes are imbalanced. Additionally, KNN is a lazy classifier since it does not learn a discriminative function from the training samples instead it memorizes them. This paper focuses on improving existing KNN classifier to achieve classification efficiency and speed in the execution of intrusion detection process. An improvement in shallow KNN is proposed by arranging the attributes of the data in a way that the sample data that is pertinent to distance computation, followed by quantification, and indexing nearest neighbors of the data block. The design and development of the proposed modified KNN driven IDS is carried out using python programming language executed on Anaconda distribution. The validation and effectiveness of the proposed work is done against benchmarked NSL-KDD dataset. The results shows that the proposed KNN++ are higher than classical KNN by 5.33%, LR by 28.17%, GNB by 72.67%, and SVM by 20.21%, in terms of F1 score.

telecommunications

Zhang Xue-qin,Gu Chun-hua,Lin Jia-jin

DOI: https://doi.org/10.1109/chinacom.2006.344739

2006-01-01

Abstract:Support vector machine (SVM) has been applied to intrusion detection system (IDS) for its abilities to perform classification and regression. But for large-scale network intrusion detection problem, since solving a support vector machine is a typical quadratic optimization problem, which is influenced by the dimension and quantity of examples, many problems arise. KDDCUP'99 was used as the experiment dataset in this paper. A feature selection technology based on Fisher score was presented and used to construct a reduced feature subset of KDDCUP'99 dataset. SVM was used as a classifier. Experiment was run. The experiment results show, using Fisher score combined with SVM to select the important features is an effective method to reduce the dimension of the example feature space, and the classification accuracy has not dramatically decreased comparing to the original feature space.

Fangjun Kuang,Siyang Zhang,Zhong Jin,Weihong Xu

DOI: https://doi.org/10.1007/s00500-014-1332-7

IF: 3.732

2014-01-01

Soft Computing

Abstract:A novel support vector machine (SVM) model by combining kernel principal component analysis (KPCA) with improved chaotic particle swarm optimization (ICPSO) is proposed to deal with intrusion detection. The proposed method, in which multi-layer SVM classifier is employed to estimate whether the action is an attack, KPCA is applied as a preprocessor of SVM to reduce the dimension of feature vectors and shorten training time. To shorten the training time and improve the performance of SVM, N-RBF is employed to reduce the noise generated by feature differences, and ICPSO is presented to optimize the punishment factor C, kernel parameters \(\sigma \) and the tube size \(\varepsilon \) of SVM, which introduces chaos optimization and premature processing mechanism. Experimental results illustrate that the improved SVM model has faster computational time and higher predictive accuracy, and it can also shorten the training time and improve the performance of SVM.

Qian Huang,Zhen Wang,Tao Wei,Yu Chen

2006-01-01

Abstract:This paper presents an algorithm for intrusion detection, based on one-class support vector machine (SVM) and online training of SVM. The algorithm formulates intrusion detection as a one-class classification problem. The model-building part of the algorithm works even when the training data is noisy, and therefore compared with regular SVM algorithms, it imposes fewer requirements on the training set and has a higher detection rate. For the testing data containing new types of attack, the algorithm can add such data to the training set and update the training result real-time. It tests the algorithm on KDD CUP' 99 benchmark data set for intrusion detection and the result shows that the algorithm is able to shorten the training time, and in the same time, obtain a high detection rate.

Xiaojun Lin,Patrick P. K. Chan

DOI: https://doi.org/10.1109/ICMLC.2014.7009106

2014-01-01

Abstract:The support vector machine (SVM), which is an effective and robust classifier, has been applied into many security problems successfully. Since these problems change over the time, the incremental learning is usually applied in SVMs. However, an intelligent adversary who misleads the learning of SVMs by manipulating the training samples may present in the security problems. As the conventional incremental learning algorithm of SVMs does not consider the adversarial attack, its performance may be affected significantly in the adversarial environment. In this paper, we investigate the vulnerabilities of incremental learning algorithm of SVM under the adversarial attack. The attack model to the incremental learning algorithm of SVM is proposed. The experimental results show that the accuracy of the incremental learning algorithm of SVM reduces dramatically under the proposed attack.

Li Zou,Xuemei Luo,Yan Zhang,Xiao Yang,Xiangwen Wang

DOI: https://doi.org/10.1109/access.2023.3251354

IF: 3.9

2023-01-01

IEEE Access

Abstract:Network intrusion detection is an important technology in national cyberspace security strategy and has become a research hotspot in various cyberspace security issues in recent years. The development of effective and efficient intelligent network intrusion detection methods using advanced machine learning algorithms is of great importance for defending against various network intrusions in complex network environments. In this study, a network intrusion detection method based on decision tree twin support vector machine and hierarchical clustering, named HC-DTTWSVM, is proposed, which can effectively detect different categories of network intrusion. First, the hierarchical clustering algorithm is applied to construct the decision tree for network traffic data, where the bottom-up merging approach is used to maximize the separation of the upper nodes of the decision tree, which reduces the error accumulation in the construction of the decision tree. Then, twin support vector machines are embedded in the constructed decision tree to implement the network intrusion detection model, which can effectively detect the network intrusion category in a top-down manner. The detection performance of the proposed HC-DTTWSVM method is evaluated on NSL-KDD and UNSW-NB15 intrusion detection benchmark datasets. Experimental results show that HC-DTTWSVM can effectively detect different categories of network intrusion and achieves comparable detection performance compared to some of the recently proposed network intrusion detection methods.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jian-Pei Zhang,Zhong-Wei Li,Jing Yang,Yuan Li

DOI: https://doi.org/10.1007/11539087_151

2005-01-01

Abstract:Support Vector Machine(SVM) has become a popular classification tool but the main disadvantages of SVM are their large memory requirement and computation time to deal with very large datasets. Therefore we prefer to incremental learning algorithms especially when the data available are obtained at different intervals. The key of SVM to incremental training is to assure the final results consists of almost all support vectors. This paper proposes a divisional incremental training algorithm of SVM, considering the possible impact of new training data to history learning results. Training data are divided into smaller sets to decrease the computation complexity and the support vectors are obtained in a crossed way. The experiment results on the real-world test dataset show that the classification accuracy is satisfying, and the efficiency of proposed incremental algorithm is superior to that of batch SVM model.

Shuang-fu HUANG,Xian-fu CHEN

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2010.03.018

2010-01-01

Abstract:In the study of the intrusion detection,the SVM based active learning algorithm can reduce the sample complexity.Aiming to improve the inferior quality of initial training set resulted from random construction and avoid the propensity to suboptimum in SVM based active learning algorithm,a modified algorithm was proposed.It both incorporates the algorithm of constructing initial training set with kernel-based clustering and the scheme of probabilistic query based on the distance criteria.The experiment result shows that the proposed algorithm needs less samples and is more stable under the same detection performance condition.

S. Gokul Pran,Sivakami Raja,S. Jeyasudha

DOI: https://doi.org/10.1002/acs.3771

IF: 3.369

2024-03-14

International Journal of Adaptive Control and Signal Processing

Abstract:Summary Intrusion detection is a cyber‐security method that is significant for network security. It is utilized to detect behaviors that compromise security and privacy within a network or in the context of a computer system. To enhance the identification, an Intrusion Detection System Based on the Beetle Swarm Optimization and K‐RMS Clustering Algorithm cluster‐based hybrid classifiers is proposed in this manuscript. Here, the data is amassed from CICIDS2017 dataset. Then the data is preprocessed to eradicate the unwanted noise. After completing the preprocessed data, it can be clustered by using K‐RMS clustering algorithm. This algorithm cluster the entire data to the associated cluster set depending on the data behavior. The classification algorithm is considered to predict the data as normal or attacking behaviors. The hybrid classification is used to predict the data. The solitary predictor aims to achieve high detection rates and accuracy. The hybrid classifiers, such as support vector machines, artificial neural networks are applied to recognize the normal or intruder. The performance of the SVM‐ANN‐IDS method attains 22.05%, 15.87%, 27.25% higher accuracy, 23.90% and 28.53% higher precision, 29.29%, 19.19% and 23.27% higher specificity and 18.28%, 24.36% and 27.49% greater recall when compared to the existing models, like developing novel deep‐learning model to improve network intrusion categorization (DNN‐IDS), Intrusion identification scheme on real‐time data traffic under machine learning techniques along feature selection method (RNN‐SVM‐IDS) and recurrent deep learning basis feature fusion ensemble meta‐classifier for intellectual network intrusion identification scheme (RNN‐IDS) respectively.

automation & control systems,engineering, electrical & electronic

Guanghui Song,Xiaogang Jin,Genlang Chen,Yan Nie

DOI: https://doi.org/10.1109/ISKE.2010.5680860

2010-01-01

Abstract:The source data of intrusion detection system (IDS) are characteristic of heavy-flow, high-dimension and nonlinearity. A frequent problem in IDS is the choice of the right features that give rise to compact and concise representations of the network data; the other is how to improve the detection efficiency and accuracy of IDS under the small sample conditions. In order to delete the redundant and noisy features, improve the performance of IDS, we present an efficient IDS based on multiple kernel learning (MKL) method. Kernel methods are the effective approaches to intrusion detection problems. MKL methods combined with support vector machines (SVMs) can overcome some practice difficulties of IDS such as irregular data, non-flat distribution of the samples, etc. Experiments on the KDD Cup (1999) intrusion detection data set show that MKL methods have a higher detection rate and a lower false alarm rate compared to single kernel methods.