Abstract
A new method called RS-MSVM (Rough Set and Multi-class Support Vector Machine) is proposed for network intrusion detection. This method is based on rough set followed by MSVM for attribute reduction and classification respectively. The number of attributes of the network data used in this paper is reduced from 41 to 30 using rough set theory. The kernel function of HVDM-RBF (Heterogeneous Value Difference Metric Radial Basis Function), based on the heterogeneous value difference metric of heterogeneous datasets, is constructed for the heterogeneous network data. HVDM-RBF and one-against-one method are applied to build MSVM. DARPA (Defense Advanced Research Projects Agency) intrusion detection evaluating data were used in the experiment. The testing results show that our method outperforms other methods mentioned in this paper on six aspects: detection accuracy, number of support vectors, false positive rate, false negative rate, training time and testing time.
Similar content being viewed by others
References
D. E. Denning. An intrusion detection model. IEEE Transactions on Software Engineering, 13(1987)2, 222–232.
Z. Pawlak. Rough sets. International Journal of Computer and Information Sciences, 11(1982)5, 341–356.
V. N. Vapnik. The Nature of Statistical Learning Theory. New York, Springer-Verlag, 1995, ch.1.
Chih-Wei Hsu, Chih-Jen Lin. A comparison of methods for multi-class support vector machines. IEEE Trans. on Neural Networks, 13(2002)2, 110–119.
D. Randall Wilson, Tony R. Martinez. Improved heterogeneous distance functions. Journal of Artificial Intelligence Research, 6(1997), 1–34.
Qinghua Zheng, Hui Li, Yun Xiao. A classified method based on support vector machine for grid computing intrusion detection. International Conference on Grid and Cooperative Computing, Wuhan, 2004, 875–878.
http://kdd.ics.uci.edu/datasets/kddcup99/kddcup.html, 2003-09-21.
Wenke Lee, S. J. Stolfo, K. W. Mok. A data mining framework for building intrusion detection models. Proceedings of the 1999 IEEE Symposium on Security and Privacy, Berkeley, California, 1999, 120–132.
http://www.idi.ntnu.no/:_aleks/rosetta/, 2003-11-12.
Tarun Ambwani. Multi class support vector machine implementation to intrusion detection. Proceedings of the 2003 IEEE International Joint Conference on Neural Networks, Portland, Oregon, 2003, 2300–2305.
http://www.csie.ntu.edu.tw/:_cjlin/libsvm, 2003-12-04.
Author information
Authors and Affiliations
Corresponding author
Additional information
Supported by the 863 High Tech. Project (2001AA140213) and the State Key Basic Research Project (2001CB309403).
About this article
Cite this article
Xiao, Y., Han, C., Zheng, Q. et al. Network intrusion detection method based on RS-MSVM. J. of Electron.(China) 23, 901–905 (2006). https://doi.org/10.1007/s11767-005-0078-x
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1007/s11767-005-0078-x