Abstract
Intrusion detection system (IDS) is becoming a critical component of network security. However, the performance of many proposed intelligent intrusion detection models is still not competent to be applied to real network security. This paper aims to explore a novel and effective approach to significantly improve the performance of IDS. An intrusion detection model with twin support vector machines (TWSVMs) is proposed. In this model, an efficient algorithm is also proposed to determine the parameter of TWSVMs. The performance of the proposed intrusion detection model is evaluated with KDD’99 dataset and is compared with those of some recent intrusion detection models. The results demonstrate that the proposed intrusion detection model achieves remarkable improvement in intrusion detection rate and more balanced performance on each type of attacks. Moreover, TWSVMs consume much less training time than standard support vector machines (SVMs).
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Sperotto A, Schaffrath G, Sadre R, et al. An overview of IP flow-based intrusion detection [J]. IEEE Communications Surveys & Tutorials, 2010, 12(3): 343–356.
Li P, Salour M, Su X. A survey of Internet worm detection and containment [J]. IEEE Communications Surveys & Tutorials, 2008, 10(1): 20–35.
Zhang J, Zulkernine M, Haque A. Randomforests-based network intrusion detection systems [J]. IEEE Transactions on System, Man, and Cybernetics. Part C: Applications and Reviews, 2008, 38(5): 649–659.
Lee W, Stolfo S J, Mok K W. A data mining framework for building intrusion detection models [C]//Proceedings of the 1999 IEEE Symposium on Security and Privacy. Oakland, USA: IEEE, 1999: 120–132.
Koc L, Mazzuchi T A, Sarkani S. A network intrusion detection system based on a hidden Naïve bayes multiclass classifier [J]. Expert Systems with Applications, 2012, 39(18): 13492–13500.
Wang G, Hao J, Ma J, et al. A new approach to intrusion detection using artificial neural networks and fuzzy clustering [J]. Expert Systems with Applications, 2010, 37(9): 6225–6232.
Shon T, Kovah X, Moon J. Applying genetic algorithm for classifying anomalous TCP/IP packets [J]. Neurocomputing, 2006, 69(16–18): 2429–2433.
Tsai C F, Lin C Y. A triangle area based nearest neighbors approach to intrusion detection [J]. Pattern Recognition, 2010, 43(1): 222–229.
Lin S W, Ying K C, Lee C Y, et al. An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection [J]. Applied Soft Computing, 2012, 12(10): 3285–3290.
Nie W, He D. A probability approach to anomaly detection with twin support vector machines [J]. Journals of Shanghai Jiaotong University (Science), 2010, 15(4): 385–391.
Jayadeva, Khemchandani R, Chandra S. Twin support vector machines for pattern classification [J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2007, 29(5): 905–910.
Mangasarian O L. Nonlinear programming [M]. Philadelphia, USA: SIAM, 1994: 131–145.
Kramer K A, Hall L O, Goldgof D B, et al. Fast support vector machines for continuous data [J]. IEEE Transactions on System, Man, and Cybernetics. Part B: Cybernetics, 2009, 39(4): 989–1001.
Lin S W, Lee Z J, Chen S C, et al. Parameter determination of support vector machines and feature selection using simulated annealing approach [J]. Applied Soft Computing, 2008, 8(4): 1505–1512.
Schölkopf B, Smola A J. Learning with kernels: Support vector machines, regularization, optimization and beyond [M]. London, England: MIT Press, 2001: 25–60.
UCI Knowledge Discovery in Databases Archive. KDD cup’99 data set [EB/OL]. (1999-10-28) [2013-02-25]. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
Sung A H, Mukkamala S. Identifying important features for intrusion detection using support vector machines and neural networks [C]//Proceedings of the 2003 Symposium on Applications and the Internet (SAINT’03). Orlando, USA: IEEE, 2003: 209–216.
Sheikhan M, Jadidi Z, Farrokhi A. Intrusion detection using reduced-size RNN based on feature grouping [J]. Neural Computing & Applications, 2012, 21(6): 1185–1190.
Peng X. Building sparse twin support vector machine classifiers in primal space [J]. Information Sciences, 2011, 181(18): 3967–3980.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: the National Natural Science Foundation of China (Nos. 61202082 and 61003285), and the Fundamental Research Funds for the Central Universities of China (Nos. BUPT2012RC0219 and BUPT2012RC0218)
Rights and permissions
About this article
Cite this article
He, J., Zheng, Sh. Intrusion detection model with twin support vector machines. J. Shanghai Jiaotong Univ. (Sci.) 19, 448–454 (2014). https://doi.org/10.1007/s12204-014-1524-4
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12204-014-1524-4