An Adaptive Network Intrusion Detection Method Based on PCA and Support Vector Machines

  • Xin Xu
  • Xuening Wang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3584)


Network intrusion detection is an important technique in computer security. However, the performance of existing intrusion detection systems (IDSs) is unsatisfactory since new attacks are constantly developed and the speed of network traffic volumes increases fast. To improve the performance of IDSs both in accuracy and speed, this paper proposes a novel adaptive intrusion detection method based on principal component analysis (PCA) and support vector machines (SVMs). By making use of PCA, the dimension of network data patterns is reduced significantly. The multi-class SVMs are employed to construct classification models based on training data processed by PCA. Due to the generalization ability of SVMs, the proposed method has good classification performance without tedious parameter tuning. Dimension reduction using PCA may improve accuracy further. The method is also superior to SVMs without PCA in fast training and detection speed. Experimental results on KDD-Cup99 intrusion detection data illustrate the effectiveness of the proposed method.


Support Vector Machine Intrusion Detection Anomaly Detection Intrusion Detection System Structural Risk Minimization Principle 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Lippmann, R., Cunningham, R.: Improving Intrusion Detection Performance Using Keyword Selection and Neural Networks. Computer Networks 34(4), 597–603 (2000)CrossRefGoogle Scholar
  2. 2.
    Lee, W., Stolfo, S.J.: Data Mining Approaches for Intrusion Detection. In: Proceedings of the 1998 USENIX Security Symposium (1998)Google Scholar
  3. 3.
    Lee, W., Stolfo, S., Mok, K.: Adaptive Intrusion Detection: A Data Mining Approach. Artificial Intelligence Review 14(6), 533–567 (2000)zbMATHCrossRefGoogle Scholar
  4. 4.
    Luo, J., Bridges, S.M.: Mining Fuzzy Association Rules and Fuzzy Frequency Episodes for Intrusion Detection. International Journal of Intelligent Systems, 687–703 (2000)Google Scholar
  5. 5.
    Cannady, J.: Applying Neural Networks to Misuse Detection. In: Proceedings of the 21st National Information Systems Security Conference (1998)Google Scholar
  6. 6.
    Mahoney, M., Chan, P.: Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks. In: Proceedings of 8th International Conference on Knowledge Discovery and Data Mining, pp. 376–385 (2002)Google Scholar
  7. 7.
    Shah, H., Undercoffer, J., Joshi, A.: Fuzzy Clustering for Intrusion Detection. In: Proceedings of the 12th IEEE International Conference on Fuzzy Systems, pp. 1274–1278 (2003)Google Scholar
  8. 8.
    Jolliffe, I.T.: Principal Component Analysis, 2nd edn. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  9. 9.
    Hastie, T.J., Tibshirani, R.J., Friedman, J.H.: The Elements of Statistical Learning: Data Mining, Inference, and Prediction. Springer, Heidelberg (2001)zbMATHGoogle Scholar
  10. 10.
    Platt, J.: Fast Training of Support Vector Machines using Sequential Minimal Optimization. In: Scholkopf, B., Burges, C.J.C., Smola, A.J. (eds.) Advances in Kernel Methods—Support Vector Learning, pp. 185–208. MIT Press, Cambridge (1999)Google Scholar
  11. 11.
    Lin, C.-J.: Formulations of Support Vector Machines: a Note from an Optimization Point of View. Neural Computation 13(2), 307–317 (2001)zbMATHCrossRefGoogle Scholar
  12. 12.
    Fan, R.-E., Chen, P.-H., Lin, C.-J.: Working Set Selection using the Second Order Information for Training SVM. Technical report, Department of Computer Science, National Taiwan University (2005)Google Scholar
  13. 13.
    Vapnik, V.N.: Statistical Learning Theory. Wiley, Chichester (1998)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Xin Xu
    • 1
    • 2
  • Xuening Wang
    • 2
  1. 1.School of ComputerNational University of Defense TechnologyChangshaP.R.China
  2. 2.Institute of AutomationNational University of Defense TechnologyChangshaP.R.China

Personalised recommendations