An Adaptive Network Intrusion Detection Method Based on PCA and Support Vector Machines
Network intrusion detection is an important technique in computer security. However, the performance of existing intrusion detection systems (IDSs) is unsatisfactory since new attacks are constantly developed and the speed of network traffic volumes increases fast. To improve the performance of IDSs both in accuracy and speed, this paper proposes a novel adaptive intrusion detection method based on principal component analysis (PCA) and support vector machines (SVMs). By making use of PCA, the dimension of network data patterns is reduced significantly. The multi-class SVMs are employed to construct classification models based on training data processed by PCA. Due to the generalization ability of SVMs, the proposed method has good classification performance without tedious parameter tuning. Dimension reduction using PCA may improve accuracy further. The method is also superior to SVMs without PCA in fast training and detection speed. Experimental results on KDD-Cup99 intrusion detection data illustrate the effectiveness of the proposed method.
KeywordsSupport Vector Machine Intrusion Detection Anomaly Detection Intrusion Detection System Structural Risk Minimization Principle
Unable to display preview. Download preview PDF.
- 2.Lee, W., Stolfo, S.J.: Data Mining Approaches for Intrusion Detection. In: Proceedings of the 1998 USENIX Security Symposium (1998)Google Scholar
- 4.Luo, J., Bridges, S.M.: Mining Fuzzy Association Rules and Fuzzy Frequency Episodes for Intrusion Detection. International Journal of Intelligent Systems, 687–703 (2000)Google Scholar
- 5.Cannady, J.: Applying Neural Networks to Misuse Detection. In: Proceedings of the 21st National Information Systems Security Conference (1998)Google Scholar
- 6.Mahoney, M., Chan, P.: Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks. In: Proceedings of 8th International Conference on Knowledge Discovery and Data Mining, pp. 376–385 (2002)Google Scholar
- 7.Shah, H., Undercoffer, J., Joshi, A.: Fuzzy Clustering for Intrusion Detection. In: Proceedings of the 12th IEEE International Conference on Fuzzy Systems, pp. 1274–1278 (2003)Google Scholar
- 10.Platt, J.: Fast Training of Support Vector Machines using Sequential Minimal Optimization. In: Scholkopf, B., Burges, C.J.C., Smola, A.J. (eds.) Advances in Kernel Methods—Support Vector Learning, pp. 185–208. MIT Press, Cambridge (1999)Google Scholar
- 12.Fan, R.-E., Chen, P.-H., Lin, C.-J.: Working Set Selection using the Second Order Information for Training SVM. Technical report, Department of Computer Science, National Taiwan University (2005)Google Scholar