Skip to main content
SpringerLink
Log in

SVM Approach with a Genetic Algorithm for Network Intrusion Detection

  • Conference paper
Computer and Information Sciences - ISCIS 2005 (ISCIS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3733))

Included in the following conference series:

Abstract

Due to the increase in unauthorized access and stealing of internet resources, internet security has become a very significant issue. Network anomalies in particular can cause many potential problems, but it is difficult to discern these from normal traffic. In this paper, we focus on a Support Vector Machine (SVM) and a genetic algorithm to detect network anomalous attacks. We first use a genetic algorithm (GA) for choosing proper fields of traffic packets for analysis. Only the selected fields are used, and a time delay processing is applied to SVM for considering temporal relationships among packets. In order to verify our approach, we tested our proposal with the datasets of MIT Lincoln Lab, and then analyzed its performance. Our SVM approach with selected fields showed excellent performance.

This work was supported by the Ministry of Information Communications, Korea, under the Information Technology Research Center Support Program supervised by the IITA.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, D., et al.: Detecting Unusual Program Behavior Using the Statistical Component of the Next-Generation Intrusion Detection, SRI-CSL-95-06, Computer Science Laboratory, SRI International, Menlo Park, CA (1995)

    Google Scholar 

  2. Anderson, D., et al.: Expert System (NIDES), Technical Report SRI-CSL-95-06, Computer Science Laboratory, SRI International, Menlo Park, CA (1995)

    Google Scholar 

  3. Cabrera, et al.: Statistical Traffic Modeling For Network Intrusion Detection. In: Proc of the 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems, San Francisco, CA, pp. 466–476 (2000)

    Google Scholar 

  4. Lee, W., Xiang, D.: Information-Theoretic Measures for Anomaly Detection. IEEE Symposium on Security and Privacy (2001)

    Google Scholar 

  5. Mahoney, M., Chan, P.: Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks. In: Proceedings of 8th International Conference on Knowledge Discovery and Data Mining, pp. 376–385 (2002)

    Google Scholar 

  6. Holland, J.: Adaptation in Natural and Artificial Systems. Michigan Press, Ann Arbor (1995)

    Google Scholar 

  7. Siedlecki, et al.: On automatic feature selection. International Journal of Pattern Recognition 2, 197–220 (1998)

    Article  Google Scholar 

  8. Langley, P.: Elements of Machine Learning. Morgan Kaufmann, San Francisco (1995)

    Google Scholar 

  9. Doak, J.: An evaluation of feature selection methods and their application to computer security, Technical Report CSE-92-18, Dept. of CS, UC at Davis, CA (1992)

    Google Scholar 

  10. Yang, J., Honavar, V.: Feature Subset Selection using a genetic algorithm. In: Proceedings of the Genetic Programming Conference, Stanford, CA, pp. 380–385 (1998)

    Google Scholar 

  11. Lau, M., Schultz, M.: A Feature Selection Method for Gene Expression Data with Thousands of Features, Technical Report, CS-490, Yale University (2002)

    Google Scholar 

  12. Vapnik, V.: The Nature of Statistical Learning Theory. Springer, New York (1995)

    MATH  Google Scholar 

  13. Campbell, C., Cristianini, N.: Simple learning algorithms for training support vector machines, Technical report, University of Bristol (1998)

    Google Scholar 

  14. Pontil, M., Verri, A.: Properties of Support Vector Machines, A.I. Memo No. 1612; CBCL paper No. 152, Massachusetts Institute of Technology, Cambridge (1997)

    Google Scholar 

  15. Cristianini, N.: An Introduction to Support Vector Machines. Cambridge University Press, Cambridge (2000)

    Google Scholar 

  16. Byun, H., Lee, S.W.: A Survey on Pattern Recognition Applications of Support Vector Machines. International Journal of Pattern Recognition and Artificial Intelligence 17(3), 459–486 (2003)

    Article  Google Scholar 

  17. Heller, K.A., Svore, K.M., Keromytis, A., Stolfo, S.J.: One Class Support Vector Machines for Detecting Anomalous Windows Registry Accesses. In: the proceedings of the workshop on Data Mining for Computer Security, pp. 2–9 (2003)

    Google Scholar 

  18. Hu, W., Liao, Y., Vemuri, V.R.: Robust Support Vector Machines for Anamoly Detection in Computer Security. In: International Conference on Machine Learning, Los Angeles, CA (July 2003)

    Google Scholar 

  19. Sung, A.H., et al.: Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks. In: Proc SAINT, pp. 209–217 (2003)

    Google Scholar 

  20. Lincoln Laboratory, MIT, DARPA Intrusion Detection Evaluation (1999)

    Google Scholar 

  21. Mitchell, M.: An Introduction to Genetic Algorithms. MIT Press, Cambridge (2002)

    Google Scholar 

  22. Joachmims, T.: mySVM - a Support Vector Machine, University Dortmund (2002)

    Google Scholar 

  23. Chang, C.C.: LIBSVM: a library for support vector machines (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center for Information Security Technologies/Graduate School of Information Security, Korea University, Anamdong, Sungbukgu, Seoul, 138-701, Korea

    Taeshik Shon & Jongsub Moon

  2. National Security Research Institute, 62-1 Hwaam-dong, Yuseong-gu, Daejeon, 305-348, Republic of Korea

    Jungtaek Seo

Authors
  1. Taeshik Shon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jungtaek Seo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jongsub Moon
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Engineering, Boğaziçi University, 34342, Bebek, Istanbul, Turkey

    pInar Yolum  & Can Özturan  & 

  2. Computer Engineering Department, Boğaziçi University, 34342, Bebek, İstanbul, Turkey

    Tunga Güngör

  3. Computer Engineering Department, Bogazici University, 80815, Bebek, Istanbul, Turkey

    Fikret Gürgen

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Shon, T., Seo, J., Moon, J. (2005). SVM Approach with a Genetic Algorithm for Network Intrusion Detection. In: Yolum, p., Güngör, T., Gürgen, F., Özturan, C. (eds) Computer and Information Sciences - ISCIS 2005. ISCIS 2005. Lecture Notes in Computer Science, vol 3733. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11569596_25

Download citation

  • DOI: https://doi.org/10.1007/11569596_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29414-6

  • Online ISBN: 978-3-540-32085-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation