Model Selection for Kernel Based Intrusion Detection Systems

  • Srinvas Mukkamala
  • A. H. Sung
  • B. M. Ribeiro


This paper describes results concerning the robustness and generalization capabilities of a supervised machine learning method in detecting intrusions using network audit trails. We also evaluate the impact of kernel type and parameter values on the accuracy with which a support vector machine (SVM) performs intrusion classification. We show that classification accuracy varies with the kernel type and the parameter values; thus, with appropriately chosen parameter values, intrusions can be detected by SVMs with higher accuracy and lower rates of false alarms.

Feature selection is as important for intrusion detection as it is for many other problems. We present support vector decision feature selection method for intrusion detection. It is demonstrated that, with appropriately chosen features, intrusions can be detected in real time or near real time.


Support Vector Machine Receiver Operating Characteristic Curve False Alarm Rate Intrusion Detection Support Vector Machine Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Mukkamala, S., Janowski, G., Sung. A.H. (2002) Intrusion Detection Using Neural Networks and Support Vector Machines. Proceedings of IEEE International Joint Conference on Neural Networks 2002, IEEE press, pp. 1702–1707Google Scholar
  2. [2]
    Fugate, M., Gattiker, J.R. (2003) Computer Intrusion Detection with Classification and Anomaly Detection, Using SVMs. International Journal of Pattern Recognition and Artificial Intelligence 17(3): 441–458CrossRefGoogle Scholar
  3. [3]
    Hu, W., Liao, Y., Vemuri., V.R. (2003) Robust Support Vector Machines for Anamoly Detection in Computer Security. International Conference on Machine Learning, pp. 168–174Google Scholar
  4. [4]
    Heller, K.A., Svore, K.M., Keromytis, A.D., Stolfo, S. J. (2003) One Class Support Vector Machines for Detecting Anomalous Window Registry Accesses. In 3rd IEEE Conference Data Mining Workshop on Data Mining for Computer SecurityGoogle Scholar
  5. [5]
    Lazarevic, A., Ertoz, L., Ozgur, A., Srivastava, J., Kumar, V. (2003) A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. In Third SIAM Conference on Data MiningGoogle Scholar
  6. [6]
    Stolfo, J., Wei, F., Lee, W., Prodromidis, A., Chan, P.K. (1999) Cost-based Modeling and Evaluation for Data Mining with Application to Fraud and Intrusion Detection. Results from the JAM ProjectGoogle Scholar
  7. [7]
    Mukkamala, S., Sung, A.H., (2003) Feature Selection for Intrusion Detection Using Neural Networks and Support Vector Machines. Journal of the Transportation Research Board of the National Academics, Transportation Research Record No 1822: 33–39Google Scholar
  8. [8]
    Mukkamala, S., Sung, A.H. (2003) Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligence Techniques. In International Journal on Digital Evidence, IJDE 3Google Scholar
  9. [9]
    Kendall, K. (1998) A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems. Master’s Thesis, Massachusetts Institute of Technology (MIT)Google Scholar
  10. [10]
    Webster, S.E. (1998) The Development and Analysis of Intrusion Detection Algorithms. Master’s Thesis, MITGoogle Scholar
  11. [11]
    Chapelle, O., Vapnik, V. (1999) Model selection for support vector machines. Advances in Neural Information Processing Systems 12Google Scholar
  12. [12]
    Cherkassy, V. (2002) Model complexity control and statistical learning theory. Journal of natural computing 1: 109–133CrossRefGoogle Scholar
  13. [13]
    Cristianini, N., Taylor, J.S. (2000) Support Vector Machines and Other Kernel-based Learning Algorithms. Cambridge, UK: Cambridge University PressGoogle Scholar
  14. [14]
    Egan, J.P. (1975) Signal detection theory and ROC analysis. New York: Academic PressGoogle Scholar

Copyright information

© Springer-Verlag/Wien 2005

Authors and Affiliations

  • Srinvas Mukkamala
    • 1
  • A. H. Sung
    • 1
  • B. M. Ribeiro
    • 2
  1. 1.Department of Computer ScienceNew Mexico TechSocorroUSA
  2. 2.Department of Informatics EngineeringUniversity of CoimbraPortugal

Personalised recommendations