Network Anomaly Classification by Support Vector Classifiers Ensemble and Non-linear Projection Techniques

  • Eduardo de la Hoz
  • Andrés Ortiz
  • Julio Ortega
  • Emiro de la Hoz
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8073)


Network anomaly detection is currently a challenge due to the number of different attacks and the number of potential attackers. Intrusion detection systems aim to detect misuses or network anomalies in order to block ports or connections, whereas firewalls act according to a predefined set of rules. However, detecting the specific anomaly provides valuable information about the attacker that may be used to further protect the system, or to react accordingly. This way, detecting network intrusions is a current challenge due to growth of the Internet and the number of potential intruders. In this paper we present an intrusion detection technique using an ensemble of support vector classifiers and dimensionality reduction techniques to generate a set of discriminant features. The results obtained using the NSL-KDD dataset outperforms previously obtained classification rates.


Feature Selection Intrusion Detection Anomaly Detection Intrusion Detection System Attack Type 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chandola, V., Banerjee, A., Kumar, V.: Anomaly detection: a survey. ACM Computing Surveys 41(3) (2009)Google Scholar
  2. 2.
    Hoffman, A., Schimitz, C., Sick, B.: Intrussion detection in computer networks with neural and fuzzy classifiers. In: Kaynak, O., Alpaydın, E., Oja, E., Xu, L. (eds.) ICANN 2003 and ICONIP 2003. LNCS, vol. 2714, pp. 316–324. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Network Security Lab - Knowledge Discovery and Data Mining (NSL-KDD) (2007),
  4. 4.
    Tavallaee, M., Stakhanova, N., Ghorbani, A.: Toward credible evaluation of anomaly-based intrusion-detection methods. Trans. Sys. Man Cyber Part C 40, 516–524 (2010)CrossRefGoogle Scholar
  5. 5.
    Kayacik, H., Zincir-Heywood, A., Heywood, M.: A hierarchical som-based intrusion detection system. Journal Engineering Applications of Artificial Intelligence 20(4), 439–451 (2007)CrossRefGoogle Scholar
  6. 6.
    Eskin, E., Arnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data. In: Applications of Data Mining in Computer Security. Kluwer (2002)Google Scholar
  7. 7.
    Theodoridis, S., Koutroumbas, K.: Pattern Recognition. Academic Press (2009)Google Scholar
  8. 8.
    Müller, K., Mika, S., Ratsch, G., Tsuda, B., Schölkopf, B.: An introduction to kernel-based learning algorithms. IEEE Transactions on Neural Networks 12(2), 181–201 (2003)CrossRefGoogle Scholar
  9. 9.
    Tenenbaum, J., de Silva, V., Langford, J.: A global geometric framework for nonlinear dimensionality reduction. Science 290, 2319–2323 (2000)CrossRefGoogle Scholar
  10. 10.
    Turk, M., Pentland, A.: Eigenfaces for recognition. Journal of Cognitive Neuroscience 3(1), 71–86 (1992)CrossRefGoogle Scholar
  11. 11.
    Vapnik, V.N.: Statistical Learning Theory. Wiley-Interscience (1998)Google Scholar
  12. 12.
    Bottou, L., Cortes, C., Denker, J., Drucker, H., Guyon, I., Jackel, L., LeCun, Y., Muller, U., Sackinger, E., Simard, P., Vapnik, V.: Comparison of classifier methods: A case study in handwriting digit recognition. In: Proc. International Conference on Pattern Recognition, pp. 77–87 (1994)Google Scholar
  13. 13.
    Bredensteiner, E., Bennett, K.: Multicategory classification by support vector machines. Computational Optimization and Applications 12(1-3), 53–79 (1999)MathSciNetzbMATHCrossRefGoogle Scholar
  14. 14.
    Lippmann, R., Fried, D., Graf, I., Haines, J., Kendball, K., McClung, D., Weber, D., Webster, S., Wyschgrod, D., Cuningham, R., Zissman, M.: Evaluating intrusion detection systems: the 1998 darpa off-line intrusion detection evaluation. Descex 2, 1012–1027 (2000)Google Scholar
  15. 15.
    McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 darpa instrusion detection systems evaluation as performed by lyncoln laboratory. ACM Transactions on Information and Systems Security 3(4), 262–294 (2000)CrossRefGoogle Scholar
  16. 16.
    Panda, M., Abraham, A., Abraham, M.: Discriminative multinomial naïve bayes for network intrusion detection. In: 6th Conference on Information Assurance and Security, IAS (2010)Google Scholar
  17. 17.
    Nziga, J.: Minimal dataset for network intrusion detection systems via dimensionality reduction. In: 6th International Conference on Digital Information Management, ICDIM (2011)Google Scholar
  18. 18.
    Tavallaee, M., Bagheri, E., Wei, L., Ghorbani, A.: A detailed analysis of the kddcup 1999 dataset. In: Proceedings of the IEEE International Symposium on Computational Intelligence in Security and Defense Applications CISDA (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Eduardo de la Hoz
    • 1
    • 3
  • Andrés Ortiz
    • 2
  • Julio Ortega
    • 1
  • Emiro de la Hoz
    • 1
    • 3
  1. 1.Computer Architecture and Technology DepartmentCITIC University of GranadaGranadaSpain
  2. 2.Department of Communications EngineeringUniversity of MálagaMálagaSpain
  3. 3.Systems Engineering ProgramUniversidad de la CostaBarranquillaColombia

Personalised recommendations