Comparison Between SVM and Back Propagation Neural Network in Building IDS

  • Nguyen Dai Hai
  • Nguyen Linh Giang
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 240)


Recently, applying the novel data mining techniques for anomaly detection-an element in Intrusion Detection System has received much research alternation. Support Vector Machine (SVM) and Back Propagation Neural (BPN) network has been applied successfully in many areas with excellent generalization results, such as rule extraction, classification and evaluation. In this paper, we use an approach that is entropy based analysis method to characterize some common types of attack like scanning attack. A model based on SVM with Gaussian RBF kernel is also proposed here for building anomaly detection system. BPN network is considered one of the simplest and most general methods used for supervised training of multilayered neural network. The comparative results show that with attack scenarios that we create and through the differences between the performance measures, we found that SVM gives higher precision and lower error rate than BPN method.


Back propagation neural network Denial of service Entropy RBF kernel Support Vector Machine 


  1. 1.
    Nychis G, Sekar V, Andersen DG, Kim H, Zhang H (2008) An empirical evaluation of entropy-based traffic anomaly detection. In: Proceedings of the 8th ACM SIGCOMM conference on internet measurementGoogle Scholar
  2. 2.
    Yuan, SF, Chu FL (2006) Support vector machine based on fault diagnosis for turbo-pump rotor. Mech Syst Signal Process 20:939–952 Google Scholar
  3. 3.
    Ben-Hur A, Weston J (2010) A user’s guide to support vector machines. Methods Mol Biol 609:223–239Google Scholar
  4. 4.
    The bzip2 and libbzip2 official home page.
  5. 5.
    The gzip home page.
  6. 6.
  7. 7.
    Randall SS, Dorsey RE (2000) Reliable classification using neural networks: a genetic algorithm and back propagation comparison. Decis Support Syst 30:11–22CrossRefGoogle Scholar
  8. 8.
  9. 9.
    Liao Y, Vermuri VR (2002) Use of k-nearest neighbor classifier for intrusion detection. Comput Secur 21:439–448CrossRefGoogle Scholar
  10. 10.
    Chang CC, Lin CJ (2009) LIBSVM: a library for support vector machines. Software available at 18 Nov 2009
  11. 11.
    Fausett L (1994) Fundamentals of neural networks: architectures, algorithms and applications. Prentice-Hall, New JerseyGoogle Scholar

Copyright information

© Springer Science+Business Media Dordrecht(Outside the USA) 2013

Authors and Affiliations

  1. 1.School of Information and Communication TechnologyHanoi University of Science and TechnologyHanoiVietnam
  2. 2.Department of Communication and Computer NetworksHanoi University of Science and TechnologyHanoiVietnam

Personalised recommendations