Biased Support Vector Machines and Kernel Methods for Intrusion Detection
نویسندگان
چکیده
This paper describes results concerning the robustness and generalization capabilities of kernel methods in detecting intrusions using network audit trails. We use traditional support vector machines (SVM), biased support vector machine (BSVM) and leave-one-out model selection for support vector machines (looms) for model selection. We also evaluate the impact of kernel type and parameter values on the accuracy of a support vector machine (SVM) performing intrusion classification. Through a variety of comparative experiments, it is found that SVM performs the best for detecting Normal and User to Super User, BSVM performs the best for Denial of Service attacks, and looms based on BSVM performs the best for Probe and Remote to Local. We show that classification accuracy varies with the kernel type and the parameter values; thus, with appropriately chosen parameter values, intrusions can be detected by SVMs with higher accuracy and lower rates of false alarms.
منابع مشابه
Anomaly Detection Using SVM as Classifier and Decision Tree for Optimizing Feature Vectors
Abstract- With the advancement and development of computer network technologies, the way for intruders has become smoother; therefore, to detect threats and attacks, the importance of intrusion detection systems (IDS) as one of the key elements of security is increasing. One of the challenges of intrusion detection systems is managing of the large amount of network traffic features. Removing un...
متن کاملIntrusion Detection in IOT based Networks Using Double Discriminant Analysis
Intrusion detection is one of the main challenges in wireless systems especially in Internet of things (IOT) based networks. There are various attack types such as probe, denial of service, remote to local and user to root. In addition to known attacks and malicious behaviors, there are various unknown attacks that some of them have similar behavior with respect to each other or mimic the norma...
متن کاملIntrusion Detection Using a New Particle Swarm Method and Support Vector Machines
Intrusion detection is a mechanism used to protect a system and analyse and predict the behaviours of system users. An ideal intrusion detection system is hard to achieve due to nonlinearity, and irrelevant or redundant features. This study introduces a new anomaly-based intrusion detection model. The suggested model is based on particle swarm optimisation and nonlinear, multi-class and multi-k...
متن کاملRemote Sensing and Land Use Extraction for Kernel Functions Analysis by Support Vector Machines with ASTER Multispectral Imagery
Land use is being considered as an element in determining land change studies, environmental planning and natural resource applications. The Earth’s surface Study by remote sensing has many benefits such as, continuous acquisition of data, broad regional coverage, cost effective data, map accurate data, and large archives of historical data. To study land use / cover, remote sensing as an effic...
متن کاملIntrusion Detection Using the Support Vector Machine Enhanced with a Feature-weight Kernel
With the popularization of the Internet and local networks, malicious attacks and intrusion events to computer systems are growing. The design and implementation of intrusion detection systems are becoming extremely important in helping to maintain proper network security. Support Vector Machines (SVM) as a classic pattern recognition tool, have been widely used in intrusion detection. However,...
متن کامل