Intrusion Detection Using a Hybrid Support Vector Machine Based on Entropy and Tf-idf
نویسندگان
چکیده
The main functions of an Intrusion Detection System (IDS) are to protect computer networks by analyzing and predicting the actions of processes. Though IDS has been developed for many years, the large number of alerts makes the system inefficient. In this paper, we proposed a classification method based on Support Vector Machines (SVM) with a weighted voting schema to detect intrusions. First, the entropy and TF-IDF (term frequency and inverse documents frequency) features are extracted from processes. Next, entropy and TF-IDF features are sent to the SVM model for learning and testing. Finally, we use a voting schema named Weighted Voting SVM (WV-SVM) to determine whether a process is an intrusion. Our experiments demonstrate improved efficiency.
منابع مشابه
Application of SVM and ANN for intrusion detection
The popularization of shared networks and Internet usage demands increases attention on information system security, particularly on intrusion detection. Two data mining methodologies—Arti6cial Neural Networks (ANNs) and Support Vector Machine (SVM) and two encoding methods—simple frequency-based scheme and tf×idf scheme are used to detect potential system intrusions in this study. Our results ...
متن کاملAnomaly Detection Using SVM as Classifier and Decision Tree for Optimizing Feature Vectors
Abstract- With the advancement and development of computer network technologies, the way for intruders has become smoother; therefore, to detect threats and attacks, the importance of intrusion detection systems (IDS) as one of the key elements of security is increasing. One of the challenges of intrusion detection systems is managing of the large amount of network traffic features. Removing un...
متن کاملHybrid Approach for Detection of Anomaly Network Traffic using Data Mining Techniques
Anomaly based Intrusion Detection System (IDS) is getting popularity due to its adaptability to the changes in the behavior of network traffic as it has the ability to detect the new attacks. As it is very difficult to set any predefined rule for identifying correctly attack traffic since there is no major difference between normal and attack traffic. In this paper, Anomaly traffic detection sy...
متن کاملA Text Mining-based Anomaly Detection Model in Network Security
Anomaly detection systems are extensively used security tools to detect cyber-threats and attack activities in computer systems and networks. In this paper, we present Text Mining-Based Anomaly Detection (TMAD) model. We discuss n-gram text categorization and focus our attention on a main contribution of method TF-IDF (Term frequency, inverse document frequency), which enhance the performance c...
متن کاملراهکار ترکیبی نوین جهت تشخیص نفوذ در شبکههای کامپیوتری با استفاده از الگوریتم-های هوش محاسباتی
In this paper, a novel hybrid method is proposed for intrusion detection in computer networks using combination of misuse-based and anomaly-based detection models with the aim of performance improvement. In the proposed hybrid approach, a set of algorithms and models is employed. The selection of input features is performed using shuffled frog-leaping (SFL) algorithm. The misuse detection modul...
متن کامل