Intrusion Detection Model with Twin Support Vector Machines

doi:10.1007/s12204-014-1524-4

摘要/Abstract

摘要： Intrusion detection system (IDS) is becoming a critical component of network security. However, the performance of many proposed intelligent intrusion detection models is still not competent to be applied to real network security. This paper aims to explore a novel and effective approach to significantly improve the performance of IDS. An intrusion detection model with twin support vector machines (TWSVMs) is proposed. In this model, an efficient algorithm is also proposed to determine the parameter of TWSVMs. The performance of the proposed intrusion detection model is evaluated with KDD’99 dataset and is compared with those of some recent intrusion detection models. The results demonstrate that the proposed intrusion detection model achieves remarkable improvement in intrusion detection rate and more balanced performance on each type of attacks. Moreover, TWSVMs consume much less training time than standard support vector machines (SVMs).

关键词: network security, twin support vector machine (TWSVM), parameter determination

Abstract: Intrusion detection system (IDS) is becoming a critical component of network security. However, the performance of many proposed intelligent intrusion detection models is still not competent to be applied to real network security. This paper aims to explore a novel and effective approach to significantly improve the performance of IDS. An intrusion detection model with twin support vector machines (TWSVMs) is proposed. In this model, an efficient algorithm is also proposed to determine the parameter of TWSVMs. The performance of the proposed intrusion detection model is evaluated with KDD’99 dataset and is compared with those of some recent intrusion detection models. The results demonstrate that the proposed intrusion detection model achieves remarkable improvement in intrusion detection rate and more balanced performance on each type of attacks. Moreover, TWSVMs consume much less training time than standard support vector machines (SVMs).

Key words: network security, twin support vector machine (TWSVM), parameter determination

中图分类号:

TP 309.2

HE Jun* (何俊), ZHENG Shi-hui (郑世慧). Intrusion Detection Model with Twin Support Vector Machines[J]. 上海交通大学学报（英文版）, 2014, 19(4): 448-454.

HE Jun* (何俊), ZHENG Shi-hui (郑世慧). Intrusion Detection Model with Twin Support Vector Machines[J]. Journal of shanghai Jiaotong University (Science), 2014, 19(4): 448-454.

参考文献

[1] Sperotto A, Schaffrath G, Sadre R, et al. An overview of IP flow-based intrusion detection [J]. IEEE Communications Surveys & Tutorials, 2010, 12(3):343-356.
[2] Li P, Salour M, Su X. A survey of Internet worm detection and containment [J]. IEEE Communications Surveys & Tutorials, 2008, 10(1): 20-35.
[3] Zhang J, Zulkernine M, Haque A. Randomforests-based network intrusion detection systems [J].IEEE Transactions on System, Man, and Cybernetics.Part C: Applications and Reviews, 2008, 38(5): 649-659.
[4] Lee W, Stolfo S J, Mok K W. A data mining framework for building intrusion detection models[C]//Proceedings of the 1999 IEEE Symposium on Security and Privacy. Oakland, USA: IEEE, 1999: 120-132.
[5] Koc L, Mazzuchi T A, Sarkani S. A network intrusion detection system based on a hidden Na¨?ve bayes multiclass classifier [J]. Expert Systems with Applications,2012, 39(18): 13492-13500.
[6] Wang G, Hao J, Ma J, et al. A new approach to intrusion detection using artificial neural networks and fuzzy clustering [J]. Expert Systems with Applications,2010, 37(9): 6225-6232.
[7] Shon T, Kovah X, Moon J. Applying genetic algorithm for classifying anomalous TCP/IP packets [J].Neurocomputing, 2006, 69(16-18): 2429-2433.
[8] Tsai C F, Lin C Y. A triangle area based nearest neighbors approach to intrusion detection [J]. Pattern Recognition, 2010, 43(1): 222-229.
[9] Lin S W, Ying K C, Lee C Y, et al. An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection [J]. Applied Soft Computing, 2012, 12(10): 3285-3290.
[10] Nie W, He D. A probability approach to anomaly detection with twin support vector machines [J]. Journals of Shanghai Jiaotong University (Science), 2010,15(4): 385-391.
[11] Jayadeva, Khemchandani R, Chandra S. Twin support vector machines for pattern classification [J].IEEE Transactions on Pattern Analysis and Machine Intelligence, 2007, 29(5): 905-910.
[12] Mangasarian O L. Nonlinear programming [M].Philadelphia, USA: SIAM, 1994: 131-145.
[13] Kramer K A, Hall L O, Goldgof D B, et al. Fast support vector machines for continuous data [J]. IEEE Transactions on System, Man, and Cybernetics. Part B: Cybernetics, 2009, 39(4): 989-1001.
[14] Lin S W, Lee Z J, Chen S C, et al. Parameter determination of support vector machines and feature selection using simulated annealing approach [J]. Applied Soft Computing, 2008, 8(4): 1505-1512.
[15] Sch¨olkopf B, Smola A J. Learning with kernels:Support vector machines, regularization, optimization and beyond [M]. London, England: MIT Press, 2001:25-60.
[16] UCI Knowledge Discovery in Databases Archive. KDD cup’99 data set [EB/OL]. (1999-10-28) [2013-02-25].http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
[17] Sung A H, Mukkamala S. Identifying important features for intrusion detection using support vector machines and neural networks [C]// Proceedings of the 2003 Symposium on Applications and the Internet (SAINT’03). Orlando, USA: IEEE, 2003: 209-216.
[18] Sheikhan M, Jadidi Z, Farrokhi A. Intrusion detection using reduced-size RNN based on feature grouping [J]. Neural Computing & Applications, 2012, 21(6):1185-1190.
[19] Peng X. Building sparse twin support vector machine classifiers in primal space [J]. Information Sciences,2011, 181(18): 3967-3980.