Intrusion detection system (IDS) is becoming a critical component of network security. However,
the performance of many proposed intelligent intrusion detection models is still not competent to be applied to
real network security. This paper aims to explore a novel and effective approach to significantly improve the
performance of IDS. An intrusion detection model with twin support vector machines (TWSVMs) is proposed.
In this model, an efficient algorithm is also proposed to determine the parameter of TWSVMs. The performance
of the proposed intrusion detection model is evaluated with KDD’99 dataset and is compared with those of some
recent intrusion detection models. The results demonstrate that the proposed intrusion detection model achieves
remarkable improvement in intrusion detection rate and more balanced performance on each type of attacks.
Moreover, TWSVMs consume much less training time than standard support vector machines (SVMs).
HE Jun* (何俊), ZHENG Shi-hui (郑世慧)
. Intrusion Detection Model with Twin Support Vector Machines[J]. Journal of Shanghai Jiaotong University(Science), 2014
, 19(4)
: 448
-454
.
DOI: 10.1007/s12204-014-1524-4
[1] Sperotto A, Schaffrath G, Sadre R, et al. An overview of IP flow-based intrusion detection [J]. IEEE Communications Surveys & Tutorials, 2010, 12(3):343-356.
[2] Li P, Salour M, Su X. A survey of Internet worm detection and containment [J]. IEEE Communications Surveys & Tutorials, 2008, 10(1): 20-35.
[3] Zhang J, Zulkernine M, Haque A. Randomforests-based network intrusion detection systems [J].IEEE Transactions on System, Man, and Cybernetics.Part C: Applications and Reviews, 2008, 38(5): 649-659.
[4] Lee W, Stolfo S J, Mok K W. A data mining framework for building intrusion detection models[C]//Proceedings of the 1999 IEEE Symposium on Security and Privacy. Oakland, USA: IEEE, 1999: 120-132.
[5] Koc L, Mazzuchi T A, Sarkani S. A network intrusion detection system based on a hidden Na¨?ve bayes multiclass classifier [J]. Expert Systems with Applications,2012, 39(18): 13492-13500.
[6] Wang G, Hao J, Ma J, et al. A new approach to intrusion detection using artificial neural networks and fuzzy clustering [J]. Expert Systems with Applications,2010, 37(9): 6225-6232.
[7] Shon T, Kovah X, Moon J. Applying genetic algorithm for classifying anomalous TCP/IP packets [J].Neurocomputing, 2006, 69(16-18): 2429-2433.
[8] Tsai C F, Lin C Y. A triangle area based nearest neighbors approach to intrusion detection [J]. Pattern Recognition, 2010, 43(1): 222-229.
[9] Lin S W, Ying K C, Lee C Y, et al. An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection [J]. Applied Soft Computing, 2012, 12(10): 3285-3290.
[10] Nie W, He D. A probability approach to anomaly detection with twin support vector machines [J]. Journals of Shanghai Jiaotong University (Science), 2010,15(4): 385-391.
[11] Jayadeva, Khemchandani R, Chandra S. Twin support vector machines for pattern classification [J].IEEE Transactions on Pattern Analysis and Machine Intelligence, 2007, 29(5): 905-910.
[12] Mangasarian O L. Nonlinear programming [M].Philadelphia, USA: SIAM, 1994: 131-145.
[13] Kramer K A, Hall L O, Goldgof D B, et al. Fast support vector machines for continuous data [J]. IEEE Transactions on System, Man, and Cybernetics. Part B: Cybernetics, 2009, 39(4): 989-1001.
[14] Lin S W, Lee Z J, Chen S C, et al. Parameter determination of support vector machines and feature selection using simulated annealing approach [J]. Applied Soft Computing, 2008, 8(4): 1505-1512.
[15] Sch¨olkopf B, Smola A J. Learning with kernels:Support vector machines, regularization, optimization and beyond [M]. London, England: MIT Press, 2001:25-60.
[16] UCI Knowledge Discovery in Databases Archive. KDD cup’99 data set [EB/OL]. (1999-10-28) [2013-02-25].http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
[17] Sung A H, Mukkamala S. Identifying important features for intrusion detection using support vector machines and neural networks [C]// Proceedings of the 2003 Symposium on Applications and the Internet (SAINT’03). Orlando, USA: IEEE, 2003: 209-216.
[18] Sheikhan M, Jadidi Z, Farrokhi A. Intrusion detection using reduced-size RNN based on feature grouping [J]. Neural Computing & Applications, 2012, 21(6):1185-1190.
[19] Peng X. Building sparse twin support vector machine classifiers in primal space [J]. Information Sciences,2011, 181(18): 3967-3980.
