Open Access
Subscription Access
Network Based Anomaly Intrusion Detection System Using SVM
The security and integrity of a computer system is compromised when an intrusion occurs. It becomes impossible for legitimate users to access different network services when network-based attacks purposely occupy or sabotage network resources and services. Our proposed method is a scalable detection method for network based anomalies. We use Support Vector Machines (SVM) for classification. This paper presents a method for enhancing the training time of SVM, particularly when dealing with large data sets, using hierarchical clustering technique. We use the Dynamically Growing Self-Organizing Tree (DGSOT) algorithm for clustering because it has proved to overcome the problems of traditional hierarchical clustering algorithms (e.g., hierarchical agglomerative clustering). Clustering analysis helps to find the boundary points, which are the most qualified data points to train SVM, between any two classes. We present a new approach of combination of SVM and DGSOT, which begins with an initial training set and expands it gradually using the clustering structure produced by the DGSOT algorithm. We show that our proposed variations contribute significantly in improving the training process of SVM with high percentage of detection accuracy.
Keywords
SVM, Classification, Intrusion Detection, Intrusion Detection System, Network Security
User
Information
- Anderson D, Frivold T and Valdes A (1995) Nextgeneration intrusion detection expert system (NIDES) a summary. Technical Report SRI-CSL-95-07. Computer Sci.Laboratory, SRI Intl. Menlo Park.
- Bivens A, Palagiri C, Smith R, Szymanski B and EmbrechtsM (2002) Intelligent engineering systems through artificial neural networks. Proc. ANNIE-2002, vol. 12, pp. 579–584.
- Balcazar JL, Dai Y and Watanabe O (2001) A random sampling technique for training support vector machines for primal-form maximal-margin classifiers, algorithmic learning theory. Proc. 12th Intl. Conf., ALT, pp: 119.
- Girardin L and Brodbeck D (1998) A visual approach or monitoring logs. Proc. 12th System Administration Conf. (LISA 98). pp: 299–308.
- Ilgun K, Kemmerer RA and Porras PA (1995) State transition analysis: A rule-based intrusion detection approach. IEEE Trans. Software Eng. 21(3), 181–199.
- Lee W and Stolfo SJ (2000) A framework for constructing features and models for intrusion detection systems. ACM Trans. Inform. Syst. Security. 3(4), 227– 261.
- Marchette D (1999) A statistical method for profiling network traffic. In: Proc. of the First USENIX Workshop on Intrusion Detection and Network Monitoring. pp:119– 128.
- McCanne S, Leres C and Jacobson V (1989) Libpcap. available via anonymous ftp at ftp://ftp.ee.lbl.gov/
- Lippmann R, Graf I, Wyschogrod D, Webster SE, Weber DJ and Gorton S (1998) The 1998 DARPA/AFRL off-line intrusion detection evaluation. In: Proc. of the First Intl. Workshop on Recent Advances in Intrusion Detection (RAID).
- Stolfo SJ, Lee W, Chan PK, Fan W and Eskin E (2001) Data miningbased intrusion detectors: an overview of the Columbia IDS project. ACM SIGMOD Record.30(4),5–14.
- Tufis D, Popescu C and Rosu R (2000) Automatic classification of documents by random sampling. Proc. Romanian Acad. Ser.1(2), 117–127.
- Upadhyaya S, Chinchani R and Kwiat K (2001) An analytical framework for reasoning about intrusions. In: Proc. IEEE Symposium on Reliable Distributed Systems. pp:99–108.
- Wang K and Stolfo SJ (2003) One class training for masquerade detection. In: Proc. 3rd IEEE Conf. Data Mining Workshop on Data Mining for Computer Security.
- Yu H, Yang J and Han J (2003) Classifying large data sets using SVM with hierarchical clusters. In: Proc. SIGKDD 2003. pp: 306–315.
- Zhang T, Ramakrishnan R and Livny M (1996) BIRCH: an efficient data clustering method for very large databases. Proc. SIGMOD Conf. pp:103–114.
Abstract Views: 492
PDF Views: 105