| With the development of computer network technology, in the transportation field, computer network has been extensively used. With the popularization and application of computer network, more and more attentions are being focused on the networking security, as one of the most important content of networking security, IDS attracted attentions from all over the world.There are many defects in traditional intrusion detection methods such as false negatives, false positives etc., which need amounts of training data and long time to get good detection performance. So it is meaningful to find a method which can detect attacks by small amount training data in short time.Through the analysis of current intrusion detection methods and characteristic of support vector machine (SVM), this paper tries to apply SVM as classifying means to network intrusion detection field.By analyzing traditional C-SVM, we found that it is over-dependent on every training sample, even if the samples are multi-duplicate. This dependence would result in more time for training and more support vectors. More support vectors result in more time for classifying new samples. In order to overcome this dependence, we propose AW-SVM (Auto-Weighted Support Vector Machine). Considering C-SVM does not take into account the different importance of training samples, we propose a WC-SVM algorithm, it introduces weight factors of classes and importance factors of training samples to C-SVM and decreases the probability of misclassifying important samples. Combining the characteristic of network data, we revised the kernel function of SVM,According to the changed algorithm and kernel, we designed one SVM-based classifier for intrusion detection, and tested the classifier. Experiment shows that the speed of training and classifying is very high, and it is very good and suitable for networking intrusion detection.
|
PDF Full Text Request