An Intrusion Detection Method Based On LLE And BVM

With the rapid development of computer technology and the increasing popularity of the Internet, abundant network resources bring not only a great convenience to people, but also network security. Intrusion detection technology is a necessary means to ensure computer security. With the increasing complexity, diversification and automation of network intrusion tools, traditional intrusion detection technology can not fully meet current security needs. Based on the above background, this paper, introducing machine learning to intrusion detection system, carried out network intrusion detection work based on machine learning.Intrusion detection is essentially a classification problem. This paper, introducing Locally Linear Embedding algorithm (LLE) and Ball Vector Machine (BVM) into the intrusion detection, proposed intrusion detection method based on LLE and BVM. First, the intrusion detection needs to analysis large of samples of high dimensional data. The method of reducing high-dimensional data is of great importance to reduce training time and testing time of the intrusion detection system, and also is important to improve accuracy of the system. LLE algorithm can filter the noise of the intrusion detection data, and extract the main features of each data, thereby reducing the dimensions of intrusion detection data, as a result, the classification model training time and classification time can be effectively reduced; Second, intrusion detection system needs to construct a good classifier model, a good model for improving the detection accuracy and detection speed is of great significance. Ball Vector Machine (BVM) is classification learning algorithm developed recently in machine learning. By reformulating Support Vector Machine's QP as a minimum enclosing ball (MEB) problem, it obtains the support vectors by solving the MEB. This avoids the Support Vector Machine's problem of slow convergence on large-scale data. Therefore, BVM is an algorithm having the same precision but faster than Support Vector Machine; finally, based on CIDF general intrusion detection model, we proposed the improved model based on LLE and BVM. Through doing a lot of experiments on KDDCUP'99 data set, we demonstrated the effectiveness of this method. Experiment results show that the proposed method has a certain increase in detection rate, and the false alarm rate and detection time are improved significantly.