Intrusion Detection Technology Based On Support Vector Machine

As an active defense strategy, the intrusion detection technology is playing a more and more important role in the network security. It has effectively made up the traditional static defense methods. Because of the complexity and the multiplicity of the intrusion methods, the definite functional relation of the intrusion behaviors and the network connection records has not been found. By all means, the function could be approximated and assessed with the help of the machine learning method.Support Vector Machine (SVM) is one kind of the machine learning technologies based on the Statistic Learning Theory (SLT). Combining the Maximal Margin Principle and the Kernel Function Theory, it has effectively solved the difficult problems which have perplexed the machine learning researchers for a long time, such as small-sample, high-dimension, nonlinear, over-fitting, local optimal solution, etc. If we adopt it into the field of intrusion detection, a satisfying performance could be guaranteed.This paper introduced SLT into the research of intrusion detection. We explored some intelligent detection tactics on the basis of SVM, finding the algorithm had excellent generalization ability. It can process the heterogeneous network connection records directly owing to the improved Radical Basis Function (RBF) in which the norm within the kernel function was replaced with a Heterogeneous Value Difference Metric (HVDM) distance. Taking advantage of the guaranteed estimators, we worked out a solution to determine the size of the training set avoiding blind estimations only via experiments. A sample-weighted thought was introduced for some important samples and duplicated samples, decreasing the probability of misclassifying. Considering the fact that each feature of the network connection records has different effect on the detection result, we put forward a feature-selected method and a feature-weighted method respectively, so as to get a preferable classifying hyper-plane and improve the efficiency and precision.Results from preliminary experiments on the KDD CUP99 network data indicated that all the methods were effective and efficient.