The Research Of Intrusion Detection Based On Support Vector Approach

With the extensive application of computer technology and Internet technology, computer viruses, network attacks and other security threats are getting intense; people in increasing numbers are concerned with the information security. There are more severe challenges in current technology. And authentication, intrusion detection, virus detection and other network security have become hot topics today.Support Vector Machine is a novel method of pattern recognition developed from statistical learning theory, which has unmatched excellences by other machine learning methods, for instance: structural risk minimization, the overall uniqueness of the solution, the promotion of good and high-dimensional nonlinear model, and also showed good results. In this paper, we will use support vector machines in the area of intrusion detection and virus detection. Experimental results show that the SVM algorithms are promising. The paper is divided into two areas: first is using SVM algorithms for user's keystroke sequences recognition, second is using support vector machines to detect Windows Registry's abnormal access.Firstly, the host-based intrusion detection based on support vector approach and keystroke sequences. Previous works in this area had shown that the keystroke sequences authenticate a user as a real possibility, in which case it could be used as an authentication method. And besides, keystroke sequences have more merits and provide a better protection than the traditional method-password protection. Many algorithms have been proposed for the identification of the keystroke sequences, probabilistic, neural networks, and so forth. This paper proposed support vector machine algorithm for the reorganization of user's keystroke sequences. According to this algorithm, only a few sample cases of keystroke characteristics are needed to establish a detection model and the model has an excellent recognition rate.Secondly, the application of support vector machines for the unusual access system identification of important documents. Since signatures include various attributes, such as file name, content and the feature string, early detection of malicious procedures in major applications detected the these signature features. These methods are based on the knowledge of the virus, and it is impossible to get these features of unknown virus. Therefore, the unknown viruses were not detected by traditional method. To address this problem, we use Support Vector Machine system to establish the normal access model, which could detect the unmoral access, detect an unknown virus and find intrusion attacks. The challenge in malware detection is how to design a detection system to detect unknown malware. Many algorithms are used to solve the problem: neural networks, RIPPER inductive learning methods etc. In this paper, we use Windows Registry as a source of information to establish anomaly detection model. By using incremental support vector machine, the results showed that incremental support vector machine achieved a high detection rate and reduced training time efficiently.