Study On Support Vector Machine And Its Application In Intrusion Detection

With the popularization of the computer network application, more and more importance is attached to its security. Intrusion detection can recognize the attacks which attempt to happen, are happening or have happened, and it is a kind of active network security protection measure. It has been widely attentioned by researchers as an important part in the network security field. The existing intrusion detection technologies have the deficiency of higher false positive rate, higher false negative rate, and poor real-time performance. Especially high detection accuracy is usually based on abundant or self-contained training data.Support Vector Machine (SVM) is a kind of small sample machine learning method based on Statistical Learning Theory (SLT). It can avoid over-fitting in terms of Structure Risk Minimization (SRM) principle, so it has better generalization capability. As a convex optimization problem in nature, SVM can obtain the global optimization solution. Besides this, SVM requires less training time, and its computation complexity has nothing to do with data dimension. Applying SVM to intrusion detection can ensure the latter has better classification accuracy even when prior knowledge is deficient, so that the Intrusion Detection System (IDS) has better detection performance.The basic principle and several algorithms of SVM are introduced in this paper. Because misclassification costs of different type aren't always equal in real intrusion detection problem, the SVM_based cost-sensitive learning detection method is presented, as a result the false negative rate of attacks and misclassification rate of higher loss cost attacks become much lower. Because the scale of training samples is usually large, and memory is out of requirements, a SVM-based information fusion method is proposed. The prediction model is obtained by training on the union set of support vectors of several modules. The prediction accuracy, false negative, and false positive are almost equal to the results of the centralized training for independence and identical distribution training and testing samples. The SVM_based information fusion method is applied to distributed network environment, and distributed intrusion detection is realized. The SVM_based distributed intrusion detection prototype system is developed by using RMI technology of Java and Java interface of Libsvm tool. Experiments are done on the KDD Cup 99 data set, and the results show that the SVM_based distributed intrusion detection method has better detection accuracy.