Application Of Support Vector Machine In Intrusion Detection System

Intrusion Detection System (IDS) as a active security tool provides immediate protection against internal attack, misoperation and external attack. It alerts, blocks and responds before the network and system are ruined. IDS can be considered as a classification issue, which classifies the given audit data. Support vector machine (SVM) based on statistical learning theory is a machine learning method. Its results achieve better classification in the lack of prior knowledge.As the interface operation system provides for application to access, the condition of system calls reflect the behavior character of application in a certain extent. System calls can indicate the intrusion of application. So, we can use system calls short sequences as input vectors of support vector machine then do classification. By this way, we use support vector machine in intrusion detection system.We find that the difference of classification accuracy between different kernels. In this paper, we use a new kernel mixed different kernels in intrusion detection system based on SVM. By this way, we get better and more stable classification accuracy. Because of uneven distribution of training samples, this paper uses weighted SVM algorithm in intrusion detection system. This method enhances the detection rate. It meets the concerns of small class of intrusion detection system. At the decision period, this paper proposes a decision method based on the weight of abnormal system calls. At first, it gets the weights of abnormal system call in the system traces of training set. Then, calculates each short sequence and gets the threshold. At last, classifies the test set and uses the result modify the results of support vector machine. The experiment shows that results have better accuracy of classification and lower percentage of false report.