The Application And Research Of SVM Based Network Intrusion Detection

The increase in the usage of the Internet has brought about an increase in attempts to compromise network security.Within network security,there is the task of intrusion detection.Intrusion detection is a classification task that attempts to discern if a given request for network service is an intrusion attempt or a safe request.One of the most popular intrusion detection toolkits is SNORT.While successful,SNORT currently relies on security administrators to fine tune and configure the detection system.Since the creation of the 1999 KDD Cup network intrusion data set,several machine learning approaches to this task have been found to be successful.Support Vector Machine( SVM) is developed with the research of Statistical Learning Theory (SLT) and it is a classification and prediction algorithm based on Structural Risk Minimum (SRM) Theory. SVM Theory lies on SLT's VC theory and SRM theory, and compromises limited sample information and the complexity of model so as to get the maximum generality,it is a machine study method with good performance when the sample size is small.With this feature of SVM, SVM algorithm in the stage of intrusion detection is proposed.In the network intrusion detection, when the use of training sets with uneven class sizes results in classification biases towards the class with the large training size. The main causes lie in that the penalty of misclassification for each training sample is considered equally. Weighted support vector machines for classification where penalty of misclassification for each training sample is different, and then the classification accuracy for the class with small training size is improved, and overcomes the drawback which standard support vector machine algorithm can not deal with this sample flexibly,and improves the generalizing ability with given less prior knowledge,but this improvement is obtained at the cost of the possible decrease of classification accuracy for the class with large training size and the possible decrease of the total classification accuracy. In this paper, C language to code the data pretreatment in Linux platform is used,and use matlab language to code Weighted SVM, KDD Cup 1999 Data intrusion detection test data set as the training and testing data.This paper applies WSVM algorithm in the stage of intrusion detection and apply it to treat the continuous and discrete data together with KDD Cup 1999 Data ,and compare the new method with other approaches.Then simulation results express this method has better detection rate,overall accuracy,has robust false positive rate and false negative ratio with less training sample size. the experiment results prove it is effective and efficient.