Research On Intrusion Detection System Based On Multi-class Support Vector Machine

The intrusion detection technology has become an essential technology in the information security, which becomes a new hot spot of the network security in recent years. The high-speed development of Internet has proposed a new challenge in intrusion detection technology that in the existing invasion examination systems mostly based on the rule examination the detection speed is slow and detection precision is not high. The support vector machine solves this kind of problem well,but during the process of SVM being applied in IDS, there are still a lot of problems to solve.While the intrusion datasets is very large, conventional Support Vector Machine(SVM) learning algorithm becomes remarkably slow.This thesis presents an algorithm which based on unsupervised clustering(UC) and Simple Distance Comparison Algorithm(SDCA) to pre-select the SVM training data.The algorithm abandons some similar data for the purpose of reducing the number of training and raising the training and detecting speed.Currently when SVM is used in intrusion detection, mostly treat it as a binary-class problem(regular or abnormal),but this already can't meet the need of multi-class detection.This thesis presents a new method of two-layer multi-calss SVM classification and an Auto-Weighted SVM Algorithm in it, which is based on the fact that the number of the regular data is much larger than the abnormal data and only needs three classifications to solve the problem, effectively rasing the training and detectiong speed.And the AW-SVM is presented to solve the problem that the decline of the classification capability because of decreasing of the training data in the pre-select algorithm. The algorithm assigns the proper weight,based on the weight value from the pre-select algorithm,to the representative points in order to minimize the precison loss.Finally,this thesis presents a new increasing learning algorithm which is based on the clustering result from the pre-select algorithm to increase the effect of the increment learning.Comparing to normal technology of data classification,the technology has distinct advantages:on the one hand,it takes full advantage of historic training result;on the other hand,it reduces subsequence training time remarkably.Using KDD99 data sets,the experiments show that these approachs and algorithms can improve the efficiency of training and detecting while keeping high detect capability in intrusion detection system.