Intrusion Detection Based On Support Vector Machines And Active Learning

With the popularity of the computer and internet, information security has gain more and more focus. Intrusion detection is a succeeding protection method after some traditional security method. It tries to find out current intrusion with some techniques. As a consequent, the safety of the target system gets great improvement.Intrusion detection based on machine learning has been an active and difficult research topic in the field of network security. It establish the detection model through getting information from training data, which is for separating normal state from intrusion state. However, there still exist some unresolved and scarcely addressed problems such as the difficulties in obtaining adequate qualified attack data for the classifiers to model the attack patterns, the data acquisition task is always time consuming and greatly relies on the domain experts, etc.Support Vector Machines is a distinguish model with great generalization ability, and is the pattern recognition research focus recently. Based on these, we propose an intrusion detection method based on SVM. Moreover, the active learning method was introduced to select the most qualified data for training and thus assist SVM effectively in fulfilling the intrusion detection task. The main content of study involved in this paper as fellows:1. Studies on the various aspect of intrusion detection based on SVM, including pre-processing, training algorithm and response. The influence of kernel function, publish constant and training set size on detection performance were analyzed through the experiment. And the results indicate that only a small fraction of training samples is helpful in establishing the detection model.2. Discuss the initial training set construction method and query function in SVM active learning. And an improved SVM active learning algorithm was proposed. It constructs the initial training set through kernel-based clustering, with the scheme of probabilistic query based on the distance criteria as the rule of active sample selecting.3. In order to solve the difficulties such as obtaining adequate attack data for the classifiers to model the attack patterns and costly sample annotation, an intrusion detection method based on SVM active learning was proposed. The experiment result shows that our method can reduce training samples under the same performance.