The Research And Application Of Support Vector Machine In Intrusion Detection System

Intrusion detection system (IDS), which is an active defense technology, bridges a gap to classical defense system.However, because of the complexity and variety of intrusion, at present, the function relation between intrusion and data feature of network link information has not been found. It is lerning machine that try to approximate the function relation.Support vector machine (SVM) is a learning machine based on statistic learning theory. It can solve many problems, such as limited sample, nonlinear space, high dimension, local extremum and so on. We put the SVM into IDS, and it can get better detection effect.Based on the deep research to support vector machine theory and its application, we present a classification model based on SVM. Improve this model, and put it into IDS. In combination with IDS' CIDF structure, we present IDS'model based on SVM further. This model includes network data capture module, network link information module, data precondition module, SVM training module, SVM support vector base, event log base and response module.Based on the deep research to series of SVM algorithm and kernel function selection, we improve visible algorithm, select suitable kernel function, adjust parameter, and make it get the best effect. Then, we complish the SVM's binary classification and multi-class classification, take experiment and prove the superiority of SVM classification using KDD CUP'99 data set. In this paper we do dimension reduction to original data with suitable statistical method, such as principal component analysis and factor analysis. On this base, we have presented adaptive feature weighted SVM and put it into data feature selection. In this paper we conbine two algorithm, and put them into our model. Experiment result shows that detection precision has rised obviously, meanwhile, the training time and the test time have also improved variously for both binary classification and multi-class classification. Especially, the training time has reduced sharply. Thus, the system performance has promoted accordingly. On the other hand, adaptive feature weighted, according to factor analysis for training data samples, can get feature weighted factors directly. It has varied the situation of parameter trying. So it makes the process simply.