Application Of Support Vector Machine To Network Intrusion Detection

Network Intrusion Detection (NID) is a significant technology of network security. The current intrusion detection largely depends on experts'experience and knowledge, which is not a preferable method when encountering different attacks. Based on datamining technology, this paper expects to solve the problems of accuracy, effectiveness and the ability to detect unknown attacks on the issue of NID, analyzing recent NID studies and using the method of support vector machine--based on statistics learning theory--and its application to intrusion detection.Network traffic connections is the key data source of intrusion detection. The present study use standard reference data (KDD CUP 1999) as the experimental data, which includes many unlabeled data many normal data, as well as a few attack data. The dataset shows an unbalanced distribution and a high dimension. Support vector machine use kernel function instead of point multiply in high dimensional feature space, perfectly solving the dimension problem. Therefore, it is a suitable method to redeem anomaly detection of unbalanced and high dimensional data.To solve the problem of high cost in labeling the data artificially and that of the dimension effect by traditional clustering method, this thesis proposes a new fuzzy support vector clustering algorithm to cope with unlabeled data. Through combining K-means and DBSCAN algorithm to generate association matrix, setting the threshold value of constraint term to get the initial clustering, and using the fuzzy support vector domain description, the final result was achieved. The contrast experiment shows the feasibility and effectiveness of this method.Clustering methods aims to cluster the most similar sample in the same clustering for the experts to identify the real class of the sample. The classification method can predict the class of the unknown data by using classification model. Therefore, this thesis proposes an improved algorithm of hypersphere support vector machine(HSVM) based on feature selection. The optimal feature subset can be generated through the feature selection algorithms. Trained by the subset, HSVM can generate the classification model in the end. The comparison among different results of the HSVM based on different feature selection algorithms shows that SVM-HSVM performs better accuracy than HSVM and the detecting speed increased by 50%.The network attacks diverse, so another focus of the present study is on how to detect the type of attacks. A multiclass hypersphere support vector machine based on tree structure is proposed and applied to detect different type of network attacks in network traffic connections. Experimental results show that the proposed method ensures higher detection rate and lower false alarm.