Research On The Intrusion Detection Method Based On Rough Set And Incremental SVM

Intrusion detection, an active security defense technology, is a significant research ofnetwork security system. Support vector machines (SVM), based on the VC dimension theoryand structural risk minimization principle in statistical learning theory, could avoid the localoptimal solution and the curse of dimensionality. However, in dealing with high dimensional,large-scale intrusion detection data, the SVM method needs very long training time, and thedetection speed is very slow; in dealing with non-equilibrium intrusion detection data, it haslow detection rate; the traditional SVM method does not support incremental learning. For theabove shortages, an intrusion detection method based on rough sets and incremental SVM isproposed in this paper and simulation experiments is also completed on KDDCUP1999dataset. The main contents are as follows:Firstly, for the existence of independent and redundant attributes in high dimensionalintrusion detection data, an attribute reduction algorithm based on positive region (PRAR) isproposed. The simulation result shows that compared with attribute reduction algorithmsbased on discernable matrixes and improved positive region, PRAR attribute reductionalgorithm can not only obtain optimal feature subset, but can also more efficiently selectoptimal feature subset, which obviously heightens detection speed and detection rate ofclassification algorithms.Secondly, aiming at the problem that large scale and imbalance data in intrusiondetection causes SVM intrusion detection method long training time, slow detection speedand low detection rate in detecting the attack types including fewer samples, a fastincremental SVM intrusion detection method based on boundary area (B-ISVM) is presented.The simulation result indicates that compared with block-based incremental SVM andimproved incremental SVM based on the KKT conditions, B-ISVM is more effective toextract the support vectors. As a result, not only its training and testing speed is improvedsignificantly, but there is a higher detection rate and lower false alarm rate. Finally, combining the above two algorithms, an approach to intrusion detection basedon rough set and incremental SVM is proposed. In the method, PRAR algorithm is firstapplied to feature selection, and then B-ISVM method for intrusion detection is adopted torealize intrusion detection. The simulation result shows that combined the advantages of thesetwo algorithms, this method has better intrusion detection performance.