Study On Intrusion Detection Based On Combined Support Vector Machines

In today’s society, the computer network has penetrated into every aspect ofsocial production and life, and continues to expand its application domain. People notonly enjoy great convenience that the computer network brings, but also face greatrisks that it brings every day. In order to guarantee the safe use of network, peoplehave done a lot of research on this problem, and have achieved significant results, oneof which is intrusion detection system.Intrusion detection is essentially a problem of classification. The algorithm ofSupport Vector Machine has a lot of perfect performance in classification. Networkattack behaviors have the myriads of changes, and network data are very complex.Thus general classifiers are difficult to separate the network’s data with highclassification accuracy. But the network data can be well classified by the SupportVector Machine Classification Algorithm.In this paper, having analyzed the anomaly detection method and abusedetection method, we put forward to a kind of detection models, which combined thetwo methods. And then we analyzed its effectiveness. After having analyzed theclassical set of intrusion data, we found the amounts of attacks are not extremelybalanced and the degree of similarity between various types of attacks are not thesame, and put forward to a classification method that combined four kinds of attacksinto two groups. Based on the set of intrusion data divided into two groups, we wereinspired by the strategy of divide-and-conquer, and proposed an intrusion detectionalgorithm which respectively trained two support vector machines, and then combinedthem in a certain way to detect intrusion. Finally in this paper, we carried out a seriesof experiments, compared the performance of related algorithm, and analyzed theexperimental results. This algorithm proposed in this paper not only achieves very lowfalse positive rate and false negative rate, but also can effectively detect two kinds ofsmall number of attacks, which proves the effectiveness of proposed algorithm.