Application Of GPU-Based SVM Algorithm In Intrusion Detection

In recent years, with the development of computer network technology, as well as the network continues to expand the scale, computer networks and systems are suffering technical threats, such as hacker attacks. The security of computer networks will be a concern of more and more people. As an important field of information security research, Intrusion detection has attracted universal attention from both domestic and overseas and plays a very important role in the field of network security. Intrusion detection can be broadly divided into two classes:anomaly detection and misuse detection. Because it often requires certain behavioral characteristics of the system or user for tracking and updating, anomaly detection tends to larger calculation. Currently machine learning methods are commonly used in the field of security to solve the problem of larger amounts of calculation of anomaly detection. This article pays attention to support vector machine method.Support vector machine (SVM) based on the theory of VC dimension and structural risk minimization. As a standard of learning and classification method in the field of machine learning, SVM has its unique advantage for intrusion detection. Currently research results of both at home and abroad indicates that, compared to the traditional exception detection system, intrusion detection system based on SVM gets lesser detection time. Even under the situation of lack of prior knowledge, it still presents high level of classification accuracy. In exception detection area SVM is an effective invasion detection method. There are quite a lot of research and applications in network invasion detection system and Linux hosts invasion detection system. Although compared to the other anomaly detection system SVM possesses a less testing time, but when used in a large-scale high-speed network environment there is still included some shortcomings of failing to report or poor real-time respond. Especially when large number of feature dimensions and classification in category appear, system performance as a whole is often not ideal as we expect.With the mature of IC(integrated circuit) technologies, graphics processing unit (abbreviation as GPU) developed rapidly. In recent years, GPU got high-speed development of hardware performance itself as while as the price tended to be relative lower. GPU gains powerful high-performance parallel calculation capacity with its progress of increasingly mature programming tools, which increasingly attracts more and more people’s attention. Currently a large number of research scholars from different area have made the algorithm that are not very ideal efficiency of success in CPU implementation transplant to GPU, and most of them have a quite good speed-up ratio. Now how to excavate extremely considerable high-performance parallel calculation resources under GPU has become a major point in many areas at home and abroad.This article is just under the research background above. Through combining GPU itself special system structure features and using its powerful high-performance parallel calculation capacity, we transform the traditional SVM classification algorithm based on CPU to the algorithm based on GPU which is named G-SVM for the requirement of parallel. Through analyzing the corresponding experiments’results, we made a comparison of performance of G-SVM algorithm and traditional SVM algorithm in different features dimension number and classification category. Experimental results indicate that the forecast speed of G-SVM increased obviously and G-SVM could be used in high-bandwidth network environments with a certain degree of feasibility and practical value. Therefore it can be loaded as a plug-in to the open source Snort Intrusion detection system to meet the needs of high-bandwidth network environments. According to the analysis of experimental results, G-SVM is fully capable of large-scale high-speed network environment.