Incremental Method Research To Intrusion Detection Based On Rough Set And SVM

Essentially, intrusion detection is a problem of pattern recognition and classification.With the unique advantages to process unbalanced and nonlinear data, Support VectorMachine (SVM) is particularly suitable for the design of intrusion detection classifier.Intrusion detection method based on SVM has achieved good results, but there are still thefollowing deficiencies: dealing with high-dimensional and large-scale intrusion detection data,the SVM method needs a long training time, and the detection speed is very slow. As thedynamic of intrusion detection data, when the data changes, a new SVM classification modelmust be rebuild, which leads the algorithm inefficient. For the above shortcomings, anincremental intrusion detection method based on rough sets and SVM is proposed in thispaper and simulation experiments is also completed on KDDCUP1999dataset. The maincontents are as follows:Firstly, Aiming at the existence of irrelevant and redundant attributes in high dimensionalintrusion detection data an the feature extraction invailding caused by sample changing, anincremental attribute reduction algorithm based on simplified binary discernibility matrix(SBDM-IAR) is proposed. After simplifing the decision table, the simplified binarydiscernibility matrix is constructed to reduce the storage space. When the decision tablechanges, dynamically computing the corresponding elements of discernibility matrix, the newattribute reduction can be directly obtained by incremental updating the original one.Secondly, aiming at the problem that dynamic changes of the large-scale sample setcauses SVM classifier not applicable, an incremental SVM algorithm based on cloud model(C-ISVM) is presented. The cloud boundary area is defined to extract cloud boundary vectorsof initial set. At the same time, the KKT condition is extended. On this basis, the new SVMclassifier is constructed by incremental learning. Finally, combining the above two algorithms, an incremental approach to intrusiondetection based on rough set and SVM is proposed. In the method, PRAR algorithm is firstapplied to feature selection, and then B-ISVM method for intrusion detection is adopted tointrusion detect. The simulation result shows that combined the advantages of these twoalgorithms, this method has better intrusion detection performance.