| Anomaly-based network-intrusion detection technology is an important network securitytechnology and the SVM-based intrusion detection technology is an important researchdirection.However, current SVM-based intrusion detection technologies have such problems ashigh false-negative rate, long time to train the detection model, poor ability to detect unknownattacks.To alleviate these problems above, we propose a new network-intrusion detectiontechnology, named OCSVM-PSO, which is based on One-Class Support Vector Machine(OCSVM).The technology views the anomaly-based network-intrusion detection problem as abinary classification problem. The goal of the problem is to divide the data sample into twocategories, namely the normal data and the abnormal data that represent the intrusion data (butignoring the intrusion types).The features of the technology are as follows:1、using the principalcomponent analysis method to eliminate the redundant attribute data set and extract the mainattributes of the data set, so to reduce the dimensionality of the data set.2、using the ParticleSwarm Optimization(PSO) algorithm to optimize the parameter-selection process of SVM kernelfunction, so to obtain the optimal parameters for one-class SVM. We implement the abovetechnology and conduct experimental study as follows:firstly, we utilize the optimal parametersset to train the SVM intrusion detection model; secondly, we utilize the testing data set to test thefalse negative rate and the predictive for unknown intrusion detection rate of the model. Theempirical results shows that, compared to the multi-class SVM-based intrusion-detectiontechnology and the genetic algorithm optimized one-class SVM intrusion-detection technology,our technology can reduce the false negative rate as well as the training time, and it can discovermore unknown intrusion data. |
PDF Full Text Request