Study On Intrusion Detection System Based On Support Vector Machine

With the rapid development of the Internet,the era of interconnection has come.However,various kinds of Internet security incidents have come with the convenience of the Internet.Since various types of attacks are endless,network security faces severe challenges.Therefore,network security devices are particularly important.Intrusion detection system,as an important member of network security devices,is more favored by researchers.The traditional intrusion detection system is based on pattern matching model.The performance of the model depends on the completeness of the rule base,which needs to be constantly updated to deal with new attacks.The rule base is updated by the experienced experts.In production environment,traditional intrusion detection systems not only cause false alarms and miss alarms but also require frequently devices updates.Researchers in this field have designed intrusion detection systems with excellent simulation performance based on machine learning methods.These machine learning algorithms need a large number of samples to train models which is hard to meet in production environment.So it is difficult to be used commercially.Support vector machine(SVM),however,is good at dealing with small samples and high dimension data,and its generalization ability is better.The main work of this paper includes the following points:(1)The basic knowledge of intrusion detection,the theoretical knowledge of support vector machine and the statistical learning are studied.The basic knowledge of feature selection and the typical feature selection algorithm are introduced.(2)An intrusion detection system based on improved SVM is proposed on the basis of the study of the Common Intrusion Detection Framework(CIDF).Besides,the overall framework of the system is designed and each module of the system is given in detail.(3)Aiming at the problem that the SVM training samples are time-consuming,this paper proposes an improved feature selection algorithm.By filtering the features of the original feature set,a large number of redundant features are eliminated.Then the optimal feature subset is obtained,which reduces the training time effectively.(4)Due to the inefficiency of SVM parameter search algorithm(grid search algorithm),this paper improves the standard particle swarm optimization algorithm and proposes an adaptive particle swarm optimization which is called as Adaptive Each Particle Swarm Optimization(AEPSO)algorithm.Then AEPSO is used as the parameter search algorithm of SVM.Simulation results show that AEPSO algorithm has higher efficiency.(5)According to the implementation proposed in this paper,each module of the intrusion detection system is implemented.Then,the KDD-CUP99 dataset is used to test each module of the system.Besides,AEPSO algorithm is compared with other APSO algorithms.The results show that the design proposed in this paper is feasible.The proposed algorithm improves the detection rate of the known attack and the unknown attack.Moreover,the time of the training model is greatly reduced and the real-time performance of the system is better.