| To meet the challenges of detecting increasing types of attacks in high-speed network, the thesis contributes on the area of intrusion detection using machine learning methods. By modifying and combining two existing algorithms, i.e. SVM (Support Vector Machine, a supervised learning algorithm for binary classification) and CSOACN (Clustering around Self-Organized Ant Colony Network, an unsupervised learning algorithm for clustering), a new algorithm and a new intrusion detection system (IDS) are proposed and developed.;Key words: Network security, network attack, Intrusion Detection Systems (IDS), data mining, machine learning, real time detection, Object-Oriented Programming.;The performance of the new IDS is evaluated with a commonly applied benchmark data set, i.e. the 1998 DARPA data set. Our experiment results indicate that the combination algorithm is better than the pure SVM in terms of higher average detection rate as well as lower rates of both negative and positive false and better than the pure CSOACN in term of less training time with comparable detection rate as well as comparable rates of negative and positive false. In addition, the effectiveness of the new algorithm is comparable to the KDD99 winner. As a future work on this study, the new IDS will be further improved and be further evaluated by transplanting it onto other types of systems. |
