| With the popularization of the Internet and local networks, malicious attacks and intrusion events to computer systems are growing. The design and implementation of intrusion detection systems are becoming extremely important in helping to maintain proper network security. Support Vector Machines (SVM) as a classic pattern recognition tool, have been widely used in intrusion detection. However, conventional SVM methods do not involve the different characteristics of the features of data sets. This thesis proposes a new SVM model enhanced with a weighted kernel function based on features of the training data for intrusion detection. Rough set theory is used to perform the feature ranking and selection tasks of the enhanced SVM model in order to take advantage of both SVM and rough set theory. Based on the feature ranks resulting from Rough Set theory, a new algorithm is developed to calculate the feature weights in a kernel function for the enhanced SVM model. The new model is tested with two data sets namely, the KDD CUP 1999 dataset and the system call trace dataset from the University of New Mexico. When compared with the result from conventional SVM, the test provides evidence that the proposed model outperforms conventional SVM in precision, computation time, and false negative rate. |
