Application of the support vector machine in network intrusion detection
Ye Shu
School of Telecommunication Engineering, Beijing University of Posts &
Telecommunications, Beijing, 100876 allannays@gmail.com Abstract: In network security, an intrusion attempt is defined as the potential possibility of a deliberate unauthorized attempt to access information, manipulate information, or render a system unusable. During the past decades, approaches for intrusion detections have been studied and improved. In this paper, Support Vector Machine (SVM) is adopted as a tool in anomaly intrusion detection. We use KDD Cup '99 dataset to build training data sets and testing data sets. The result of the experiments shows that SVM has a good ability in binary classification, multi-classification and generalization.
Key words: network security, intrusion detection, support vector machine, Libsvm, KDD Cup '99, classification
1. Introduction
With the rapid development of computer network and information technology, network security has become the focus attention of the public. Intrusion detection is considered one of the indispensable technologies in information security. We are facing a problem of how to quickly and effectively detect the intrusions already known as well as the newly emerging ones. Conventional methods of intrusion detection bear the disadvantages of being inefficient and inaccurate. For guaranteeing the ideal classification accuracy, the detecting system has to depend on massive amounts of training data which inevitably makes it very time consuming. However, the detection system must respond in real time and react quickly to those intrusions unknown. Support Vector Machine (SVM) is a learning method, building on statistic theory and Structural Risk Minimization Principle, used for classification and regression. The application of SVM in intrusion detection is able to achieve a better accuracy rate with much fewer training data samples.
2. Intrusion