Anomaly Intrusion Detection Based on Wavelet Kernel LS-SVM
(0) IDS (Intrusion detection System) is an important part of modern network security. It gathers and analyzes information within a computer or a network to identify suspicious behaviors that may indicate an attack or intrusion. Anomaly detection can recognize unknown type of attacks, which attracts more attention of researchers. But traditional anomaly detection methods usually have higher false alarm rate. As a new machine learning method, SVM (Support Vector Machine) has good generalizing ability in case of small training samples. It has been used in IDS recently and achieved certain effects. While the commonly used kernel functions of SVM such as RBF kernel and Gauss kernel are non-orthogonal, whose recognition capacity and convergence speed are unsatisfactory for complex non-linear system in IDS. To improve the performance of IDS, this paper proposed an intrusion detection method based on wavelet kernel LS-SVM (Least Square-SVM). LS-SVM is an evolution of classical SVM, who finds the solution by solving a set of linear equations instead of a convex quadratic programming (QP) for classical SVM. Wavelet kernel function has the features of approximately orthogonal and multi-scale analysis, thus has better classification generalizing ability. Experiment on KDD CUP1999 showed our method could raise the accuracy of detection and decrease the false alarm rate.
intrusion detection support vector machine wavelet kernel
YANG Guang
School of Communication and Information Engineering Xian University of Posts and Telecommunications Xian, China
国际会议
海口
英文
97-100
2011-02-22(万方平台首次上网日期,不代表论文的发表时间)