会议专题

Anomaly Intrusion Detection Based on Wavelet Kernel LS-SVM

IDS (Intrusion detection System) is an important part of modern network security. It gathers and analyzes information within a computer or a network to identify suspicious behaviors that may indicate an attack or intrusion. Anomaly detection can recognize unknown type of attacks, which attracts more attention of researchers. But traditional anomaly detection methods usually have higher false alarm rate. As a new machine learning method, SVM (Support Vector Machine) has good generalizing ability in case of small training samples. It has been used in IDS recently and achieved certain effects. While the commonly used kernel functions of SVM such as RBF kernel and Gauss kernel are non-orthogonal, whose recognition capacity and convergence speed are unsatisfactory for complex non-linear system in IDS. To improve the performance of IDS, this paper proposed an intrusion detection method based on wavelet kernel LS-SVM (Least Square-SVM). LS-SVM is an evolution of classical SVM, who finds the solution by solving a set of linear equations instead of a convex quadratic programming (QP) for classical SVM. Wavelet kernel function has the features of approximately orthogonal and multi-scale analysis, thus has better classification generalizing ability. Experiment on KDD CUP1999 showed our method could raise the accuracy of detection and decrease the false alarm rate.

intrusion detection support vector machine wavelet kernel

YANG Guang

School of Communication and Information Engineering Xian University of Posts and Telecommunications Xian, China

国际会议

2011 International Conference on Communication and Electronics Information(ICCEI 2011)(2011年通信和电子信息国际会议)

海口

英文

97-100

2011-02-22(万方平台首次上网日期,不代表论文的发表时间)