An Enhanced Support Vector Machine Model for Intrusion Detection

Yao, JingTao; Zhao, Songlun; Fan, Lisa

doi:10.1007/11795131_78

Cited by 44 publications

(24 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The final training/test phase is concerned with the development and evaluation on a test set of the final RF model that is created based on the optimal hyper-parameters set found so far from the model selection phase [26]. After getting the parameters of RF with 41 features and selected 25 features as described in section 5 and 6 respectively, we build the model by using the whole train dataset (KDD99Train+) for the RF classifier and finally, we test the model by using the test dataset (KDD99Test+).…”

Section: Resultsmentioning

confidence: 99%

Feature Selection for Intrusion Detection Using Random Forest

Hasan¹,

Nasser²,

Ahmad³

et al. 2016

JIS

113

View full text Add to dashboard Cite

An intrusion detection system collects and analyzes information from different areas within a computer or a network to identify possible security threats that include threats from both outside as well as inside of the organization. It deals with large amount of data, which contains various irrelevant and redundant features and results in increased processing time and low detection rate. Therefore, feature selection should be treated as an indispensable pre-processing step to improve the overall system performance significantly while mining on huge datasets. In this context, in this paper, we focus on a two-step approach of feature selection based on Random Forest. The first step selects the features with higher variable importance score and guides the initialization of search process for the second step whose outputs the final feature subset for classification and interpretation. The effectiveness of this algorithm is demonstrated on KDD'99 intrusion detection datasets, which are based on DARPA 98 dataset, provides labeled data for researchers working in the field of intrusion detection. The important deficiency in the KDD'99 data set is the huge number of redundant records as observed earlier. Therefore, we have derived a data set RRE-KDD by eliminating redundant record from KDD'99 train and test dataset, so the classifiers and feature selection method will not be biased towards more frequent records. This RRE-KDD consists of both KDD99Train+ and KDD99Test+ dataset for training and testing purposes, respectively. The experimental results show that the Random Forest based proposed approach can select most important and relevant features useful for classification, which, in turn, reduces not only the number of input features and time but also increases the classification accuracy. Keywords 130

show abstract

Section: Resultsmentioning

confidence: 99%

Feature Selection for Intrusion Detection Using Random Forest

Hasan¹,

Nasser²,

Ahmad³

et al. 2016

JIS

113

View full text Add to dashboard Cite

show abstract

“…This is because FIN can self-adapt (optimize) its training parameters (window size, DTT level, dimension of FIN) utilizing such features as index of inseparability and fast training time. At the same time, successful applications of SVM (like those reported in [43] and [44]) are based essentially on a choice and/or enhancement of a suitable kernel function. Moreover, SVM usually needs a row of preliminary tricks with rough data.…”

Section: Discussionmentioning

confidence: 98%

“…Moreover, SVM usually needs a row of preliminary tricks with rough data. For example, an enhanced SVM for intrusion detection in [44] needs at least four steps to adopt KDD data [39]: (1) consider only binary classification, (2) filter the ''redundant'' intrusion records, (3) perform feature ranking and (4) delete the ''unimportant'' features. Note that FIN is free of similar steps and is applied directly to the same KDD data [45].…”

Section: Discussionmentioning

confidence: 99%

Immunocomputing for intelligent signal processing

Tarakanov

2010

Neural Comput & Applic

View full text Add to dashboard Cite

Based on immunocomputing (IC), this paper describes an approach to intelligent signal processing. The approach includes both low-level feature extraction and high-level (intelligent) pattern recognition. The key model is the formal immune network (FIN), which includes apoptosis (programmed cell death) and immunization and controls them by cytokines (messenger proteins). Such FIN can be formed from the signal or combination of signals using discrete tree transform, singular value decomposition and the proposed index of inseparability as a measure of quality of FIN. Several comparisons with neural computing and support vector machines suggest that IC may outperform state of the art approaches to intelligent signal processing.

show abstract

“…From the study of measuring the performance of detecting intrusions among NB, rTree, and rForest, they identified that rForest is superior to others with maintaining low false alarm rate. Interestingly, many researchers used SVM to conduct intrusion detection analysis [43][44][45][46][47] because it is good for classifying data by finding a hyperplane that maximizes the margin among all intrusion classes. It simply classifies the input data by a set of support vectors representing data patterns.…”

Section: Classification Algorithmsmentioning

confidence: 99%

A survey of cloud-based network intrusion detection analysis

Keegan

Chaudhary

et al. 2016

Hum. Cent. Comput. Inf. Sci.

View full text Add to dashboard Cite

As network traffic grows and attacks become more prevalent and complex, we must find creative new ways to enhance intrusion detection systems (IDSes). Recently, researchers have begun to harness both machine learning and cloud computing technology to better identify threats and speed up computation times. This paper explores current research at the intersection of these two fields by examining cloud-based network intrusion detection approaches that utilize machine learning algorithms (MLAs). Specifically, we consider clustering and classification MLAs, their applicability to modern intrusion detection, and feature selection algorithms, in order to underline prominent implementations from recent research. We offer a current overview of this growing body of research, highlighting successes, challenges, and future directions for MLA-usage in cloud-based network intrusion detection approaches.

show abstract

An Enhanced Support Vector Machine Model for Intrusion Detection

Cited by 44 publications

References 13 publications

Feature Selection for Intrusion Detection Using Random Forest

Feature Selection for Intrusion Detection Using Random Forest

Immunocomputing for intelligent signal processing

A survey of cloud-based network intrusion detection analysis

Contact Info

Product

Resources

About