Less is More:Data Processing with SVM for Intrusion Detection

作     者：肖海军 洪帆 王玲 

作者机构：School of Mathematics and PhysicsChina University of Geosciences School of Computer Science and TechnologyHuazhong University of Science and Technology Business SchoolWuhan Institute of Technology 

出 版 物：《Journal of Southwest Jiaotong University(English Edition)》 (西南交通大学学报（英文版）)

年 卷 期：2009年第17卷第1期

页      面：9-15页

学科分类：0839[工学-网络空间安全] 08[工学] 

基　　金：The National Natural Science Foundation ofChina (No.60672049) 

主　　题：Support vector machine Data processing Attribute selection Similarity 

摘      要：To improve the detection rate and lower down the false positive rate in intrusion detection system, dimensionality reduction is widely used in the intrusion detection system. For this purpose, a data processing （DP） with support vector machine （SVM） was built. Different from traditiona/ly identifying the redundant data before purging the audit data by expert knowledge or utilizing different kinds of subsets of the available 41-connection attributes to build a classifier, the proposed strategy first removes the attributes whose correlation with another attribute exceeds a threshold, and then classifies two sequence samples as one class while removing either of the two samples whose similarity exceeds a threshold. The results of performance experiments showed that the strategy of DP and SVM is superior to the other existing data reduction strategies （ e. g. , audit reduction, rule extraction, and feature selection）, and that the detection model based on DP and SVM outperforms those based on data mining, soft computing, and hierarchical principal component analysis neural networks.