Progress of Machine Learning in the Field of Intrusion Detection Systems (original) (raw)
Related papers
The Evolution of Vector Machine Support in the Field of Intrusion Detection Systems
Machine Learning Techniques and Data Science, 2021
With the increase in Internet and local area network usage, malicious attacks and intrusions into computer systems are growing. The design and implementation of intrusion detection systems became extremely important to help maintain good network security. Support vector machines (SVM), a classic pattern recognition tool, has been widely used in intrusion detection. They make it possible to process very large data with great efficiency and are easy to use, and exhibit good prediction behavior. This paper presents a new SVM model enriched with a Gaussian kernel function based on the features of the training data for intrusion detection. The new model is tested with the CICIDS2017 dataset. The test proves better results in terms of detection efficiency and false alarm rate, which can give better coverage and make the detection more effective.
Support Vector Machine for Network Intrusion and Cyber-Attack Detection
2017 Sensor Signal Processing for Defence Conference (SSPD), 2017
Cyber-security threats are a growing concern in networked environments. The development of Intrusion Detection Systems (IDSs) is fundamental in order to provide extra level of security. We have developed an unsupervised anomaly-based IDS that uses statistical techniques to conduct the detection process. Despite providing many advantages, anomaly-based IDSs tend to generate a high number of false alarms. Machine Learning (ML) techniques have gained wide interest in tasks of intrusion detection. In this work, Support Vector Machine (SVM) is deemed as an ML technique that could complement the performance of our IDS, providing a second line of detection to reduce the number of false alarms, or as an alternative detection technique. We assess the performance of our IDS against one-class and two-class SVMs, using linear and non-linear forms. The results that we present show that linear two-class SVM generates highly accurate results, and the accuracy of the linear one-class SVM is very comparable, and it does not need training datasets associated with malicious data. Similarly, the results evidence that our IDS could benefit from the use of ML techniques to increase its accuracy when analysing datasets comprising of non-homogeneous features.
A Comprehensive Survey on Support Vector Machines for Intrusion Detection System
International Journal of Knowledge Based Computer Systems, 2022
Machine learning is a widely interdisciplinary field centered on theories from cognitive science, computer science, statistics, optimization and many other theoretical and mathematical disciplines. Classification is a supervised learning technique used in machine learning to evaluate a given dataset and to create a model that divides data into a desired and distinct number of groups. The strength of SVMs lies in their use of nonlinear kernel features that map input into high-dimensional spaces of features implicitly. We'll address the value of SVMs in this survey article. Discussing their SVM tuning parameters as well. The main purpose of this paper is to include detailed studies on SVM implementations by contrasting the current ML models with the SVM versions, also poses the problems of the intrusion detection method of the support vector machines, and also this paper provides researchers with a summary of the SVM that assists in their future analysis.
The success of any Intrusion Detection System (IDS) is a complicated problem due to its nonlinearity and the quantitative or qualitative network traffic data stream with many features. To get rid of this problem, several types of intrusion detection methods have been proposed and shown different levels of accuracy. This is why, the choice of the effective and robust method for IDS is very important topic in information security. Support vector machine (SVM) has been employed to provide potential solutions for the IDS problem. However, the practicability of SVM is affected due to the difficulty of selecting appropriate kernel and its parameters. Thus, this paper is aimed to use different kernel on the KDD’99 Dataset and find out which is best for SVM based intrusion detection system. In this work, we have developed a new data set, KDD99Train+ and KDD99Test+, which does not include any redundant records in the train set as well as in the test set which was an inherent problem of KDD’99 dataset, so the classifiers will not be biased towards more frequent records. The experimental results indicate that RBF kernel can achieve higher detection ratethan others kernel like Linear and polynomial kernelin the same time. RBF kernel also shows lower false negative rate thanpolynomial kernel.
Machine Learning for Network Intrusion Detection Based on SVM Binary Classification Model
2020
A R T I C L E I N F O A B S T R A C T Article history: Received: .23 June, 2020 Accepted: 20 July, 2020 Online: 25 August, 2020 Recently, the number of connected machines around the worldwide has become very large, generating a huge amount of data either to be stored or to be communicated. Data protection is a concern for all institutions, it is difficult to manage the masses of data that are susceptible to multiple threats. In this work, we present a novel method of Intrusion Detection System (IDS) based on the detection of anomalies in computer networks. The aim is to use artificial intelligence techniques in the form of Machine Learning (ML) for intrusion detection. For this purpose, we have proposed a Support Vector Machine (SVM) classification model with two kernels, one Polynomial and the other Gaussian. This model is trained and tested with the recent UNSWNB-15 dataset. Regarding the results obtained, we have evaluated our model with six metrics capable of offering all potent...
Using Support Vector Machines in Anomaly Intrusion Detection
2015
Using Support Vector Machines in Anomaly Intrusion Detection Eric M Nyakundi Advisor: University of Guelph, 2015 Dr. Charlie Obimbo Recent increase in hacks and computer network attacks around the world, including Sony Pictures (2014), Home Depot (2014), and Target (2014) gives a compelling need to develop better Intrusion Detection and Prevention systems. Network intrusions have become larger and more pervasive in nature. However, most anomaly intrusion detection systems are plagued by large number of false positives thus limiting their use. In this Thesis as a contribution to building better Intrusion Detection Systems, we classify intrusions using Support Vector Machines and perform experiments to determine their performance and compare them to other classifiers e.g näıve-Bayes, multilayer perceptrons on the network intrusion detection classification task. The classifiers are evaluated on the ISCX2012 dataset. The proposed Support Vector Machine classifier achieves 99.1% average ...
A novel intrusion detection method based on support vector machines
2010 11th International Symposium on Computational Intelligence and Informatics (CINTI), 2010
Security of computers and the networks that connect them is increasingly becoming of great significance. As an effect, building effective intrusion detection models with good accuracy and real-time performance are essential. In this paper we propose a new data mining based technique for intrusion detection using Cost-sensitive classification and Support Vector Machines. We introduced an algorithm that improves the classification for Support Vector Machines, by multiplying in the training step the instances of the underrepresented classes. We have discovered that by oversampling the instances of the anomaly, we are helping the Support Vector Machine algorithm to overcome the soft margin. As an effect, it classifies better future instances of this class of interest.
A SURVEY ON INTRUSION DETECTION SYSTEM BASED SUPPORT VECTOR MACHINE ALGORITHM
Whenever an intrusion occurs, the security and value of a computer system is compromised. Network-based attacks make it difficult for legitimate users to access various network services by purposely occupying or sabotaging network resources and services. This can be done by sending large amounts of network traffic, exploiting well-known faults in networking services, and by overloading network hosts. Intrusion Detection attempts to detect computer attacks by examining various data records observed in processes on the network and it is split into two groups, anomaly detection systems and misuse detection systems. Anomaly detection is an attempt to search for malicious behaviour that deviates from established normal patterns. Misuse detection is used to identify intrusions that match known attack scenarios. Our interest here is in anomaly detection and our proposed method is a scalable solution for detecting network-based anomalies. We use Support Vector Machines (SVM) for classification. The SVM is one of the most successful classification algorithms in the data mining area, but its long training time limits its use. Support Vector Machines (SVM) are the classifiers which were originally designed for binary classification. The classification applications can solve multi-class problems. The construction order of binary tree has great influence on the classification performance. In this paper we are studying an algorithm.
Intrusion Detection System Using Data Mining Technique: Support Vector Machine
— Security and privacy of a system is compromised, when an intrusion happens. Intrusion Detection System (IDS) plays vital role in network security as it detects various types of attacks in network. So here, we are going to propose Intrusion Detection System using data mining technique: SVM (Support Vector Machine). Here, Classification will be done by using SVM and verification regarding the effectiveness of the proposed system will be done by conducting some experiments using NSL-KDD Cup'99 dataset which is improved version of KDD Cup'99 data set. The SVM is one of the most prominent classification algorithms in the data mining area, but its drawback is its extensive training time. In this proposed system, we have carried out some experiments using NSL-KDD Cup'99 data set. The experimental results show that we can reduce extensive time required to build SVM model by performing proper data set pre-processing. Also when we do proper selection of SVM kernel function such as Gaussian Radial Basis Function, attack detection rate of SVM is increased and False Positive Rate (FPR) is decrease.
An Effective Intrusion Detection Framework Based on Support Vector Machine Using NSL-KDD Dataset
2017
Intrusion Detection System (IDS) has become necessary for the security and privacy of a system and it takes a major role in network security because of its detection capacity to various types of attacks in the network domain. Recently, Support Vector Machines (SVM) has been applied to provide useful solutions for intrusion detection systems. With its many variants for classification, SVM is a state-of-theart machine learning algorithm and its performance depends on selection of the appropriate parameters. In this paper, we propose a model based on linear and nonlinear kernel SVMs using NSL-KDD dataset. The parameters for SVM are described in the tabular manner. Then by using the NSL-KDD dataset, our model gives the best result i.e., 100% for accuracy (Both Quadratic and Cubic SVMs).