An Adaptive Network Intrusion Detection Method Based on PCA and Support Vector Machines

Xu, Xin; Wang, Xuening

doi:10.1007/11527503_82

An Adaptive Network Intrusion Detection Method Based on PCA and Support Vector Machines

Xin Xu^21,22 &
Xuening Wang²²

Conference paper

2520 Accesses
39 Citations

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 3584))

Abstract

Network intrusion detection is an important technique in computer security. However, the performance of existing intrusion detection systems (IDSs) is unsatisfactory since new attacks are constantly developed and the speed of network traffic volumes increases fast. To improve the performance of IDSs both in accuracy and speed, this paper proposes a novel adaptive intrusion detection method based on principal component analysis (PCA) and support vector machines (SVMs). By making use of PCA, the dimension of network data patterns is reduced significantly. The multi-class SVMs are employed to construct classification models based on training data processed by PCA. Due to the generalization ability of SVMs, the proposed method has good classification performance without tedious parameter tuning. Dimension reduction using PCA may improve accuracy further. The method is also superior to SVMs without PCA in fast training and detection speed. Experimental results on KDD-Cup99 intrusion detection data illustrate the effectiveness of the proposed method.

Supported by the National Natural Science Foundation of China Under Grants 60303012, 90104001, Specialized Research Fund for the Doctoral Program of Higher Education under Grant 20049998027, and Chinese Post-Doctor Science Foundation under Grant 200403500202.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Lippmann, R., Cunningham, R.: Improving Intrusion Detection Performance Using Keyword Selection and Neural Networks. Computer Networks 34(4), 597–603 (2000)
Article Google Scholar
Lee, W., Stolfo, S.J.: Data Mining Approaches for Intrusion Detection. In: Proceedings of the 1998 USENIX Security Symposium (1998)
Google Scholar
Lee, W., Stolfo, S., Mok, K.: Adaptive Intrusion Detection: A Data Mining Approach. Artificial Intelligence Review 14(6), 533–567 (2000)
Article MATH Google Scholar
Luo, J., Bridges, S.M.: Mining Fuzzy Association Rules and Fuzzy Frequency Episodes for Intrusion Detection. International Journal of Intelligent Systems, 687–703 (2000)
Google Scholar
Cannady, J.: Applying Neural Networks to Misuse Detection. In: Proceedings of the 21st National Information Systems Security Conference (1998)
Google Scholar
Mahoney, M., Chan, P.: Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks. In: Proceedings of 8th International Conference on Knowledge Discovery and Data Mining, pp. 376–385 (2002)
Google Scholar
Shah, H., Undercoffer, J., Joshi, A.: Fuzzy Clustering for Intrusion Detection. In: Proceedings of the 12th IEEE International Conference on Fuzzy Systems, pp. 1274–1278 (2003)
Google Scholar
Jolliffe, I.T.: Principal Component Analysis, 2nd edn. Springer, Heidelberg (2002)
MATH Google Scholar
Hastie, T.J., Tibshirani, R.J., Friedman, J.H.: The Elements of Statistical Learning: Data Mining, Inference, and Prediction. Springer, Heidelberg (2001)
MATH Google Scholar
Platt, J.: Fast Training of Support Vector Machines using Sequential Minimal Optimization. In: Scholkopf, B., Burges, C.J.C., Smola, A.J. (eds.) Advances in Kernel Methods—Support Vector Learning, pp. 185–208. MIT Press, Cambridge (1999)
Google Scholar
Lin, C.-J.: Formulations of Support Vector Machines: a Note from an Optimization Point of View. Neural Computation 13(2), 307–317 (2001)
Article MATH Google Scholar
Fan, R.-E., Chen, P.-H., Lin, C.-J.: Working Set Selection using the Second Order Information for Training SVM. Technical report, Department of Computer Science, National Taiwan University (2005)
Google Scholar
Vapnik, V.N.: Statistical Learning Theory. Wiley, Chichester (1998)
MATH Google Scholar

Download references

Author information

Authors and Affiliations

School of Computer, National University of Defense Technology, 410073, Changsha, P.R.China
Xin Xu
Institute of Automation, National University of Defense Technology, 410073, Changsha, P.R.China
Xin Xu & Xuening Wang

Authors

Xin Xu
View author publications
You can also search for this author in PubMed Google Scholar
Xuening Wang
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

School of Information Technology and Electrical Engineering, The University of Queensland, 4072, Brisbane, Queensland, Australia
Xue Li
The State Key Laboratory for Information Engineering in Surveying, Mapping and Remote Sensing, Wuhan University, 430072, Wuhan, China
Shuliang Wang
School of ITEE, The Univ of Queensland, St. Lucia, 4072, QLD, Australia
Zhao Yang Dong

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Xu, X., Wang, X. (2005). An Adaptive Network Intrusion Detection Method Based on PCA and Support Vector Machines. In: Li, X., Wang, S., Dong, Z.Y. (eds) Advanced Data Mining and Applications. ADMA 2005. Lecture Notes in Computer Science(), vol 3584. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11527503_82

Download citation

DOI: https://doi.org/10.1007/11527503_82
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-27894-8
Online ISBN: 978-3-540-31877-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics