Skip to main content
SpringerLink
Log in

A distance sum-based hybrid method for intrusion detection

  • Published:
Applied Intelligence Aims and scope Submit manuscript

Abstract

Intrusion detection systems based on a hybrid approach have attracted considerable interest from researchers. Hybrid classifiers are able to provide improved detection accuracy, but usually have a complex structure and high computational costs. In this research, we propose a new and easy-to-implement hybrid learning method, named distance sum-based support vector machine (DSSVM), which can be used as an effective intrusion detection model. In DSSVM, we introduce the distance sum, a correlation between each data sample and cluster centers. Consider a data set represented by n-dimensional feature vectors, each distance sum for a data sample in the data set is obtained from the distances between this data sample and k−1 of k cluster centers found by a clustering algorithm. A new data set representing the features of these distance sums is formed and used to train a support vector machine classifier. By applying DSSVM to the KDD’99 data set, our experimental results show that the proposed hybrid method performs well in both detection performance and computational cost, which suggests it is a competitive candidate for intrusion detection. In addition, we also use six databases with different numbers of features, classes, and data samples to further validate the effectiveness of our method for some other pattern recognition problems.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Asuncion A, Newman DJ (2007) In: UCI machine learning repository. University of California, School of Information and Computer Sciences. Available on: http://www.ics.uci.edu/mlearn/MLRepository.html

    Google Scholar 

  2. Badran K, Rockett P (2012) Multi-class pattern classification using single, multi-dimensional feature-space feature extraction evolved by multi-objective genetic programming and its application to network intrusion detection. Genet Program Evol Mach 13(1):33–63

    Article  Google Scholar 

  3. Benferhat S, Boudjelida A, Tabia K, Drias H (2013) An intrusion detection and alert correlation approach based on revising probabilistic classifiers using expert knowledge. Appl Intell 38(4):520–540

    Article  Google Scholar 

  4. Bouzida Y, Cuppens F, Cuppens-Boulahia N, Gombault S (2004) Efficient intrusion detection using principal component analysis. In: Proceedings of the 3ème conférence sur la Sécurité et Architectures Réseaux (SAR)

    Google Scholar 

  5. Chebrolu S, Abraham A, Thomas JP (2005) Feature deduction and ensemble design of intrusion detection systems. Comput Secur 24(4):295–307

    Article  Google Scholar 

  6. Chen WH, Hsu SH, Shen HP (2005) Application of SVM and ANN for intrusion detection. Comput Oper Res 32(10):2617–2634

    Article  MATH  Google Scholar 

  7. Chung YY, Wahid N (2012) A hybrid network intrusion detection system using simplified swarm optimization (SSO). Appl Soft Comput 12(9):3014–3022

    Article  Google Scholar 

  8. Denning DE (1987) An intrusion-detection model. IEEE Trans Softw Eng 13:222–232

    Article  Google Scholar 

  9. Diosan L, Rogozan A, Pecuchet J-P (2012) Improving classification performance of support vector machine by genetically optimising kernel shape and hyper-parameters. Appl Intell 36(2):280–294

    Article  Google Scholar 

  10. Duda R, Hart P, Stork D (2000) Pattern classification, 2nd edn. Wiley, New York

    Google Scholar 

  11. Elshoush HT, Osman IM (2011) Alert correlation in collaborative intelligent intrusion detection systems-A survey. Appl Soft Comput 11(7):4349–4365

    Article  Google Scholar 

  12. Hao PY, Chiang JH, Lin YH (2009) A new maximal-margin spherical-structured multi-class support vector machine. Appl Intell 30(2):98–111

    Article  Google Scholar 

  13. Hsu CW, Lin CJ (2002) A comparison of methods for multiclass support vector machines. IEEE Trans Neural Netw 13(2):415–425

    Article  Google Scholar 

  14. Kdd cup 99 intrusion detection dataset task description. University of California Department of Information and Computer Science (1999). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  15. Khor KC, Ting CY, Amnuaisuk SP (2012) A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection. Appl Intell 36(2):320–329

    Article  Google Scholar 

  16. KreBel U (1999) Pairwise classification and support vector machines. In: Scholkopf B, Burges CJC, Smola AJ (eds) Advances in kernel methods—support vector learning. MIT Press, Cambridge, pp 255–268

    Google Scholar 

  17. Kumar G, Kumar K, Sachdeva M (2010) The use of artificial intelligence based techniques for intrusion detection: a review. Artif Intell Rev 34(4):369–387

    Article  Google Scholar 

  18. Lee LH, Rajkumar R, Isa D (2012) Automatic folder allocation system using Bayesian-support vector machines hybrid classification approach. Appl Intell 36(2):295–307

    Article  Google Scholar 

  19. Lee LH, Wan CH, Rajkumar R, Isa D (2012) An enhanced support vector machine classification framework by using Euclidean distance function for text document categorization. Appl Intell 37(1):80–99

    Article  Google Scholar 

  20. Liao Y, Vemuri VR (2002) Use of K-nearest neighbor classifier for intrusion detection. Comput Secur 21(5):439–448

    Article  Google Scholar 

  21. Mittelmann H, Peng J (2010) Estimating bounds for quadratic assignment problems associated with Hamming and Manhattan distance matrices based on semidefinite programming. SIAM J Optim 20(6):3408–3426

    Article  MATH  MathSciNet  Google Scholar 

  22. Peng JF, Zhou YJ, Wang C, Yang YX, Ping Y (2011) Early TCP traffic classification. J Appl Sci 9(1):73–77

    Google Scholar 

  23. Radev DR, Jing H, Budzikowska M (2000) Centroid-based summarization of multiple documents: sentence extraction, utility-based evaluation, and user studies. In: Proceedings of the 2000 NAACL-ANL

    Google Scholar 

  24. Sabhnani M, Serpen G (2004) Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set. Intell Data Anal 8(4):403–415

    Google Scholar 

  25. Schultz MG, Eskin E, Zadok F, Stolfo SJ (2001) Data mining methods for detection of new malicious executables. In: Proceedings of the 2001 IEEE symposium on security and privacy. IEEE Press, New York, pp 38–49

    Google Scholar 

  26. Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177(18):3799–3821

    Article  Google Scholar 

  27. Song D, Heywood MI, Zincir-Heywood AN (2005) Training genetic programming on half a million patterns: an example from anomaly detection. IEEE Trans Evol Comput 9(3):225–239

    Article  Google Scholar 

  28. Tajbakhsh A, Rahmati M, Mirzaei A (2009) Intrusion detection using fuzzy association rules. Appl Soft Comput 9(2):462–469

    Article  Google Scholar 

  29. Tavallaee M, Stakhanova N, Ghorbani AA (2010) Toward credible evaluation of anomaly-based intrusion-detection methods. IEEE Trans Syst Man Cybern, Part C, Appl Rev 40(5):516–524

    Article  Google Scholar 

  30. Tombini E, Debar H, Me L, Ducasse M (2004) A serial combination of anomaly and misuse IDSs applied to HTTP traffic. In: Proceedings of the 20th annual computer security applications conference. IEEE Press, New York, pp 428–437

    Chapter  Google Scholar 

  31. Tsai CF, Lin WY, Hong ZF, Hsieh CY (2011) Distance-based features in pattern classification. EURASIP J Adv Signal Process 2011(1):1–11

    Article  Google Scholar 

  32. Tsai CF, Lin CY (2010) A triangle area based nearest neighbors approach to intrusion detection. Pattern Recognit 43(1):222–229

    Article  MATH  MathSciNet  Google Scholar 

  33. Tsai CF, Hsu YF, Lin CY, Lin WY (2009) Intrusion detection by machine learning: a review. Expert Syst Appl 36(10):11994–12000

    Article  Google Scholar 

  34. Tsang CH, Kwong S, Wang H (2007) Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection. Pattern Recognit 40(9):2373–2391

    Article  MATH  Google Scholar 

  35. UNIBS (2010) The UNIBS anonymized 2009 Internet traces. In: The telecommunication networks group @ UniBs. http://www.ing.unibs.it/ntw/tools/traces

    Google Scholar 

  36. Weinberger KQ, Saul LK (2009) Distance metric learning for large margin nearest neighbor classification. J Mach Learn Res 10:207–244

    MATH  Google Scholar 

  37. Wu SX, Banzhaf W (2010) The use of computational intelligence in intrusion detection systems: a review. Appl Soft Comput 10(1):1–35

    Article  MATH  Google Scholar 

  38. Xiang C, Yong PC, Meng LS (2008) Design of multiple-level hybrid classifier for intrusion detection system using Bayesian clustering and decision trees. Pattern Recognit Lett 29(7):918–924

    Article  Google Scholar 

  39. Zeng J, Liu X, Li T, Li G, Li H, Zeng J (2011) A novel intrusion detection approach learned from the change of antibody concentration in biological immune response. Appl Intell 35(1):41–62

    Article  Google Scholar 

  40. Zhang J, Zulkernine M (2006) A hybrid network intrusion detection technique using random forests. In: Proceedings of the first international conference on availability, reliability and security. IEEE Press, New York, pp 262–269

    Google Scholar 

  41. Zhenwei Y, Tsai JJP (2004) A multi-class SLIPPER system for intrusion detection. In: Proceedings of the 28th annual international, Computer Software and Applications Conference, 2004, pp 212–217

    Google Scholar 

Download references

Acknowledgements

The authors would like to thank the anonymous reviewers for their constructive comments and suggestions. This paper is supported by the National Natural Science Foundation of China under Grant 60972077, the National Science and Technology key project under Grant 2010ZX03003-003-01, National Key Technology R&D Program (2012BAH06B00), and Science and Technology on Electronic Control Laboratory, the Foundation of He’nan Educational Committee under Grant Nos. 3A413750, 13A413747, the Natural Science Foundation of He’nan Province of China under Grant No. 132300410393.

Author information

Authors and Affiliations

  1. Information Security Center, Beijing University of Posts and Telecommunications, P.O. Box 145, Beijing, 100876, China

    Chun Guo, Yajian Zhou, Zhongkun Zhang, Guole Liu & Yixian Yang

  2. Department of Computer Science and Technology, Xuchang University, Xuchang, 461000, China

    Yuan Ping

Authors
  1. Chun Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yajian Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yuan Ping
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhongkun Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Guole Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yixian Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chun Guo.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Guo, C., Zhou, Y., Ping, Y. et al. A distance sum-based hybrid method for intrusion detection. Appl Intell 40, 178–188 (2014). https://doi.org/10.1007/s10489-013-0452-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10489-013-0452-6

Keywords

Search

Navigation