Abstract
Intrusion detection systems based on a hybrid approach have attracted considerable interest from researchers. Hybrid classifiers are able to provide improved detection accuracy, but usually have a complex structure and high computational costs. In this research, we propose a new and easy-to-implement hybrid learning method, named distance sum-based support vector machine (DSSVM), which can be used as an effective intrusion detection model. In DSSVM, we introduce the distance sum, a correlation between each data sample and cluster centers. Consider a data set represented by n-dimensional feature vectors, each distance sum for a data sample in the data set is obtained from the distances between this data sample and k−1 of k cluster centers found by a clustering algorithm. A new data set representing the features of these distance sums is formed and used to train a support vector machine classifier. By applying DSSVM to the KDD’99 data set, our experimental results show that the proposed hybrid method performs well in both detection performance and computational cost, which suggests it is a competitive candidate for intrusion detection. In addition, we also use six databases with different numbers of features, classes, and data samples to further validate the effectiveness of our method for some other pattern recognition problems.
Similar content being viewed by others
References
Asuncion A, Newman DJ (2007) In: UCI machine learning repository. University of California, School of Information and Computer Sciences. Available on: http://www.ics.uci.edu/mlearn/MLRepository.html
Badran K, Rockett P (2012) Multi-class pattern classification using single, multi-dimensional feature-space feature extraction evolved by multi-objective genetic programming and its application to network intrusion detection. Genet Program Evol Mach 13(1):33–63
Benferhat S, Boudjelida A, Tabia K, Drias H (2013) An intrusion detection and alert correlation approach based on revising probabilistic classifiers using expert knowledge. Appl Intell 38(4):520–540
Bouzida Y, Cuppens F, Cuppens-Boulahia N, Gombault S (2004) Efficient intrusion detection using principal component analysis. In: Proceedings of the 3ème conférence sur la Sécurité et Architectures Réseaux (SAR)
Chebrolu S, Abraham A, Thomas JP (2005) Feature deduction and ensemble design of intrusion detection systems. Comput Secur 24(4):295–307
Chen WH, Hsu SH, Shen HP (2005) Application of SVM and ANN for intrusion detection. Comput Oper Res 32(10):2617–2634
Chung YY, Wahid N (2012) A hybrid network intrusion detection system using simplified swarm optimization (SSO). Appl Soft Comput 12(9):3014–3022
Denning DE (1987) An intrusion-detection model. IEEE Trans Softw Eng 13:222–232
Diosan L, Rogozan A, Pecuchet J-P (2012) Improving classification performance of support vector machine by genetically optimising kernel shape and hyper-parameters. Appl Intell 36(2):280–294
Duda R, Hart P, Stork D (2000) Pattern classification, 2nd edn. Wiley, New York
Elshoush HT, Osman IM (2011) Alert correlation in collaborative intelligent intrusion detection systems-A survey. Appl Soft Comput 11(7):4349–4365
Hao PY, Chiang JH, Lin YH (2009) A new maximal-margin spherical-structured multi-class support vector machine. Appl Intell 30(2):98–111
Hsu CW, Lin CJ (2002) A comparison of methods for multiclass support vector machines. IEEE Trans Neural Netw 13(2):415–425
Kdd cup 99 intrusion detection dataset task description. University of California Department of Information and Computer Science (1999). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Khor KC, Ting CY, Amnuaisuk SP (2012) A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection. Appl Intell 36(2):320–329
KreBel U (1999) Pairwise classification and support vector machines. In: Scholkopf B, Burges CJC, Smola AJ (eds) Advances in kernel methods—support vector learning. MIT Press, Cambridge, pp 255–268
Kumar G, Kumar K, Sachdeva M (2010) The use of artificial intelligence based techniques for intrusion detection: a review. Artif Intell Rev 34(4):369–387
Lee LH, Rajkumar R, Isa D (2012) Automatic folder allocation system using Bayesian-support vector machines hybrid classification approach. Appl Intell 36(2):295–307
Lee LH, Wan CH, Rajkumar R, Isa D (2012) An enhanced support vector machine classification framework by using Euclidean distance function for text document categorization. Appl Intell 37(1):80–99
Liao Y, Vemuri VR (2002) Use of K-nearest neighbor classifier for intrusion detection. Comput Secur 21(5):439–448
Mittelmann H, Peng J (2010) Estimating bounds for quadratic assignment problems associated with Hamming and Manhattan distance matrices based on semidefinite programming. SIAM J Optim 20(6):3408–3426
Peng JF, Zhou YJ, Wang C, Yang YX, Ping Y (2011) Early TCP traffic classification. J Appl Sci 9(1):73–77
Radev DR, Jing H, Budzikowska M (2000) Centroid-based summarization of multiple documents: sentence extraction, utility-based evaluation, and user studies. In: Proceedings of the 2000 NAACL-ANL
Sabhnani M, Serpen G (2004) Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set. Intell Data Anal 8(4):403–415
Schultz MG, Eskin E, Zadok F, Stolfo SJ (2001) Data mining methods for detection of new malicious executables. In: Proceedings of the 2001 IEEE symposium on security and privacy. IEEE Press, New York, pp 38–49
Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177(18):3799–3821
Song D, Heywood MI, Zincir-Heywood AN (2005) Training genetic programming on half a million patterns: an example from anomaly detection. IEEE Trans Evol Comput 9(3):225–239
Tajbakhsh A, Rahmati M, Mirzaei A (2009) Intrusion detection using fuzzy association rules. Appl Soft Comput 9(2):462–469
Tavallaee M, Stakhanova N, Ghorbani AA (2010) Toward credible evaluation of anomaly-based intrusion-detection methods. IEEE Trans Syst Man Cybern, Part C, Appl Rev 40(5):516–524
Tombini E, Debar H, Me L, Ducasse M (2004) A serial combination of anomaly and misuse IDSs applied to HTTP traffic. In: Proceedings of the 20th annual computer security applications conference. IEEE Press, New York, pp 428–437
Tsai CF, Lin WY, Hong ZF, Hsieh CY (2011) Distance-based features in pattern classification. EURASIP J Adv Signal Process 2011(1):1–11
Tsai CF, Lin CY (2010) A triangle area based nearest neighbors approach to intrusion detection. Pattern Recognit 43(1):222–229
Tsai CF, Hsu YF, Lin CY, Lin WY (2009) Intrusion detection by machine learning: a review. Expert Syst Appl 36(10):11994–12000
Tsang CH, Kwong S, Wang H (2007) Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection. Pattern Recognit 40(9):2373–2391
UNIBS (2010) The UNIBS anonymized 2009 Internet traces. In: The telecommunication networks group @ UniBs. http://www.ing.unibs.it/ntw/tools/traces
Weinberger KQ, Saul LK (2009) Distance metric learning for large margin nearest neighbor classification. J Mach Learn Res 10:207–244
Wu SX, Banzhaf W (2010) The use of computational intelligence in intrusion detection systems: a review. Appl Soft Comput 10(1):1–35
Xiang C, Yong PC, Meng LS (2008) Design of multiple-level hybrid classifier for intrusion detection system using Bayesian clustering and decision trees. Pattern Recognit Lett 29(7):918–924
Zeng J, Liu X, Li T, Li G, Li H, Zeng J (2011) A novel intrusion detection approach learned from the change of antibody concentration in biological immune response. Appl Intell 35(1):41–62
Zhang J, Zulkernine M (2006) A hybrid network intrusion detection technique using random forests. In: Proceedings of the first international conference on availability, reliability and security. IEEE Press, New York, pp 262–269
Zhenwei Y, Tsai JJP (2004) A multi-class SLIPPER system for intrusion detection. In: Proceedings of the 28th annual international, Computer Software and Applications Conference, 2004, pp 212–217
Acknowledgements
The authors would like to thank the anonymous reviewers for their constructive comments and suggestions. This paper is supported by the National Natural Science Foundation of China under Grant 60972077, the National Science and Technology key project under Grant 2010ZX03003-003-01, National Key Technology R&D Program (2012BAH06B00), and Science and Technology on Electronic Control Laboratory, the Foundation of He’nan Educational Committee under Grant Nos. 3A413750, 13A413747, the Natural Science Foundation of He’nan Province of China under Grant No. 132300410393.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Guo, C., Zhou, Y., Ping, Y. et al. A distance sum-based hybrid method for intrusion detection. Appl Intell 40, 178–188 (2014). https://doi.org/10.1007/s10489-013-0452-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10489-013-0452-6