Intrusion Detection System Based on Cost Based Support Vector Machine

Abstract

In this paper, a novel intrusion detection system (IDS) is developed using a cost based support vector machine (SVM). While developing an IDS, due to the imbalanced characteristics it is very difficult to differentiate the attack events from a non-attack (normal) event in any network environment. The cost based SVM facilitates to put much weight to one pattern over another ones to differentiate attack and non-attack cases with a high accuracy. The same can be applied on a multiclass attack problems by using cost factor to each ratio of different types of attacks. In this study, the cost based SVM has been applied to classify DARPA99 intrusion detection dataset. The experimental results show that the cost based SVM can outperform standard SVM while attempting to differentiate a case as either attack or non-attack (normal). Furthermore, we applied the cost based SVM with an RBF kernel to a multiclass attack problem. Experimental result achieved about 99 % detection accuracy when it was applied to detect the type of attacks as either of Normal, DOS, Probe and R2L from DARPA99 dataset.