Network Intrusion Detection Using Support Vector Machine Based on Particle Swarm Optimization

Abstract

As an important part of the study of network security, Intrusion detection has aroused special attention of scholars from home and abroad. PSO-based SVM network intrusion detection is innovatively adopted in the paper where PSO is applied to support the parameters of SVM. Multi-classification is carried out with one versus one (OVO). The experiments on standard intrusion detection data set show that the PSO-based SVM method proposed in this paper is better than classical SVM method. Therefore, PSO -SVM test is very suitable for network intrusion detection. Introduction With the development of computer and internet, the network has been widely applied and its security has aroused people’s attention. By detecting relevant audit data, system journals or system data for example, Intrusion Detection can decide whether there are any strategies or methods to threaten the security of network. Intrusion detection is to classify relevant data, finding out what data is normal, what is abnormal. Anomaly Detection is an Intrusion Detection technique, which is applied to test the deviation of the present situation to normal situation, according to observation result in the normal situation, and then make the intrusion detection through the analysis system or the deviation between the user behavior and normal behavior. Anomaly Detection can find out the new intrusion methods and users’ misbehavior. The detecting methods include nerve system, fuzzy set theory, genetic arithmetic, and immunity theory. But methods like nerve system are low in accuracy when doing network security intrusion detection. Support Vector Machines (SVM) is proposed to avoid these disadvantages [1]. Based on statistic study theory and structure risk minimization, SVM theory is a brand-new study machine, solving the problems of partial extremum and over fitting phenomenon. Despite a lack of priori knowledge, SVM may make more accurate classification so that the whole intrusion detection system is better at detecting data. But there are some innate defects in traditional SVM, and some problems are difficult to solve, for example: the preference of kernel function, the speed of detection etc. These are main difficulties of SVM [2]. So, in this paper, various SVM parameters are optimized utilizing particle swarm algorithm. A SVM network intrusion detection model is put forward based on PSO and experiments have been conducted on subset data_10_percent of KDD CUP99 standard intrusion detection data set, and a good classification has been gained. International Conference on Applied Science and Engineering Innovation (ASEI 2015) © 2015. The authors Published by Atlantis Press 665 PSO –Based SVM Model Support Vector Machines (SVM) SVM is a machine-based study method, based on statistic study theory. Generalization of the study machine will be achieved according to risk minimization theory of Vapnik structure. SVM developed from optimal separate hyper plane of detachable linearity. As for the sample set ) , ( i i y x ,i=1,2,...,n, } 1 , 1 { + − ∈ i x , if it meets the condition of 0 1 ] ) [( ≥ − + ⋅ b x w y i i (1) , and class interval w / 2 is the algorithm, then the problem of algorithm may become dual problem using Lagrange optimization method, at last, the optimal function goes as follows: