A novel intrusion detection system based on hierarchical clustering and support vector machines

This study proposed an SVM-based intrusion detection system, which combines a hierarchical clustering algorithm, a simple feature selection procedure, and the SVM technique. The hierarchical clustering algorithm provided the SVM with fewer, abstracted, and higher-qualified training instances that ar...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Expert systems with applications Ročník 38; číslo 1; s. 306 - 313
Hlavní autoři: Horng, Shi-Jinn, Su, Ming-Yang, Chen, Yuan-Hsin, Kao, Tzong-Wann, Chen, Rong-Jian, Lai, Jui-Lin, Perkasa, Citra Dwi
Médium: Journal Article
Jazyk:angličtina
Vydáno: Elsevier Ltd 01.01.2011
Témata:
Algorithms
Classification
Clustering
Data mining
Expert systems
Hierarchical clustering algorithm
Intrusion
KDD Cup 1999
Network intrusion detection system (NIDS)
Network security
Resultants
Support vector machines
Support vector machines (SVMs)
Training
Network security
Support vector machines (SVMs)
Network intrusion detection system (NIDS)
KDD Cup 1999
Data mining
Hierarchical clustering algorithm
ISSN:0957-4174, 1873-6793
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:This study proposed an SVM-based intrusion detection system, which combines a hierarchical clustering algorithm, a simple feature selection procedure, and the SVM technique. The hierarchical clustering algorithm provided the SVM with fewer, abstracted, and higher-qualified training instances that are derived from the KDD Cup 1999 training set. It was able to greatly shorten the training time, but also improve the performance of resultant SVM. The simple feature selection procedure was applied to eliminate unimportant features from the training set so the obtained SVM model could classify the network traffic data more accurately. The famous KDD Cup 1999 dataset was used to evaluate the proposed system. Compared with other intrusion detection systems that are based on the same dataset, this system showed better performance in the detection of DoS and Probe attacks, and the beset performance in overall accuracy.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 23
ISSN:0957-4174
1873-6793
DOI:10.1016/j.eswa.2010.06.066