Research Article
An Anomaly Detection Model for Network Intrusions Using One-Class SVM and Scaling Strategy
@INPROCEEDINGS{10.1007/978-3-319-28910-6_24, author={Ming Zhang and Boyi Xu and Dongxia Wang}, title={An Anomaly Detection Model for Network Intrusions Using One-Class SVM and Scaling Strategy}, proceedings={Collaborative Computing: Networking, Applications, and Worksharing. 11th International Conference, CollaborateCom 2015, Wuhan, November 10-11, 2015, China. Proceedings}, proceedings_a={COLLABORATECOM}, year={2016}, month={2}, keywords={Intrusion detection Anomaly detection One-class SVM Scaling strategy}, doi={10.1007/978-3-319-28910-6_24} }- Ming Zhang
Boyi Xu
Dongxia Wang
Year: 2016
An Anomaly Detection Model for Network Intrusions Using One-Class SVM and Scaling Strategy
COLLABORATECOM
Springer
DOI: 10.1007/978-3-319-28910-6_24
Abstract
Intrusion detection acts as an effective countermeasure to solve the network security problems. Support Vector Machine (SVM) is one of the widely used intrusion detection techniques. However, the commonly used two-class SVM algorithms are facing difficulties of constructing the training dataset. That is because in many real application scenarios, normal connection records are easy to be obtained, but attack records are not so. We propose an anomaly detection model for network intrusions by using one-class SVM and scaling strategy. The one-class SVM adopts only normal network connection records as the training dataset. The scaling strategy guarantees that the variability of feature values can reflect their importance, thus improving the detection accuracy significantly. Experimental results on KDDCUP99 dataset show that compared to Probabilistic Neural Network (PNN) and C-SVM, our one-class SVM based model achieves higher detection rates and yields average better performance in terms of precision, recall and F-value.