A Cascading Intrusion Detection Framework Using OCSVM and SSVM

• Main Authors: Lin-Kuei Yang, 楊琳貴
• Other Authors: Yuh-Jye Lee
• Format: Others
• Language: en_US
• Published: 2005
• Online Access: http://ndltd.ncl.edu.tw/handle/88843230264429602307

碩士 === 國立臺灣科技大學 === 資訊工程系 === 93 === Information system assurance is one of the most concerned issues by researches, government organizations and many commercial firms. In order to assure the integrity of computer systems, more and more defense techniques are being brought out such as firewall, anti-virus software, intrusion detection system, etc. Intrusion detection system is a novel defense technique which can determine if a computer network or server has experienced an unauthorized intrusion. In this thesis, we proposed a cascading intrusion detection framework in which we use one class support vector machine (OCSVM) and smooth support vector machine (SSVM) as the core techniques. Generally, OCSVM is used to capture normal behavior in anomaly intrusion detection. Here we exploit OCSVM to profile normal behavior as well as all kinds of intrusion activities respectively. Due to the success of support vector machines in the applications of binary classification, we apply a variant version of support vector machines, SSVM, to discriminate between normal and intrusive activities. We combine OCSVM with SSVM to constitute a sophisticated structure to detect intrusions efficiently. In order to deal with the massive dataset in our training process, chunking technique is introduced in this thesis. By testing our system on 1999 KDD contest dataset, our system performs better than 1999 KDD winner in either intrusion detection or intrusion diagnostic based on the 1999 KDD scoring measure. Besides, our system also has better prediction rates toward DoS and r2l connections than other well-known algorithms.