A cooperative Network Intrusion Detection based on SVMs

SVM is not as favored for large-scale data training as for Network Intrusion Detection because the training complexity of SVM is highly dependent on the size of training sample set. And the network information includes a large number of noise data that impact on constructing the boundary (separating hyperplane) of SVM. Some redundant sample points and noisy points are firstly removed in this paper according to the distance in high-dimensional feature space. And K-nearest neighbor algorithm guarantees sample points removed is the noise points. Then the remaining sample points provide an SVM with high quality samples that likely to carry most of the support vectors(SVs) such that they maximize the benefit of learning the SVM. Because different network protocols have different attributes, which must affect the detection effect. This paper proposes cooperative network intrusion detection based on SVMs. Three types of detecting agents are generated according to TCP, UDP and ICMP protocol. Finally, the result of simulations run on the data of KDDCUP 1999 shows there are a better detection effect with cooperative network intrusion detection based on multi SVMs.