An Anomaly Detection Model Based on One-Class SVM to Detect Network Intrusions

Intrusion detection occupies a decision position in solving the network security problems. Support Vector Machines (SVMs) are one of the widely used intrusion detection techniques. However, the commonly used two-class SVM algorithms are facing difficulties of constructing the training dataset. That is because in many real application scenarios, normal connection records are easy to be obtained, but attack records are not so. We propose an anomaly detection model based on One-class SVM to detect network intrusions. The one-class SVM adopts only normal network connection records as the training dataset. But after being trained, it is able to recognize normal from various attacks. This just meets the requirements of the anomaly detection. Experimental results on KDDCUP99 dataset show that compared to Probabilistic Neural Network (PNN) and C-SVM, our anomaly detection model based on One-class SVM achieves higher detection rates and yields average better performance in terms of precision, recall and F-value.