A hybrid method based on genetic algorithm, self-organised feature map, and support vector machine for better network anomaly detection

Anomaly-based network intrusion detection techniques are a valuable technology to shield our systems and networks against the malicious activities. Anomaly detection is done by soft margin Support Vector Machine(SVM), which classify the input into any one of the label (normal and anomalous) category with respect to its anomalous behavior. SVM gives much better classification, out of wide variety of class discrimination algorithms which deals with huge collection of data. Here genetic algorithm (GA) and self-organised feature map (SOFM) are used to enhance the feature and information extraction from a huge dataset similar to KDD99. GA gives us the most prominent features contributing to the anomalous behaviour of a connection and SOFM helps to identify similar groups from the dataset by using the similarity metric. These two machine learning algorithms help to reduce the volume of dataset and features to train SVM. The proposed framework GSS (GA-SOFM-SVM) has 10% increase in detection rate and 50% reduction in false positive and false negative rate compared to soft margin SVM.