ABSTRACT:
Intrusion detection is an important aspect of network security for organizations which rely on networks to run its daily operations. Intrusion detection systems can serve as misuse (signature based) system or anomaly based system. This work investigates the classification of network streams in order to detect anomaly intrusion in an intrusion detection system. Most literature had identified inability to reduce the number of false positives, lack of standard evaluation metrics and time complexity of intrusion detection systems. This paper seeks to tackle the first two problems. In this paper, an optimized support vector machine model for intrusion detection is proposed and implemented. Benchmark datasets used in this study are KDD-cup 99 dataset and University of New Brunswick Intrusion detection Evaluation dataset sourced from University of California Irvine and Canadian Institute of Cyber-Security repositories respectively. The first and second datasets contain 41 and 28 attributes. The linear, quadratic, cubic, fine grained Gaussian, medium grained Gaussian and coarse grained Gaussian kernel types of support vector machine models are experimented. The work is implemented in MATLAB. The performance of the six SVM kernel types is evaluated based on basic true positive and negative rates, overall accuracy, sensitivity, specificity, precision, Matthews correlation coefficient and balanced classification rate. The evaluation results show that the quadratic and polynomial kernel types performed better than the rest across the evaluation metrics used. The area under curve result of the various kernel types proposed support vector machine model showed that the KDD-cup dataset is linearly separable.
Keywords: Anomaly Detection, Intrusion Detection System, Performance Evaluation. Support vector machine.
