KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Novel Kernel SVM Algorithm with Game Theory for Network Intrusion Detection

  • Liu, Yufei (College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics) ;
  • Pi, Dechang (College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics)
  • Received : 2016.11.27
  • Accepted : 2017.04.28
  • Published : 2017.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

Network Intrusion Detection (NID), an important topic in the field of information security, can be viewed as a pattern recognition problem. The existing pattern recognition methods can achieve a good performance when the number of training samples is large enough. However, modern network attacks are diverse and constantly updated, and the training samples have much smaller size. Furthermore, to improve the learning ability of SVM, the research of kernel functions mainly focus on the selection, construction and improvement of kernel functions. Nonetheless, in practice, there are no theories to solve the problem of the construction of kernel functions perfectly. In this paper, we effectively integrate the advantages of the radial basis function kernel and the polynomial kernel on the notion of the game theory and propose a novel kernel SVM algorithm with game theory for NID, called GTNID-SVM. The basic idea is to exploit the game theory in NID to get a SVM classifier with better learning ability and generalization performance. To the best of our knowledge, GTNID-SVM is the first algorithm that studies ensemble kernel function with game theory in NID. We conduct empirical studies on the DARPA dataset, and the results demonstrate that the proposed approach is feasible and more effective.

Keywords

References

  1. S. Rastegari, P. Hingston, and C.-P. Lam, "Evolving statistical rulesets for network intrusion detection," Applied Soft Computing, vol. 33, pp. 348-359, August, 2015. https://doi.org/10.1016/j.asoc.2015.04.041
  2. M.-H. Chen, P.-C. Chang, and J.-L. Wu, "A population-based incremental learning approach with artificial immune system for network intrusion detection," Engineering Applications of Artificial Intelligence, vol. 51, pp.171-181, May, 2016. https://doi.org/10.1016/j.engappai.2016.01.020
  3. J. Wei, R. Zhang, J. Liu, X. Niu, and Y. Yang, "Defense Strategy of Network Security based on Dynamic Classification," Ksii Transactions on Internet & Information Systems, vol. 9, pp. 5116-5134, December, 2015.
  4. C.-F. Tsai, Y.-F. Hsu, C.-Y. Lin, and W.-Y. Lin, "Intrusion detection by machine learning: A review," Expert Systems with Applications, vol. 36, pp. 11994-12000, December, 2009. https://doi.org/10.1016/j.eswa.2009.05.029
  5. J. Kevric, S. Jukic, and A. Subasi, "An effective combining classifier approach using tree algorithms for network intrusion detection," Neural Computing and Applications, pp. 1-8, June, 2016.
  6. M. M. a. M. V. Valter Vasic, "Lightweight and adaptable solution for security agility," KSII Transactions on Internet and Information Systems, vol. 10, pp. 1212-1228, March, 2016.
  7. M. Jo, L. Han, D. Kim, and H. P. In, "Selfish attacks and detection in cognitive radio Ad-Hoc networks," IEEE Network, vol. 27, pp. 46-50, June, 2013. https://doi.org/10.1109/MNET.2013.6523808
  8. Z. Qi, Y. Tian, and Y. Shi, "Robust twin support vector machine for pattern classification," Pattern Recognition, vol. 46, pp. 305-316, January, 2013. https://doi.org/10.1016/j.patcog.2012.06.019
  9. S. Maji, A. C. Berg, and J. Malik, "Efficient Classification for Additive Kernel SVMs," IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 35, pp. 66-77, January, 2013. https://doi.org/10.1109/TPAMI.2012.62
  10. Y. Zhang, J. Duchi, and M. Wainwright, "Divide and conquer kernel ridge regression: a distributed algorithm with minimax optimal rates," Journal of Machine Learning Research, vol. 16, pp. 3299-3340, December, 2015.
  11. S. F. Jianjun Li, Zhihui Wang, Haojie Li and Chin-Chen Chang, "An Optimized CLBP Descriptor Based on a Scalable Block Size for Texture Classification," KSII Transactions on Internet and Information Systems, vol. 11, pp. 288-301, January, 2017.
  12. X. Zhang and M. H. Mahoor, "Task-dependent multi-task multiple kernel learning for facial action unit detection," Pattern Recognition, vol. 51, pp. 187-196, March, 2016. https://doi.org/10.1016/j.patcog.2015.08.026
  13. S. Hare, S. Golodetz, A. Saffari, V. Vineet, M. M. Cheng, S. L. Hicks, et al., "Struck: Structured Output Tracking with Kernels," IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 38, pp. 2096-2109, December, 2015.
  14. H. Xue, S. Chen, and Q. Yang, "Structural Regularized Support Vector Machine: A Framework for Structural Large Margin Classifier," IEEE Transactions on Neural Networks, vol. 22, pp. 573-587, April, 2011. https://doi.org/10.1109/TNN.2011.2108315
  15. Myerson RB. Game Theory. Harvard University Press Books, 2013.
  16. C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel, and M. Rajarajan, "A survey of intrusion detection techniques in Cloud," Journal of Network and Computer Applications, vol. 36, pp. 42-57, January, 2013. https://doi.org/10.1016/j.jnca.2012.05.003
  17. S. Mukkamala, G. Janoski, and A. Sung, "Intrusion detection using neural networks and support vector machines," in Proc. of Neural Networks, 2002. IJCNN '02. Proceedings of the 2002 International Joint Conference on, pp. 1702-1707, May 12-17, 2002.
  18. M. Ektefa, S. Memar, F. Sidi, and L. S. Affendey, "Intrusion detection using data mining techniques," in Proc. of 2010 International Conference on Information Retrieval & Knowledge Management (CAMP), pp. 200-203, March 17-18, 2010.
  19. W. Hu, Y. Liao, and V. R. Vemuri, "Robust Support Vector Machines for Anomaly Detection in Computer Security," in Proc. of International Conference on Machine Learning and Applications - Icmla 2003, pp. 168-174, June 23-24, 2003.
  20. S.-J. Horng, M.-Y. Su, Y.-H. Chen, T.-W. Kao, R.-J. Chen, J.-L. Lai, et al., "A novel intrusion detection system based on hierarchical clustering and support vector machines," Expert Systems with Applications, vol. 38, pp. 306-313, January, 2011. https://doi.org/10.1016/j.eswa.2010.06.066
  21. H. LI, X.-H. GUAN, X. ZAN, and C.-Z. HAN, "Network intrusion detection based on support vector machine," Journal of Computer Research and Development, vol. 6, pp. 799-807, June, 2003.
  22. K. L. Li, H. K. Huang, S. F. Tian, Z. P. Liu, and Z. Q. Liu, "Fuzzy multi-class support vector machine and application in intrusion detection," Chinese Journal of Computers, vol. 28, pp. 274-280, February, 2005.
  23. H. Chih-Wei and L. Chih-Jen, "A comparison of methods for multiclass support vector machines," IEEE Transactions on Neural Networks, vol. 13, pp. 415-425, August, 2002. https://doi.org/10.1109/72.991427
  24. C.-C. Chang and C.-J. Lin, "LIBSVM: A library for support vector machines," ACM Trans. Intell. Syst. Technol., vol. 2, pp. 1-27, April, 2011.
  25. P. J. Reny, "Nash equilibrium in discontinuous games," Economic Theory, vol. 61, pp. 553-569, March, 2016. https://doi.org/10.1007/s00199-015-0934-3
  26. J. Chorowski, J. Wang, and J. M. Zurada, "Review and performance comparison of SVM- and ELM-based classifiers," Neurocomputing, vol. 128, pp. 507-516, March, 2014. https://doi.org/10.1016/j.neucom.2013.08.009
  27. J. M. Fossaceca, T. A. Mazzuchi, and S. Sarkani, "MARK-ELM: Application of a novel Multiple Kernel Learning framework for improving the robustness of Network Intrusion Detection," Expert Systems with Applications, vol. 42, pp. 4062-4080, May, 2015. https://doi.org/10.1016/j.eswa.2014.12.040
  28. R. P. Lippmann and R. K. Cunningham, "Guide to Creating Stealthy Attacks for the 1999 DARPA Off-Line Intrusion Detection Evaluation," Computer Networks, vol. 34, pp. 579-595, January, 1999.
  29. W. Hu, J. Gao, Y. Wang, O. Wu, and S. Maybank, "Online Adaboost-Based Parameterized Methods for Dynamic Distributed Network Intrusion Detection," IEEE Transactions on Cybernetics, vol. 44, pp. 66-82, January, 2014. https://doi.org/10.1109/TCYB.2013.2247592
  30. D. R. Wilson and T. R. Martinez, "Improved heterogeneous distance functions," Journal of Artificial Intelligence Research, vol. 6, pp. 1-34, June, 2000.

Cited by

  1. Intrusion detection system based on improved abc algorithm with tabu search vol.14, pp.11, 2017, https://doi.org/10.1002/tee.22987
  2. A Review of Intrusion Detection Systems Using Machine and Deep Learning in Internet of Things: Challenges, Solutions and Future Directions vol.9, pp.7, 2017, https://doi.org/10.3390/electronics9071177
  3. Classifier Performance Evaluation for Lightweight IDS Using Fog Computing in IoT Security vol.10, pp.14, 2021, https://doi.org/10.3390/electronics10141633