Browse > Article
http://dx.doi.org/10.3837/tiis.2017.08.016

A Novel Kernel SVM Algorithm with Game Theory for Network Intrusion Detection  

Liu, Yufei (College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics)
Pi, Dechang (College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.11, no.8, 2017 , pp. 4043-4060 More about this Journal
Abstract
Network Intrusion Detection (NID), an important topic in the field of information security, can be viewed as a pattern recognition problem. The existing pattern recognition methods can achieve a good performance when the number of training samples is large enough. However, modern network attacks are diverse and constantly updated, and the training samples have much smaller size. Furthermore, to improve the learning ability of SVM, the research of kernel functions mainly focus on the selection, construction and improvement of kernel functions. Nonetheless, in practice, there are no theories to solve the problem of the construction of kernel functions perfectly. In this paper, we effectively integrate the advantages of the radial basis function kernel and the polynomial kernel on the notion of the game theory and propose a novel kernel SVM algorithm with game theory for NID, called GTNID-SVM. The basic idea is to exploit the game theory in NID to get a SVM classifier with better learning ability and generalization performance. To the best of our knowledge, GTNID-SVM is the first algorithm that studies ensemble kernel function with game theory in NID. We conduct empirical studies on the DARPA dataset, and the results demonstrate that the proposed approach is feasible and more effective.
Keywords
Network intrusion detection; SVM; Kernel method; Game theory; Nash equilibrium;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 M. M. a. M. V. Valter Vasic, "Lightweight and adaptable solution for security agility," KSII Transactions on Internet and Information Systems, vol. 10, pp. 1212-1228, March, 2016.
2 M. Jo, L. Han, D. Kim, and H. P. In, "Selfish attacks and detection in cognitive radio Ad-Hoc networks," IEEE Network, vol. 27, pp. 46-50, June, 2013.   DOI
3 Z. Qi, Y. Tian, and Y. Shi, "Robust twin support vector machine for pattern classification," Pattern Recognition, vol. 46, pp. 305-316, January, 2013.   DOI
4 S. Maji, A. C. Berg, and J. Malik, "Efficient Classification for Additive Kernel SVMs," IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 35, pp. 66-77, January, 2013.   DOI
5 Y. Zhang, J. Duchi, and M. Wainwright, "Divide and conquer kernel ridge regression: a distributed algorithm with minimax optimal rates," Journal of Machine Learning Research, vol. 16, pp. 3299-3340, December, 2015.
6 S. F. Jianjun Li, Zhihui Wang, Haojie Li and Chin-Chen Chang, "An Optimized CLBP Descriptor Based on a Scalable Block Size for Texture Classification," KSII Transactions on Internet and Information Systems, vol. 11, pp. 288-301, January, 2017.
7 X. Zhang and M. H. Mahoor, "Task-dependent multi-task multiple kernel learning for facial action unit detection," Pattern Recognition, vol. 51, pp. 187-196, March, 2016.   DOI
8 S. Hare, S. Golodetz, A. Saffari, V. Vineet, M. M. Cheng, S. L. Hicks, et al., "Struck: Structured Output Tracking with Kernels," IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 38, pp. 2096-2109, December, 2015.
9 H. Xue, S. Chen, and Q. Yang, "Structural Regularized Support Vector Machine: A Framework for Structural Large Margin Classifier," IEEE Transactions on Neural Networks, vol. 22, pp. 573-587, April, 2011.   DOI
10 Myerson RB. Game Theory. Harvard University Press Books, 2013.
11 C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel, and M. Rajarajan, "A survey of intrusion detection techniques in Cloud," Journal of Network and Computer Applications, vol. 36, pp. 42-57, January, 2013.   DOI
12 S. Mukkamala, G. Janoski, and A. Sung, "Intrusion detection using neural networks and support vector machines," in Proc. of Neural Networks, 2002. IJCNN '02. Proceedings of the 2002 International Joint Conference on, pp. 1702-1707, May 12-17, 2002.
13 M. Ektefa, S. Memar, F. Sidi, and L. S. Affendey, "Intrusion detection using data mining techniques," in Proc. of 2010 International Conference on Information Retrieval & Knowledge Management (CAMP), pp. 200-203, March 17-18, 2010.
14 W. Hu, Y. Liao, and V. R. Vemuri, "Robust Support Vector Machines for Anomaly Detection in Computer Security," in Proc. of International Conference on Machine Learning and Applications - Icmla 2003, pp. 168-174, June 23-24, 2003.
15 S.-J. Horng, M.-Y. Su, Y.-H. Chen, T.-W. Kao, R.-J. Chen, J.-L. Lai, et al., "A novel intrusion detection system based on hierarchical clustering and support vector machines," Expert Systems with Applications, vol. 38, pp. 306-313, January, 2011.   DOI
16 H. LI, X.-H. GUAN, X. ZAN, and C.-Z. HAN, "Network intrusion detection based on support vector machine," Journal of Computer Research and Development, vol. 6, pp. 799-807, June, 2003.
17 K. L. Li, H. K. Huang, S. F. Tian, Z. P. Liu, and Z. Q. Liu, "Fuzzy multi-class support vector machine and application in intrusion detection," Chinese Journal of Computers, vol. 28, pp. 274-280, February, 2005.
18 H. Chih-Wei and L. Chih-Jen, "A comparison of methods for multiclass support vector machines," IEEE Transactions on Neural Networks, vol. 13, pp. 415-425, August, 2002.   DOI
19 C.-C. Chang and C.-J. Lin, "LIBSVM: A library for support vector machines," ACM Trans. Intell. Syst. Technol., vol. 2, pp. 1-27, April, 2011.
20 P. J. Reny, "Nash equilibrium in discontinuous games," Economic Theory, vol. 61, pp. 553-569, March, 2016.   DOI
21 J. Chorowski, J. Wang, and J. M. Zurada, "Review and performance comparison of SVM- and ELM-based classifiers," Neurocomputing, vol. 128, pp. 507-516, March, 2014.   DOI
22 J. M. Fossaceca, T. A. Mazzuchi, and S. Sarkani, "MARK-ELM: Application of a novel Multiple Kernel Learning framework for improving the robustness of Network Intrusion Detection," Expert Systems with Applications, vol. 42, pp. 4062-4080, May, 2015.   DOI
23 R. P. Lippmann and R. K. Cunningham, "Guide to Creating Stealthy Attacks for the 1999 DARPA Off-Line Intrusion Detection Evaluation," Computer Networks, vol. 34, pp. 579-595, January, 1999.
24 W. Hu, J. Gao, Y. Wang, O. Wu, and S. Maybank, "Online Adaboost-Based Parameterized Methods for Dynamic Distributed Network Intrusion Detection," IEEE Transactions on Cybernetics, vol. 44, pp. 66-82, January, 2014.   DOI
25 J. Kevric, S. Jukic, and A. Subasi, "An effective combining classifier approach using tree algorithms for network intrusion detection," Neural Computing and Applications, pp. 1-8, June, 2016.
26 D. R. Wilson and T. R. Martinez, "Improved heterogeneous distance functions," Journal of Artificial Intelligence Research, vol. 6, pp. 1-34, June, 2000.
27 S. Rastegari, P. Hingston, and C.-P. Lam, "Evolving statistical rulesets for network intrusion detection," Applied Soft Computing, vol. 33, pp. 348-359, August, 2015.   DOI
28 M.-H. Chen, P.-C. Chang, and J.-L. Wu, "A population-based incremental learning approach with artificial immune system for network intrusion detection," Engineering Applications of Artificial Intelligence, vol. 51, pp.171-181, May, 2016.   DOI
29 J. Wei, R. Zhang, J. Liu, X. Niu, and Y. Yang, "Defense Strategy of Network Security based on Dynamic Classification," Ksii Transactions on Internet & Information Systems, vol. 9, pp. 5116-5134, December, 2015.
30 C.-F. Tsai, Y.-F. Hsu, C.-Y. Lin, and W.-Y. Lin, "Intrusion detection by machine learning: A review," Expert Systems with Applications, vol. 36, pp. 11994-12000, December, 2009.   DOI