Browse > Article
http://dx.doi.org/10.3837/tiis.2018.10.027

Using weighted Support Vector Machine to address the imbalanced classes problem of Intrusion Detection System  

Alabdallah, Alaeddin (Computer Engineering Dept., Faculty of E&IT, An-Najah National University)
Awad, Mohammed (Computer Systems Engineering Dept., Faculty of E&IT, Arab American University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.12, no.10, 2018 , pp. 5143-5158 More about this Journal
Abstract
Improving the intrusion detection system (IDS) is a pressing need for cyber security world. With the growth of computer networks, there are constantly daily new attacks. Machine Learning (ML) is one of the most important fields which have great contribution to address the intrusion detection issues. One of these issues relates to the imbalance of the diverse classes of network traffic. Accuracy paradox is a result of training ML algorithm with imbalanced classes. Most of the previous efforts concern improving the overall accuracy of these models which is truly important. However, even they improved the total accuracy of the system; it fell in the accuracy paradox. The seriousness of the threat caused by the minor classes and the pitfalls of the previous efforts to address this issue is the motive for this work. In this paper, we consolidated stratified sampling, cost function and weighted Support Vector Machine (WSVM) method to address the accuracy paradox of ID problem. This model achieved good results of total accuracy and superior results in the small classes like the User-To-Remote and Remote-To-Local attacks using the improved version of the benchmark dataset KDDCup99 which is called NSL-KDD.
Keywords
Intrusion detection system; Weighted Support Vector Machine; Stratified sampling; Cost function; NSL-KDD;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Cisco, "Cisco 2016 annual security report," Cisco, 2016.
2 R. Alejo, J. M. Sotoca and G. A. Casan, "An empirical study for the multi-class imbalance problem with neural networks," in Proc. of Iberoamerican Congress on Pattern Recognition, 2008.
3 M. N. Abdurrazaq, B. Rahardjo and R. T. Bambang, "Improving performance of network scanning detection through PCA-based feature selection," in Proc. of Information Technology Systems and Innovation (ICITSI), 2014 International Conference on, 2014.
4 S. Anu and K. P. M. Kumar, "Hybrid Network Intrusion Detection for DoS Attacks," Analysis (PCA), vol. 5, 2016.
5 P. Laskov, P. Düssel, C. Schäfer and K. Rieck, "Learning intrusion detection: supervised or unsupervised?," in Proc. of International Conference on Image Analysis and Processing, 2005.
6 R. A. R. Ashfaq, X.-Z. Wang, J. Z. Huang, H. Abbas and Y.-L. He, "Fuzziness based semisupervised learning approach for intrusion detection system," Information Sciences, vol. 378, pp. 484-497, 2017.   DOI
7 R. Walters, "heritage," The heritage Foundation, 27 October 2014 . [Online]. Available: [Accessed 17 2 2017].
8 S. M. Bellovin, "A look back at" security problems in the tcp/ip protocol suite," in Proc. of Computer Security Applications Conference, 2004. 20th Annual, 2004.
9 D. Munjin and J.-H. Morin, "Toward internet of things application markets," in Proc. of Green Computing and Communications (GreenCom), 2012 IEEE International Conference on, 2012.
10 W. L. Al-Yaseen, Z. A. Othman and M. Z. A. Nazri, "Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system," Expert Systems with Applications, vol. 67, pp. 296-303, 2017.   DOI
11 J. M. Fossaceca, T. A. Mazzuchi and S. Sarkani, "MARK-ELM: Application of a novel Multiple Kernel Learning framework for improving the robustness of Network Intrusion Detection," Expert Systems with Applications, vol. 42, pp. 4062-4080, 2015.   DOI
12 C. C. Aggarwal, Data mining: the textbook, Springer, 2015.
13 M. Tavallaee, E. Bagheri, W. Lu and A.-A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set," in Proc. of Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications 2009, 2009.
14 C. Cortes and V. Vapnik, "Support-vector networks," Machine learning, vol. 20, pp. 273-297, 1995.
15 I. Homoliak, D. Breitenbacher and P. Hanacek, "Convergence Optimization of Backpropagation Artificial Neural Network Used for Dichotomous Classification of Intrusion Detection Dataset," Journal of Computers (JCP), vol. 12, pp. 143--155, 2017.
16 "Wikipedia," July 2012. [Online]. Available: [Accessed 9 2 2017].
17 C.-C. Chang and C.-J. Lin, "LIBSVM: a library for support vector machines," ACM Transactions on Intelligent Systems and Technology (TIST), vol. 2, p. 27, 2011.
18 H. Daume III, "A course in Machine Learning," Publisher, ciml.info , vol. 5, p. 69, 2012.
19 R. Sommer and V. Paxson, "Outside the closed world: On using machine learning for network intrusion detection," in Proc. of Security and Privacy (SP), 2010 IEEE Symposium on, 2010.
20 M. H. Bhuyan, D. K. Bhattacharyya and J. K. Kalita, "Network anomaly detection: methods, systems and tools," Ieee communications surveys \& tutorials, vol. 16, pp. 303-336, 2014.   DOI
21 S. Revathi and A. Malathi, "A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection," International Journal of Engineering Research and Technology. ESRSA Publications, 2013.
22 P. Aggarwal and S. K. Sharma, "Analysis of KDD Dataset Attributes-Class wise for Intrusion Detection," Procedia Computer Science, vol. 57, pp. 842-851, 2015.   DOI
23 J. K. Bains, K. K. Kaki and K. Sharma, "Intrusion Detection System with Multi Layer using Bayesian Networks," International Journal of Computer Applications, vol. 67, 2013.
24 A.-C. Enache and V. V. Patriciu, "Intrusions detection based on support vector machine optimized with swarm intelligence," in Proc. of Applied Computational Intelligence and Informatics (SACI), 2014 IEEE 9th International Symposium on, 2014.
25 S.-Y. Ji, B.-K. Jeong, S. Choi and D. H. Jeong, "A multi-level intrusion detection method for abnormal network behaviors," Journal of Network and Computer Applications, vol. 62, pp. 9-17, 2016.   DOI
26 C. Thomas, "Improving intrusion detection for imbalanced network traffic," Security and Communication Networks, vol. 6, pp. 309-324, 2013.   DOI
27 M. Ahmed, A. N. Mahmood and J. Hu, "A survey of network anomaly detection techniques," Journal of Network and Computer Applications, vol. 60, pp. 19-31, 2016.   DOI
28 W. Zong, G.-B. Huang and Y. Chen, "Weighted extreme learning machine for imbalance learning," Neurocomputing, vol. 101, pp. 229-242, 2013.   DOI