Loughborough University
Leicestershire, UK
LE11 3TU
+44 (0)1509 263171
Loughborough University

Loughborough University Institutional Repository

Please use this identifier to cite or link to this item: https://dspace.lboro.ac.uk/2134/26536

Title: Support vector machine for network intrusion and cyber-attack detection
Authors: Ghanem, Kinan
Aparicio-Navarro, Francisco J.
Kyriakopoulos, Konstantinos G.
Lambotharan, Sangarapillai
Chambers, Jonathon
Keywords: Classification algorithms
Cyber security
Intrusion detection systems
Machine learning techniques
Network security
Support vector machine
SVM
Issue Date: 2017
Publisher: IEEE
Citation: GHANEM, K. ...et al., 2017. Support vector machine for network intrusion and cyber-attack detection. Presented at the Sensor Signal Processing for Defence (SSPD2017), London, 6-7th December.
Abstract: Cyber-security threats are a growing concern in networked environments. The development of Intrusion Detection Systems (IDSs) is fundamental in order to provide extra level of security. We have developed an unsupervised anomaly-based IDS that uses statistical techniques to conduct the detection process. Despite providing many advantages, anomaly-based IDSs tend to generate a high number of false alarms. Machine Learning (ML) techniques have gained wide interest in tasks of intrusion detection. In this work, Support Vector Machine (SVM) is deemed as an ML technique that could complement the performance of our IDS, providing a second line of detection to reduce the number of false alarms, or as an alternative detection technique. We assess the performance of our IDS against one-class and two-class SVMs, using linear and non-linear forms. The results that we present show that linear two-class SVM generates highly accurate results, and the accuracy of the linear one-class SVM is very comparable, and it does not need training datasets associated with malicious data. Similarly, the results evidence that our IDS could benefit from the use of ML techniques to increase its accuracy when analysing datasets comprising of non-homogeneous features.
Description: This paper is in closed access until it is published.
Sponsor: This work was supported by the Engineering and Physical Sciences Research Council (EPSRC) Grant number EP/K014307/2 and the MOD University Defence Research Collaboration in Signal Processing.
Version: Accepted for publication
URI: https://dspace.lboro.ac.uk/2134/26536
Publisher Link: http://ieeexplore.ieee.org/Xplore/home.jsp
Appears in Collections:Closed Access (Mechanical, Electrical and Manufacturing Engineering)

Files associated with this item:

File Description SizeFormat
Support Vector Machine for Network Intrusion and Cyber-Attack Detection.pdfAccepted version537.29 kBAdobe PDFView/Open

 

SFX Query

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.