Support vector machine for network intrusion and cyber-attack detection

Ghanem, Kinan; Aparicio-Navarro, Francisco J.; Kyriakopoulos, Kostas; Lambotharan, Sangarapillai; Chambers, Jonathon

Support Vector Machine for Network Intrusion and Cyber-Attack Detection.pdf (537.29 kB)

Support vector machine for network intrusion and cyber-attack detection

conference contribution

posted on 2017-09-19, 09:12 authored by Kinan Ghanem, Francisco J. Aparicio-Navarro, Kostas KyriakopoulosKostas Kyriakopoulos, Sangarapillai LambotharanSangarapillai Lambotharan, Jonathon Chambers

Cyber-security threats are a growing concern in networked environments. The development of Intrusion Detection Systems (IDSs) is fundamental in order to provide extra level of security. We have developed an unsupervised anomaly-based IDS that uses statistical techniques to conduct the detection process. Despite providing many advantages, anomaly-based IDSs tend to generate a high number of false alarms. Machine Learning (ML) techniques have gained wide interest in tasks of intrusion detection. In this work, Support Vector Machine (SVM) is deemed as an ML technique that could complement the performance of our IDS, providing a second line of detection to reduce the number of false alarms, or as an alternative detection technique. We assess the performance of our IDS against one-class and two-class SVMs, using linear and non-linear forms. The results that we present show that linear two-class SVM generates highly accurate results, and the accuracy of the linear one-class SVM is very comparable, and it does not need training datasets associated with malicious data. Similarly, the results evidence that our IDS could benefit from the use of ML techniques to increase its accuracy when analysing datasets comprising of non-homogeneous features.

Funding

This work was supported by the Engineering and Physical Sciences Research Council (EPSRC) Grant number EP/K014307/2 and the MOD University Defence Research Collaboration in Signal Processing.

History

School

Mechanical, Electrical and Manufacturing Engineering

Published in

Sensor Signal Processing for Defence

Citation

GHANEM, K. ...et al., 2017. Support vector machine for network intrusion and cyber-attack detection. 2017 Sensor Signal Processing for Defence Conference (SSPD2107), London, 6-7 December 2017.

Publisher

IEEE

Version

AM (Accepted Manuscript)

Publisher statement

This work is made available according to the conditions of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) licence. Full details of this licence are available at: https://creativecommons.org/licenses/by-nc-nd/4.0/

Acceptance date

2017-09-06

Publication date

2017

Notes

© IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.