Abstract
Commonly addressed problem in intrusion detection system (IDS) research works that employed NSL-KDD dataset is to improve the rare attacks detection rate. However, some of the rare attacks are hard to be recognized by the IDS model due to their patterns are totally missing from the training set, hence, reducing the rare attacks detection rate. This problem of missing rare attacks can be defined as anomalous rare attacks and hardly been solved in IDS literature. Hence, in this letter, we proposed a new classifier to improve the anomalous attacks detection rate based on support vector machine (SVM) and genetic programming (GP). Based on the experimental results, our classifier, GPSVM, managed to get higher detection rate on the anomalous rare attacks, without significant reduction on the overall accuracy. This is because, GPSVM optimization task is to ensure the accuracy is balanced between classes without reducing the generalization property of SVM.
Similar content being viewed by others
References
Enache AC, Patriciu V (2014) Applied computational intelligence and informatics (SACI). In: 2014 IEEE 9th international symposium on SACI 2014, pp 153–158. doi:10.1109/SACI.2014.6840052
Jeya PG, Ravichandran M, Ravichandran CS (2012) Efficient classifier for R2L and U2R attacks. Int J Comput Appl 45(21):29
Hou Y, Zheng XF (2011) In: Proceedings of the third international conference on artificial intelligence and computational intelligence—volume part III, AICI’11. Springer, Berlin, pp 340–345
Huang J, Liu J (2012) In: 2012 IEEE fifth international conference on advanced computational intelligence (ICACI), pp 188–190
Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) In: Proceedings of the second IEEE symposium on computational intelligence for security and defence applications 2009
Salvatore WLAP, Stolfo J, Fan Wei, Chan PK (1999) KDD Cup 1999 Data (1999 (accessed 2014)). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Kuang F, Xu W, Zhang S (2014) A novel hybrid KPCA and SVM with GA model for intrusion detection. Appl Soft Comput 18:178
Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method. Exp Syst Appl 39(1):424
Tsai CF, Lin CY (2010) A triangle area based nearest neighbors approach to intrusion detection. Pattern Recognit 43(1):222
Vapnik V (2000) The nature of statistical learning theory. Springer, New York
Deshmukh DH, Ghorpade T, Padiya P (2014) Electronics and communication systems (ICECS). In: 2014 international conference on IEEE, 2014, pp 1–7
Hall MA (1999) Correlation-based feature selection for machine learning. Ph.D. thesis, The University of Waikato
Sharma N, Mukherjee S (2012) A novel multi-classifier layered approach to improve minority attack detection in IDS. Procedia Technol 6:913
Chawla NV, Bowyer KW, Hall LO, Kegelmeyer WP (2002) SMOTE: synthetic minority over-sampling technique. J Artif Int Res 16(1):321
Tesfahun A, Bhaskari DL (2013) Cloud & ubiquitous computing & emerging technologies (CUBE). In: 2013 international conference on IEEE, 2013, pp 127–132
Veropoulos K, Campbell C, Cristianini N et al (1999) In: Proceedings of the international joint conference on artificial intelligence, vol. 1999, pp 55–60
Koza JR (1994) Genetic programming II: automatic discovery of reusable programs. MIT press, Cambridge
Loh WY (2011) Classification and regression trees. Wiley Interdiscip Rev: Data Min Knowl Discov 1(1):14
Kujala J, Aho T, Elomaa T (2009) Data mining. In: ICDM’09. Ninth IEEE international conference on IEEE, 2009, pp 836–841
Igel C, Heidrich-Meisner V, Glasmachers T (2008) Shark. J Mach Learn Res 9:993
Gagné C, Parizeau M (2006) Genericity in evolutionary computation software tools: principles and case study. Int J Artif Intell Tools 15(2):173
Chauhan H, Kumar V, Pundir S, Pilli E (2013) Computational and business intelligence (ISCBI). In: 2013 international symposium on ISCBI, pp 40–43
Liaw A, Wiener M (2002) Classification and regression by randomForest. R news 2(3):18
Bielza C, Larranaga P (2014) Discrete Bayesian network classifiers: a survey. ACM Comput Surv (CSUR) 47(1):5
Frank E, Witten IH (1998) Proceedings of the fifteenth international conference on machine learning. In: ICML ’98. Morgan Kaufmann Publishers Inc., San Francisco, pp 144–151. http://dl.acm.org/citation.cfm?id=645527.657305
Acknowledgments
Ministry of Higher Education Malaysia under Grant 08-02-14-1576FR.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Pozi, M.S.M., Sulaiman, M.N., Mustapha, N. et al. Improving Anomalous Rare Attack Detection Rate for Intrusion Detection System Using Support Vector Machine and Genetic Programming. Neural Process Lett 44, 279–290 (2016). https://doi.org/10.1007/s11063-015-9457-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11063-015-9457-y