Skip to main content
SpringerLink
Log in

Improving Anomalous Rare Attack Detection Rate for Intrusion Detection System Using Support Vector Machine and Genetic Programming

  • Published:
Neural Processing Letters Aims and scope Submit manuscript

Abstract

Commonly addressed problem in intrusion detection system (IDS) research works that employed NSL-KDD dataset is to improve the rare attacks detection rate. However, some of the rare attacks are hard to be recognized by the IDS model due to their patterns are totally missing from the training set, hence, reducing the rare attacks detection rate. This problem of missing rare attacks can be defined as anomalous rare attacks and hardly been solved in IDS literature. Hence, in this letter, we proposed a new classifier to improve the anomalous attacks detection rate based on support vector machine (SVM) and genetic programming (GP). Based on the experimental results, our classifier, GPSVM, managed to get higher detection rate on the anomalous rare attacks, without significant reduction on the overall accuracy. This is because, GPSVM optimization task is to ensure the accuracy is balanced between classes without reducing the generalization property of SVM.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Enache AC, Patriciu V (2014) Applied computational intelligence and informatics (SACI). In: 2014 IEEE 9th international symposium on SACI 2014, pp 153–158. doi:10.1109/SACI.2014.6840052

  2. Jeya PG, Ravichandran M, Ravichandran CS (2012) Efficient classifier for R2L and U2R attacks. Int J Comput Appl 45(21):29

    Google Scholar 

  3. Hou Y, Zheng XF (2011) In: Proceedings of the third international conference on artificial intelligence and computational intelligence—volume part III, AICI’11. Springer, Berlin, pp 340–345

  4. Huang J, Liu J (2012) In: 2012 IEEE fifth international conference on advanced computational intelligence (ICACI), pp 188–190

  5. Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) In: Proceedings of the second IEEE symposium on computational intelligence for security and defence applications 2009

  6. Salvatore WLAP, Stolfo J, Fan Wei, Chan PK (1999) KDD Cup 1999 Data (1999 (accessed 2014)). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  7. Kuang F, Xu W, Zhang S (2014) A novel hybrid KPCA and SVM with GA model for intrusion detection. Appl Soft Comput 18:178

    Article  Google Scholar 

  8. Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method. Exp Syst Appl 39(1):424

    Article  Google Scholar 

  9. Tsai CF, Lin CY (2010) A triangle area based nearest neighbors approach to intrusion detection. Pattern Recognit 43(1):222

    Article  MathSciNet  MATH  Google Scholar 

  10. Vapnik V (2000) The nature of statistical learning theory. Springer, New York

    Book  MATH  Google Scholar 

  11. Deshmukh DH, Ghorpade T, Padiya P (2014) Electronics and communication systems (ICECS). In: 2014 international conference on IEEE, 2014, pp 1–7

  12. Hall MA (1999) Correlation-based feature selection for machine learning. Ph.D. thesis, The University of Waikato

  13. Sharma N, Mukherjee S (2012) A novel multi-classifier layered approach to improve minority attack detection in IDS. Procedia Technol 6:913

    Article  Google Scholar 

  14. Chawla NV, Bowyer KW, Hall LO, Kegelmeyer WP (2002) SMOTE: synthetic minority over-sampling technique. J Artif Int Res 16(1):321

    MATH  Google Scholar 

  15. Tesfahun A, Bhaskari DL (2013) Cloud & ubiquitous computing & emerging technologies (CUBE). In: 2013 international conference on IEEE, 2013, pp 127–132

  16. Veropoulos K, Campbell C, Cristianini N et al (1999) In: Proceedings of the international joint conference on artificial intelligence, vol. 1999, pp 55–60

  17. Koza JR (1994) Genetic programming II: automatic discovery of reusable programs. MIT press, Cambridge

    MATH  Google Scholar 

  18. Loh WY (2011) Classification and regression trees. Wiley Interdiscip Rev: Data Min Knowl Discov 1(1):14

    Google Scholar 

  19. Kujala J, Aho T, Elomaa T (2009) Data mining. In: ICDM’09. Ninth IEEE international conference on IEEE, 2009, pp 836–841

  20. Igel C, Heidrich-Meisner V, Glasmachers T (2008) Shark. J Mach Learn Res 9:993

    MATH  Google Scholar 

  21. Gagné C, Parizeau M (2006) Genericity in evolutionary computation software tools: principles and case study. Int J Artif Intell Tools 15(2):173

    Article  Google Scholar 

  22. Chauhan H, Kumar V, Pundir S, Pilli E (2013) Computational and business intelligence (ISCBI). In: 2013 international symposium on ISCBI, pp 40–43

  23. Liaw A, Wiener M (2002) Classification and regression by randomForest. R news 2(3):18

    Google Scholar 

  24. Bielza C, Larranaga P (2014) Discrete Bayesian network classifiers: a survey. ACM Comput Surv (CSUR) 47(1):5

    Article  MathSciNet  MATH  Google Scholar 

  25. Frank E, Witten IH (1998) Proceedings of the fifteenth international conference on machine learning. In: ICML ’98. Morgan Kaufmann Publishers Inc., San Francisco, pp 144–151. http://dl.acm.org/citation.cfm?id=645527.657305

Download references

Acknowledgments

Ministry of Higher Education Malaysia under Grant 08-02-14-1576FR.

Author information

Authors and Affiliations

  1. Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, Serdang, Malaysia

    Muhammad Syafiq Mohd Pozi, Md Nasir Sulaiman, Norwati Mustapha & Thinagaran Perumal

Authors
  1. Muhammad Syafiq Mohd Pozi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Md Nasir Sulaiman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Norwati Mustapha
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Thinagaran Perumal
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Md Nasir Sulaiman.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Pozi, M.S.M., Sulaiman, M.N., Mustapha, N. et al. Improving Anomalous Rare Attack Detection Rate for Intrusion Detection System Using Support Vector Machine and Genetic Programming. Neural Process Lett 44, 279–290 (2016). https://doi.org/10.1007/s11063-015-9457-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11063-015-9457-y

Keywords

Search

Navigation