An Intrusion Detection Method Based on Multiple Kernel Support Vector Machine

Abstract

Network intrusion data has the characters such as small sample, nonlinear and high dimension, so the detection performance of single kernel support vector machine (SK-SVM) is instability. The choice of kernel function and relative parameters plays an important role in SK-SVM. It greatly influences the generalization performance of SK-SVM. According to the limitation of SK-SVM, in this paper we present an intrusion detection method based on multiple kernel support vector machine (MK-SVM). MK-SVM can calculate the weights of kernel functions and Lagrange multipliers simultaneously through semi-infinite linear programming, and thus achieve the choice of kernel functions and the optimization of classifier. Furthermore, in order to reduce the time and space required of this method, we adopt feature selection and clustering method in the process of input data preprocessing. The experimental results using KDD CUP 1999 show that our method has better adaptability and higher detection accuracy than the method based on SK-SVM.