一种基于多分类支持向量机的网络入侵检测方法

构造了一种基于异构数据距离的径向基核函数，可直接应用于异构的网络数据，并利用实验数据得到修正的基于异构数据距离的径向基核函数(I-HVDM-RBF)，从而减少了支持向量的个数，降低了运算量，采用I-HVDM-RBF核函数和一对一方法构造了多分类支持向量机来进行网络入侵检测，检测选用美国国防部高级研究计划局入侵检测评测数据，结果表明：与Ambwani方法比较，其检测精度提高了约3％，支持向量个数减少了268个，检测时间缩短了5min；与Lee方法比较，其拒绝服务攻击、远程到本地攻击和普通用户到超级用户攻击的检测精度分别高出73％、19％和3％。

Network Intrusion Detection Method Based on Multi-Class Support Vector Machine

Based on heterogeneous value difference metric (HVDM), a radial basis function (RBF) named HVDM-RBF, was constructed to deal with heterogeneous network data directly. Using the experimental data, an improved HVDM-RBF was obtained as a new kernel function, I-HVDM-RBF, which decreases the number of support vectors and reduces the workload. The multi-class support vector machine was designed to detect network intrusion by using one-against-one method and I-HVDM-RBF. Defense Advanced Research Projects Agency intrusion detection evaluating data was used for detecting. The testing results show that the detection precision is increased by 3%, the number of support vectors and testing time are decreased about 268 and 5 minutes respectively by contrast with the Ambwani method and the detection precisions of denial-of-serve, remote-to-local, and user-to-root attacks are improved about 73%, 19% and 3% respectively compared with the method of Lee, which confirms the good performance of the proposed method.