Open Access  Subscription or Fee Access

As the communication industry has connected distant corners of the globe using advances in network technology, intruders or attackers have also increased attacks on networking infrastructure commensurately. System administrators can attempt to prevent such attacks by using intrusion detection tools and systems. In recent years Machine Learning (ML) algorithms has been gaining popularity in Intrusion Detection System (IDS). Support Vector Machines (SVM) has become one of the popular ML algorithm used for intrusion detection due to their good generalization nature and the ability to overcome the curse of dimensionality. As quoted by different researchers number of dimensions still affects the performance of SVM-based IDS. Another issue quoted is that SVM treats every feature of data equally. In real intrusion detection datasets, many features are redundant or less important. It would be better if we consider feature weights during SVM training. This paper presents a study that incorporates Information Gain Ratio (IGR) and K-mean algorithm to SVM for intrusion detection. In purposed framework NSL-KDD dataset is ranked using IGR and later feature subset selection is done using K-mean algorithm.

Support Vector Machines, K-Nearest Neighbor Algorithm, Information Gain Ratio, Feature Ranking and Selection, Intrusion Detection System.

Jackson, T., Levine, J., Grizzard, J., and Owen, H. (2004). An investigation of a compromised host on a honeynet being used to increase the security of a large enterprise network.In Proceedings of the 2004 IEEE Workshop on Information Assurance and Security.

D. Dennin,(1987) “An intrusion-detection model”, IEEE Transactions on Software Engineering.

Pfleeger, C. and Pfleeger, S. (2003).Security in computing .Prentice Hall.

J. Frank, (1994) “Machine learning and intrusion detection: Current and future directions,” in Proceedings of the National 17th Computer Security Conference, Washington, D.C.

Bauer, D. S., & Koblentz, M. E. (1988). NIDX – an expert system for real-time network intrusion detection.