A Model Based on Hybrid Support Vector Machine and Self-Organizing Map for Anomaly Detection

Abstract

For solving the problem of less information getting about unknown intrusions in anomaly detection, a model based on hybrid SVM/SOM is proposed. Firstly, C-SVM is used to find out the anomalous connections, and then, a packet filtering scheme is used to remove the known intrusions, which is performed by one-class SVM, after that, the identified unknown intrusions are projected onto the output grid by SOM. Finally, the experimental results, which use kddcup99 dataset, show high detection rate with low false rate and can get more information about the unknown intrusion.