Multiple kernel learning method for network anomaly detection

Abstract

The source data of intrusion detection system (IDS) are characteristic of heavy-flow, high-dimension and nonlinearity. A frequent problem in IDS is the choice of the right features that give rise to compact and concise representations of the network data; the other is how to improve the detection efficiency and accuracy of IDS under the small sample conditions. In order to delete the redundant and noisy features, improve the performance of IDS, we present an efficient IDS based on multiple kernel learning (MKL) method. Kernel methods are the effective approaches to intrusion detection problems. MKL methods combined with support vector machines (SVMs) can overcome some practice difficulties of IDS such as irregular data, non-flat distribution of the samples, etc. Experiments on the KDD Cup (1999) intrusion detection data set show that MKL methods have a higher detection rate and a lower false alarm rate compared to single kernel methods.