SVM for network anomaly detection using ACO feature subset

Over the past short time, network security facing a lot of challenges. Confidentiality, integrity, and availability are the major concerns of the data. To cope with this problem different systems have been developed and the systems are known as Intrusion detection systems. Intrusion detection system detects the violation of confidentiality, integrity, and availability of the data. Intrusion detection systems are developed on the bases of two different detection techniques, signature-based technique and anomaly-based technique. Classification approach has been widely adopted for the development of the anomaly detection model to classify the data into normal class and attack class. But irrelevant and redundant features are the obstacle for classification algorithm to build an efficient detection model. This paper proposes a detection model, ant system with support vector machine, which uses ant system, a variation of ant colony optimization, to filter out the redundant and irrelevant features for support vector machine classification algorithm. KDD99, which is a benchmark dataset used for anomaly detection, has been adopted here. Each instance in KDD99 has been represented by 41 features which also has some redundant or irrelevant features. Ant system has been used to remove those redundant and irrelevant features. The selected feature subset using ant system is then validated using support vector machine. The experimental results showed that the performance of the classification algorithm, when trained with the reduced feature set, has been improved. The performance measures used in this comparison are true positive rate, false positive rate, and precision.