An efficient SVM-based method to detect malicious attacks for Web servers

Abstract

In recent years, with the rapid development of network technique and network bandwidth, the network attacking events for web servers such as DOS/PROBE are becoming more and more frequent. In order to detect these types of intrusions in the new network environment more efficiently, this paper applies new machine learning methods to intrusion detection and proposes an efficient algorithm based on vector quantization and support vector machine for intrusion detection (VQ-SVM). The algorithm firstly reduces the network auditing dataset by using VQ techniques, produces a codebook as the training example set, and then adopts fast training algorithm for SVM to build intrusion detection model on the codebook. The experiment results indicate that the combined algorithm of VQ-SVM can greatly improve the learning and detecting efficiency of the traditional SVM-based intrusion detection model. © Springer-Verlag Berlin Heidelberg 2006.