Cyber attack detection system based on improved support vector machine

Abstract

This paper presents a novel cyber attack classification approach using improved Support Vector Machine (iSVM) by modifying Gaussian kernel. The Support Vector Machine (SVM) is based on machine learning technique known to perform well at various pattern recognition tasks; such as image classification, text categorization and handwritten character recognition. The cyber attack detection is basically a pattern classification problem, in which classification of normal pattern is done from the abnormal pattern (attack). Although, traditional SVM is better classifier in terms of fast training, scalable and generalization capability. Performance of traditional SVM is enhanced in this work by modifying Gaussian kernel to enlarge the spatial resolution around the margin by a conformal mapping, so that the separability between attackclasses is increased. It is based on the Riemannian geometrical structure induced by the kernel function. In the proposed method, class specific Cyber Attack Detection System which combines feature reduction technique and improved support vector machine classifier. This technique has two phases, in the first phase we reduced the redundant features of the original KDDCUP2009 dataset by Generalized Discriminant Analysis (GDA). In the second phase we used improved Support VectorMachine (iSVM) classifier to classify the reduced dataset obtained from first phase. Result shows that iSVM gives 100% detection accuracy for Normal and Denial of Service (DOS) classes and comparable to false alarm rate, training, and testing times.