A SVM-based IDS alarms filtering method

Abstract

In view of the existing IDS are widespread the problem of high false alarm rate, this paper proposes a kind of alarm information filtering method of IDS based on support vector machine (SVM). The method consists of two parts, training, and data prediction. Model training including parsing command line parameters, read the training sample, select the appropriate penalty coefficient, kernel function and kernel parameter, statistical types and the number of each type of sample, sample training data grouping, using the minimum sequence optimization algorithm C - SVM classifier model. Training data to predict including read alarm data and based on the model of C - SVM classifier model calculation values of decision alarm data. Theoretical analysis and experimental data show that the rational selection of kernel function and kernel parameters and the training data set, this method can effectively reduce the intrusion detection system false alarm rate.