Artificial intelligent techniques for intrusion detection

This paper concerns using support vector machines (SVMs) and artificial neural networks (ANNs) for intrusion detection. We investigate and compare the performance of IDSs using SVMs and ANNs, using a well-known set of intrusion evaluation data gathered by DARPA. Through a variety of comparative experiments, it is found that, with appropriately chosen kernel functions, SVMs outperform ANNs in at least three critical aspects of IDS performance: (1) Accuracy - SVMs achieve very-high accuracy (in the high 90% range) than the best-trained ANNs, (2) Training Time and Testing Time - SVMs´ training time and testing time are an order of magnitude faster than ANNs´, and (3) Scalability - SVMs scale much better than ANNs. SVMs, therefore, provide suitable tools for building signature-based IDSs. We describe our investigation methodology, report experimental results, and conclude by describing an ongoing effort of a SVM and agents-based IDS that delivers enhanced performance, that possesses enhanced intrusion response capability and that is applicable to wireless networks.