Fuzzy Multi-Class Support Vector Machines for cooperative network intrusion detection

A large number of noise data always exits when obtaining information through Internet, which deteriorates intrusion detection performance. In order to avoid the affection of noise data, data preprocessing needs to be done before the construction of hyperplane in Support Vector Machine (SVM). By importing fuzzy theory into SVM, a new method is proposed for cooperative network intrusion detection. Due to the various attack methods in different network protocol, a fuzzy membership function is formatted under each protocol, which means a unique Multi-Class SVM is suitable for only one network protocol. To implement this approach, a fuzzy Multi-Class-SVM-based cooperative network intrusion detection model with multi-agent architecture is presented in this paper, which is composed of three types of agents corresponding to TCP, UDP, and ICMP protocols, respectively and a statistic-based agent. Moreover, simulation experiments are performed by using KDD CUP 1999 data set while it is shown in the results that the training time can be significantly shortened, storage space requirement can be sharply reduced, and classification accuracy is improved apparently by using the SVM method preprocessing the data.