Improved incremental Support Vector Machine with hybrid feature selection for network intrusion detection

Network intrusion detection plays an important role in network security, and this paper presents an approach of hybrid feature selection combined with improved incremental Support Vector Machine (SVM) classification. First, Density-Based Spatial Clustering of Applications with Noise (DBSCAN) is used to trim the original dataset, and a feature selection method, called GATS, which is based upon Genetic Algorithm (GA) embedded tabu search (TS), is used to extract the optimal subset from the reduced dataset. GATS integrates the concept of tabu list which may increase local search performance. Then, an incremental SVM with reserved set method (R-ISVM) is developed to deal with the problem of intrusion detection. Thirdly, according to the variations of classification hyperplane in incremental training, R-ISVM utilizes a concentric-circle model based reserved set strategy to maintain the samples that are most likely to be support vectors in future computation. Data experiments and comparisons with other popular intrusion detection approaches show that our presented method achieves better performance as well as stability.