Improvments of Payload-based Intrusion Detection Models by Using Noise Against Fuzzy SVM

Intrusion detection plays a very important role in network security system. It is proved to analyze the payload of network protocol and to model a payload-based anomaly detector (PAYL) can successfully detect outliers of network servers. This paper extends these works by applying a new noise-reduced fuzzy support vector machine (fSVM) to improve the detection rate at lower false positive rate. The new noisy against fuzzy SVM is applied to analyzing 1-gram, 2-grams and 2v-grams distribution classification of network payloads, which constructs three different intrusion detection models, respectively. These new intrusion detection models employ reconstruction error based fuzzy membership function to reduce the noisy of the data and to solve the sharp boundary problem, respectively. Experimental results based on DARPA data set demonstrated that the proposed schemes can achieve higher detection rate at very low false positive rate than the original and general SVM methods.