Reducing U2R and R2L category false negative rates with support vector machines

• Published in: Serbian journal of electrical engineering Vol. 11; no. 1; pp. 175 - 188
• Main Authors: Macek, Nemanja, Milosavljevic, Milan
• Format: Journal Article
• Language: English
• Published: Faculty of Technical Sciences in Cacak 2014
• Subjects: false negatives; intrusion detection; machine learning; support vector machines
• ISSN: 1451-4869; 2217-7183
• DOI: 10.2298/SJEE131007015M

The KDD Cup '99 is commonly used dataset for training and testing IDS machine learning algorithms. Some of the major downsides of the dataset are the distribution and the proportions of U2R and R2L instances, which represent the most dangerous attack types, as well as the existence of R2L attack instances identical to normal traffic. This enforces minor category detection complexity and causes problems while building a machine learning model capable of detecting these attacks with sufficiently low false negative rate. This paper presents a new support vector machine based intrusion detection system that classifies unknown data instances according both to the feature values and weight factors that represent importance of features towards the classification. Increased detection rate and significantly decreased false negative rate for U2R and R2L categories, that have a very few instances in the training set, have been empirically proven. nema