A comparative analysis of SVM and its stacking with other classification algorithm for intrusion detection

• Published in: 2016 International Conference on Advances in Computing, Communication, & Automation (ICACCA) (Spring) pp. 1 - 6
• Main Authors: Chand, Nanak, Mishra, Preeti, Krishna, C. Rama, Pilli, Emmanuel Shubhakar, Govil, Mahesh Chandra
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.04.2016
• Subjects: Algorithm design and analysis; Data mining; Intrusion detection; Machine Learning; Machine learning algorithms; Multi-Classifier; Support vector machines; Training; Vegetation
• DOI: 10.1109/ICACCA.2016.7578859

Network attacks have become more pervasive in the cyber world. There are various attacks such as denial of service, scanning, privilege escalation that is increasing day by day leading towards the requirement of a more robust and adaptable security techniques. Anomaly detection is the main focus of our paper. Support Vector Machine (SVM) is one of the good classification algorithm applied specially for intrusion detection. However, its performance can be significantly improved when it is applied in integration with other classifiers. In this paper, we have performed a comparative analysis of SVM classifier's performance when it is stacked with other classifiers like BayesNet, AdaBoost, Logistic, IBK, J48, RandomForest, JRip, OneR and SimpleCart. Multi-Classifier algorithm have better classification power when compared to a single classifier algorithm specially for detecting low frequency attacks such as guess password, rootkits, spyware etc. Our preliminary analysis over NSL-KDD'99 dataset shows that stacking of SVM and Random Forest provides the best performance with accuracy of around 97.50% which apparently better than SVM (91.81%).