Research on methods of network connection based anomaly intrusion detection

The KDD 99 Cup dataset, widely used in many anomaly intrusion detection researches, is a kind of off-line simulation system and not suit to on-line intrusion detection. In this paper, an on-line network based intrusion detection simulation environment was established and several methods for anomaly intrusion detection were presented. We first chose SVM as the detector to classify the incoming connection and performed 5-folds cross-validation to tune the parameter of SVM. Then we adopted rough sets to classify the same dataset for comparison and RFE-SVM to select import features for intrusion detector. The experimental results indicate that the extracted features are reasonably selected and the SVM detect engine works and yields better performance in anomaly detection.