Intrusion detection using a hybrid support vector machine based on entropy and TF-IDF

The main functions of an Intrusion Detection System (IDS) are to protect computer networks by analyzing and predicting the actions of processes. Though IDS has been developed for many years, the large number of alerts makes the system inefficient. In this paper, we proposed a classification method based on Support Vector Machines (SVM) with a weighted voting schema to detect intrusions. First, the entropy and TF-IDF (term frequency and inverse documents frequency) features are extracted from processes. Next, entropy and TF-IDF features are sent to the SVM model for learning and testing. Finally, we use a voting schema named Weighted Voting SVM (WV-SVM) to determine whether a process is an intrusion. Our experiments demonstrate improved efficiency.