Anomaly detection using Support Vector Machine classification with k-Medoids clustering

摘要

Anomaly based Intrusion Detection System, in the recent years, has become more dependent on learning methods — specially on classifications schemes. To make the classification more accurate and effective, hybrid approaches of combining with clustering techniques are often introduced. In this paper, a better combination is proposed to address problems of the previously proposed hybrid approach of combining k-Means/k-Medoids clustering technique with Naïve Bayes classification. In this new approach, the need of large samples by the previous approach is reduced by using Support Vector Machine while maintaining the high quality clustering of k-Medoids. Simulations have been carried out by using Kyoto2006+ data sets in order to evaluate performance, accuracy, detection rate and false positive rate of the classification scheme. Experiments and analyses show that the new approach is better in increasing the detection rate as well as in decreasing the false positive rate.