Intrusion Detection Based on One-class SVM and SNMP MIB data

摘要

To rapidly detect attack and properly do response, a lightweight and fast detection mechanism for traf cooding attacks is proposed, which use SNMP MIB statistical data gathered from SNMP agents, instead of raw packet data from network links and a machine learning approach based on a Support Vector Machine (SVM) for attack classi cation. The involved SNMP MIB variables are selected by an effective feature selection mechanism and gathered effectively by the MIB update time prediction mechanism. Using MIB and SVM, it achieved fast detection with high accuracy, the minimization of the system burden, and extendibility for system deployment. The intrusion detection mechanism with hierarchical structure setup has two phases, whichrst distinguishes attack traf c from normal traf c and then determines the type of attacks in detail. Results of the experiment using MIB datasets collected from real experiments involving a DDoS attack demonstrate that it can be an an effective way for intrusion detection. The network attacks are detected with high ef ciency, and classi ed with low false alarms.