A distance sum-based hybrid method for intrusion detection

Intrusion detection systems based on a hybrid approach have attracted considerable interest from researchers. Hybrid classifiers are able to provide improved detection accuracy, but usually have a complex structure and high computational costs. In this research, we propose a new and easy-to-implement hybrid learning method, named distance sum-based support vector machine (DSSVM), which can be used as an effective intrusion detection model. In DSSVM, we introduce the distance sum, a correlation between each data sample and cluster centers. Consider a data set represented by n-dimensional feature vectors, each distance sum for a data sample in the data set is obtained from the distances between this data sample and k-1 of k cluster centers found by a clustering algorithm. A new data set representing the features of these distance sums is formed and used to train a support vector machine classifier. By applying DSSVM to the KDD'99 data set, our experimental results show that the proposed hybrid method performs well in both detection performance and computational cost, which suggests it is a competitive candidate for intrusion detection. In addition, we also use six databases with different numbers of features, classes, and data samples to further validate the effectiveness of our method for some other pattern recognition problems.