Skip to Main Content
The traditional intrusion detection system (IDS) generally use the misuse detection model based on rules because this model has low false alarm rate. But the disadvantage of this model is that it could not detect the new attacks, even the variation of existed ones. In this paper we proposed a novel model based on KPCA and SVM to solve the mentioned problem above. Different from traditional IDS, we added a pre-process module before the classifier. We use principal components extracted from the input data using KPCA, which is the main part of the pre-process module, as input of the SVM classifier that differentiates the normal and abnormal actions. Applying proposed system to KDDCUP99 data, experimental results clearly demonstrate that this model has a remarkable performance in detecting both existed intrusions and mutated ones.