Professional Documents
Culture Documents
I.
INTRODUCTION
1467
CHANGCHUN, CHINA
method replacing the full with the nearest border vectors needs
further improvement.
B. Cloud Boundary Vectors
SV is certainly in the area close to the heterogeneous, but
not necessarily the nearest, which is the same to stable
tendency and randomness of cloud model. The theory of cloud
is introduced in this paper to extract boundary vectors. The
main process is as follows:
For linearly inseparable training set, data is mapped from
the original space : R n H , x ( x) to a high dimensional
feature space H by a nonlinear mapping.
d H ( x, y ) d ( ( x), ( y ))
for i =1 to n
i e
drop( x0 , i )
III.
( x0 Ex ) 2
2 ( En )
K ( x, x ) 2 K ( x, y ) K ( y , y )
i
Let Dmin
be the distance between i and its nearest
ij e
( Dij Ex )2
2 ( En )2
i
En = D i Dmin He En / c . c N 2 in this
Ex = D min
paper as a control parameter, and N is the number of
homogeneous samples. En is a normal distribution random
number with expectation En and variance He . Therefore, the
smaller Dij does not necessarily correspond larger ij ,
reflecting the uncertainty.
1468
i
First, let Ex = Dmin
in order to ensure the vectors near
classification surface vectors tend to larger membership degree.
Set En = D i Dmin to control the cloud coverage and the scope
of the cloud will also increase accordingly with the sample
distance. The stable tendency will be damaged because of too
large He ,and randomness may lost because it is too small.
When He =0, the algorithm degenerated into nearest boundary
f(x)=0
A1
g(x)=0
N1
Noise Samples
Overfitting
Samples
g(x)=0
Cloud Boundary
Vectors
1469
Training sets
samples
EXPERIMENTAL RESULTS
I-SVM
N-ISVM
C-ISVM
Training
time(ms)
rate(%)
Training
time(ms)
Training
Training
time(ms)
rate(%)
Initial set
2999
2999
78
100
2999
78
100
2999
78
100
Incremental set 1
3001
3178
203
94.87
1989
125
93.47
1695
125
93.30
Incremental set 2
2999
3205
422
84.97
2124
313
90.62
1721
310
94.71
Incremental set 2
3001
3247
671
80.81
2200
547
92.50
1798
469
96.29
Table 1 shows that C-ISVM algorithm is superior to ISVM and N-ISVM method in terms of overall performance. In
the aspect of training samples and time, the I-SVM trains all
incremental samples, resulting the largest training number and
time. Such as the first increment, training time is 38.42% more
than others. Although C-ISVM expand the boundary vectors,
the samples violating the KKT conditions are reduced. So the
training set and time is slightly smaller than the N-ISVM; In
the aspect of detection rate, the final rate of C-ISVM is
significantly increased by 15.48% and 3.79% than the NISVM and I-SVM. In the aspect of algorithm stability, the
detection rate of I-SVM is declining as the increment
increasing. N-ISVM maintains higher detection rate, but the
impact of the noise data and the sample over-fitting limites its
classification performance further improving. C-ISVM focuses
on filtering the boundary vectors, and also retains the overall
distribution characteristics of samples. As the samples
gradually improved in follow-up learning process, the
detection rate can maintain a steady rising trend.
REFERENCES
[1]
VII. CONCLUSION
A new incremental SVM method to intrusion detection
based on cloud model is proposed. The cloud membership is
defined to replace characteristic distance,and also KKT
conditions are extended. Experimental results show that the
method effectively reduces the sample set and running time,
while maintaining a high detection performance.
1470