Fusion of ANN and SVM Classifiers for Network Attack Detection
This work addresses cybercrime detection for network security, but it is incremental as it builds on existing ANN and SVM methods.
The paper tackles network attack detection by combining artificial neural network (ANN) and support vector machine (SVM) classifiers to classify TCP connections as normal or suspicious, showing promising results in experiments using the NSL-KDD DARPA dataset.
With the progressive increase of network application and electronic devices (computers, mobile phones, android, etc.) attack and intrusion, detection has become a very challenging task in cybercrime detection area. in this context, most of the existing approaches of attack detection rely mainly on a finite set of attacks. These solutions are vulnerable, that is, they fail in detecting some attacks when sources of informations are ambiguous or imperfect. However, few approaches started investigating in this direction. This paper investigates the role of machine learning approach (ANN, SVM) in detecting a TCP connection traffic as a normal or a suspicious one. But, using ANN and SVM is an expensive technique individually. In this paper, combining two classifiers are proposed, where artificial neural network (ANN) classifier and support vector machine (SVM) are both employed. Additionally, our proposed solution allows to visualize obtained classification results. Accuracy of the proposed solution has been compared with other classifier results. Experiments have been conducted with different network connections selected from NSL-KDD DARPA dataset. Empirical results show that combining ANN and SVM techniques for attack detection is a promising direction.