Prior knowledge SVM-based intrusion detection framework

In anomaly intrusion detection, normal profile of target system is built with labeled data sets. But it is time consuming and expensive to label data items. Human knowledge can be used to compensate the lack of labeled data. In this paper, we describe a weighted margin SVM (Support Vector Machine) framework incorporating with pre-defined experienced detection rules to build up normal profile. With the redefinition of data item distance on heterogeneous properties, we use a modified version of LIBSVM to perform model training and detection. We use KDDCup99 ID data set for detection and several metrics are defined to explain effect of detection algorithm which shows our detection framework is more accurate and of good generalization ability than the old ones.