Intrusion Detection Using Honeypot and Support Vector Machine Classifier

Abstract

The rapid growth of internet and web based applications has given rise to the number of attacks on the network. The way the attacker attacks the system differs from one attacker to the other. The sequence of attack or the signature of an attacker should be stored, analyzed and used to generate rules for mitigating future attack attempts. We have deployed honeypot to record the activities of the attacker. While the attacker prepares for an attack, the IDS redirects him to the honeypot. We make the attacker believe that he is working with the actual system. The activities related to the attack are recorded by the honeypot by interacting with the intruder. The recorded activities are analyzed by the network administrator, and the rule database is updated. As a result, we improve the detection accuracy and security of the system using honeypot without any loss or damage to the original system. As the number of threats to the information is increasing, there is a need for a powerful intrusion detection system that can actually fulfil the requirement of security against the threat. This type of security can be achieved by identifying the particular type of attack. The classification of attack activities ensures the efficient countermeasure for the attack. The work focuses on the classification of attack using multiclass support vector machine approach. The support vector machine is used for binary classification. This approach is extended to the multiclass classification of attack with improved accuracy of classification. We have used three benchmark datasets for training and testing purpose: KDD corrected dataset, NSLKDD dataset, Gure KDD dataset. We have also compared the results with existing work. The evaluation gives better accuracy for detection of attack than the existing approach. The evaluation provides better accuracy for detection of attack than the existing approach