A Hybrid Methodologies for Intrusion Detection Based Deep Neural Network with Support Vector Machine and Clustering Technique

  • Tao MaEmail author
  • Yang Yu
  • Fen Wang
  • Qiang Zhang
  • Xiaoyun ChenEmail author
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 422)


This paper proposes a novel approach called KDSVM, which utilized the k-mean techniques and advantage of feature learning with deep neural network (DNN) model and strong classifier of support vector machines (SVM) , to detection intrusion networks. KDSVM is composed of two stages. In the first step, the dataset is divided into k subset based on every sample distance by the cluster centers of k-means approach, and in the second step, testing dataset is distanced by the same cluster center and fed into the DNN model with SVM model for intrusion detection. The experimental results show that the KDSVM not only performs better than SVM, BPNN, DBN-SVM (Salama et al., Soft computing in industrial applications, 2011 [21]) and Bayes tree models in terms of detection accuracy and abnormal types of attacks found. It also provides an effective tool for the study and analysis of intrusion detection in the large network.


Intrusion detection systems Deep neural network Hybrid model K-means clustering Support vector machine 



This work is supported by the National Natural Science Foundation of China (Grant No. 11361046) and the Key Research Fund of Ningxia Normal University (Grant No. NXSFZD1517 NXSFZD1603 and NXSFZD1608), the Natural Science Fund of Ningxia Province (Grant NZ16260) and the Fundamental Research Fund for Senior School of Ningxia Province (Grant No. NGY2015124).


  1. 1.
    Aburomman, A.A., Reaz, M.B.I.: A novel svm-knn-pso ensemble method for intrusion detection system. Applied Soft Computing 38, 360–372 (2016)Google Scholar
  2. 2.
    Alom, M.Z., Bontupalli, V., Taha, T.M.: Intrusion detection using deep belief networks. In: 2015 National Aerospace and Electronics Conference (NAECON). pp. 339–344. IEEE (2015)Google Scholar
  3. 3.
    Barbara, D., Wu, N., Jajodia, S.: Detecting novel network intrusions using bayes estimators. In: SDM. pp. 1–17. SIAM (2011)Google Scholar
  4. 4.
    Bengio, Y., Simard, P., Frasconi, P.: Learning long-term dependencies with gradient descent is difficult. Neural Networks, IEEE Transactions on 5(2), 157–166 (1994)Google Scholar
  5. 5.
    Chen, W.H., Hsu, S.H., Shen, H.P.: Application of svm and ann for intrusion detection. Computers & Operations Research 32(10), 2617–2634 (2005)Google Scholar
  6. 6.
    Chilimbi, T., Suzue, Y., Apacible, J., Kalyanaraman, K.: Project adam: Building an efficient and scalable deep learning training system. In: 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14). pp. 571–582 (2014)Google Scholar
  7. 7.
    Denning, D.E.: An intrusion-detection model. Software Engineering, IEEE Transactions on SE-13(2), 222–232 (1987)Google Scholar
  8. 8.
    Dokas, P., Ertoz, L., Kumar, V., Lazarevic, A., Srivastava, J., Tan, P.N.: Data mining for network intrusion detection. In: Proc. NSF Workshop on Next Generation Data Mining. pp. 21–30 (2002)Google Scholar
  9. 9.
    Erhan, D., Bengio, Y., Courville, A., Manzagol, P.A., Vincent, P., Bengio, S.: Why does unsupervised pre-training help deep learning? The Journal of Machine Learning Research 11, 625–660 (2010)Google Scholar
  10. 10.
    Grover, A., Kapoor, A., Horvitz, E.: A deep hybrid model for weather forecasting. In: Proceedings of the 21th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. pp. 379–386. ACM (2015)Google Scholar
  11. 11.
    Hinton, G.E., Osindero, S., Teh, Y.W.: A fast learning algorithm for deep belief nets. Neural computation 18(7), 1527–1554 (2006)Google Scholar
  12. 12.
    Hinton, G.E., Zemel, R.S.: Autoencoders, minimum description length, and helmholtz free energy. Advances in neural information processing systems pp. 3–3 (1994)Google Scholar
  13. 13.
    Huang, P.S., He, X., Gao, J., Deng, L., Acero, A., Heck, L.: Learning deep structured semantic models for web search using click through data. In: Proceedings of the 22nd ACM international Conference on information & knowledge management. pp. 2333–2338. ACM (2013)Google Scholar
  14. 14.
    Japkowicz, N., Shah, M.: Evaluating learning algorithms: a classification perspective. Cambridge University Press (2011)Google Scholar
  15. 15.
    Kabiri, P., Ghorbani, A.A.: Research on intrusion detection and response: A survey. IJ Network Security 1(2), 84–102 (2005)Google Scholar
  16. 16.
    Karami, A., Guerrero-Zapata, M.: A fuzzy anomaly detection system based on hybrid pso-kmeans algorithm in content-centric networks. Neurocomputing 149, 1253–1269 (2015)Google Scholar
  17. 17.
    Kayacik, H.G., Zincir-Heywood, A.N., Heywood, M.I.: A hierarchical som-based intrusion detection system. Engineering Applications of Artificial Intelligence 20(4), 439–451 (2007)Google Scholar
  18. 18.
    Koc, L., Mazzuchi, T.A., Sarkani, S.: A network intrusion detection system based on a hidden naive bayes multiclass classifier. Expert Systems with Applications 39(18), 13492–13500 (2012)Google Scholar
  19. 19.
    Marin, G.: Network security basics. Security & Privacy, IEEE 3(6), 68–72 (2005)Google Scholar
  20. 20.
    Palm, R.B.: Prediction as a candidate for learning deep hierarchical models of data. Technical University of Denmark (2012)Google Scholar
  21. 21.
    Salama, M.A., Eid, H.F., Ramadan, R.A., Darwish, A., Hassanien, A.E.: Hybrid intelligent intrusion detection scheme. In: Soft computing in industrial applications, pp. 293–303. Springer (2011)Google Scholar
  22. 22.
    Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the kdd cup 99 data set. In: Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications 2009 (2009)Google Scholar
  23. 23.
    Zhang, J., Zulkernine, M., Haque, A.: Random-forests-based network intrusion detection systems. Systems, Man, and Cybernetics, Part C: Applications and Reviews, IEEE Transactions on 38(5), 649–659 (2008)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2018

Authors and Affiliations

  1. 1.School of Information Science and EngineeringLanzhou UniversityLanzhouChina
  2. 2.School of Mathematical and Computer ScienceNingxia Normal UniversityGuyuanChina
  3. 3.Statistics & Research DivisionChina Insurance Regulatory Commission Ningxia BureauYinchuanChina

Personalised recommendations