• intrusion detection systems;
  • prior knowledge;
  • support vector machine;
  • within-class scatter


Intrusion detection has become an indispensable technique to ensure the security and reliability of information systems. Support vector machine (SVM) and its many improved algorithms have been successfully applied to intrusion detection systems in recent years. However, the training process of SVM ignores an important prior knowledge, the within-class structure in the training set. In this paper, we propose an improved classification algorithm, which combines minimum within-class scatter in Fisher discriminant analysis with traditional SVM. The central idea is to find an optimal separating hyperplane such that the margin is maximized, whereas the within-class scatter is kept as small as possible. This new algorithm is called SVM with minimum within-class scatter (WCS-SVM). A set of experiments is conducted on ten benchmarking datasets and KDDCUP'99 experimental data of MIT Lincoln Laboratory to test the generalization performance of the WCS-SVM algorithm. Experimental results show that the WCS-SVM algorithm has better discriminatory power than traditional SVM and kernel Fisher discriminant analysis and it has higher true detection rate and lower false positive rate for intrusion detection systems. Copyright © 2012 John Wiley & Sons, Ltd.