Purdue University Graduate School
Thesis__v1_0_2_.pdf (1.08 MB)

Incremental Support Vector Machine Approach for DoS and DDoS Attack Detection

Download (1.08 MB)
posted on 2019-05-14, 17:24 authored by Seunghee LeeSeunghee Lee

Support Vector Machines (SVMs) have generally been effective in detecting instances of network intrusion. However, from a practical point of view, a standard SVM is not able to handle large-scale data efficiently due to the computation complexity of the algorithm and extensive memory requirements. To cope with the limitation, this study presents an incremental SVM method combined with a k-nearest neighbors (KNN) based candidate support vectors (CSV) selection strategy in order to speed up training and test process. The proposed incremental SVM method constructs or updates the pattern classes by incrementally incorporating new signatures without having to load and access the entire previous dataset in order to cope with evolving DoS and DDoS attacks. Performance of the proposed method is evaluated with experiments and compared with the standard SVM method and the simple incremental SVM method in terms of precision, recall, F1-score, and training and test duration.


Degree Type

  • Master of Science


  • Computer and Information Technology

Campus location

  • West Lafayette

Advisor/Supervisor/Committee Chair

John A. Springer

Additional Committee Member 2

Eric T. Matson

Additional Committee Member 3

Vetria L. Byrd