Evaluation of Support Vector Machine kernels for detecting network anomalies

Border Gateway Protocol (BGP) is used to exchange routing information across the Internet. BGP anomalies severely affect network performance and, hence, algorithms for anomaly detection are important for improving BGP convergence. Efficient and effective anomaly detection mechanisms rely on employing machine learning techniques. Support Vector Machine (SVM) is a widely used machine learning algorithm. It employs a set of mathematical functions called kernels that transform the input data into a higher dimensional space before classifying the data points into distinct clusters. In this Thesis, we evaluate the performance of linear, polynomial, quadratic, cubic, Gaussian radial basis function, and sigmoid SVM kernels used for classifying power outage such as Moscow Power Blackout, BGP mis-configuration, and BGP anomalies such as Slammer, Nimda and Code Red I. The SVM kernels are compared based on accuracy and the F-Score when detecting anomalous events in the Internet traffic traces. Simulation results indicate that the performance heavily depends on the selected features and their combinations.