Instruction detection technology is a new generation of security technology that monitor networks or systems to avoid malicious activity and policy violation. Compared with traditional security protection measures such as firewall, instruction detection can prevent attacks both from external and internal. The SVM is a statistical learning model(SLT), which shows an extraordinary advantage when dealing with small sample. Its advantages are: (1) SVM's goal is to get the optimal solution under limited samples but not infinity samples which is the prerequisite of traditional machine learning like neural network or regression. (2) SVM has a regularization parameter to avoid over-fitting and uses the kernel trick to transit to high-dimensional feature space to increase VC dimension. This manuscript is based on the SVM to extract intrusion detection information, at the same time in order to eliminate noise caused by false alarm probability, we also combined with the context validation as a preliminary analysis, so as to achieve a novel computer network intrusion detection (NCNID) algorithm.

• 出版日期2016
• 单位上海交通大学; 四川大学