Abstract: This paper proposes a novel method for DoS intrusion detection based on incremental learning with SVM whose main idea is to segment the training database which is composed of log files into sub-databases which are mutually exclusive each other, and each sub-database is trained in batch. During each training process, only support vector is reserved for future training and non-support-vector is discarded. Compared with the method based on traditional SVMs, this training algorithm obviously reduces training time and obtains high detection performance

Key words: Intrusion detection; Denial of service(DoS); Incremental learning; Support vector machine

摘要： 提出了一个基于增量学习支持向量机的DoS 入侵检测方法，其基本思想是将训练样本库分割成几个互不相交的训练子库，按批次对各个训练子库样本进行训练，每次训练中只保留支持向量，去除非支持向量。与传统的基于支持向量机的入侵检测方法对比的试验表明，该方法在不影响检测性能的同时明显减少了训练时间。

关键词: 入侵检测；拒绝服务；增量学习；支持向量机