Ramp loss K-Support Vector Classification-Regression; a robust and sparse multi-class approach to the intrusion detection problem

•A robust and sparse multi-class approach for Multi-Class classification is proposed.•The proposed method is based on Ramp loss K-Support Vector Classification-Regression.•The CCCP procedure is used to solve a non-differentiable non-convex optimization problem.•ADMM is adopted to make our model well-adapted for the large-scale setting.•The results of Ramp-KSVCR show superior generalization power and low computational cost. Network intrusion detection problem is an ongoing challenging research area because of a huge number of traffic volumes, extremely imbalanced data sets, multi-class of attacks, constantly changing the nature of new attacks and the attackers’ methods. Since the traditional network protection methods fail to adequately protect the computer networks, the need for some sophisticated methodologies has been felt. In this paper, we develop a precise, sparse and robust methodology for multi-class intrusion detection problem based on the Ramp Loss K-Support Vector Classification-Regression, named “Ramp-KSVCR”. The main objectives of this research are to address the following issues; 1) Highly imbalanced and skewed attacks’ distribution; hence, we utilized the K-SVCR model as a core of our model; 2) Sensitivity of SVM and its extensions to the presence of noises and outliers in the training sets, to cope with this problem, Ramp loss function is implemented to our model; 3) and since the proposed Ramp-KSVCR model is a non-differentiable non-convex optimization problem, we took Concave–Convex Procedure (CCCP) to solve this model. Furthermore, we introduced Alternating Direction Method of Multipliers (ADMM) procedure to make our model well-adapted to be applicable in the large-scale setting and to reduce the training time. The performance of the proposed method has been evaluated by some artificial data and also by conducting some experiments with the NSL-KDD data set and UNSW-NB15 as a recently published intrusion detection data set. Experimental results not only demonstrate the superiority of the proposed method over the traditional approaches tested against it in terms of generalization power and sparsity but also saving a considerable amount of computational time.