International Journal of Security and Its Applications Vol. 11, No. 9 (2017), pp.59-72 http://dx.doi.org/10.14257/ijsia.2017.11.9.05 ISSN: 1738-9976 IJSIA Copyright ⓒ 2017 SERSC Australia Improved Detecting Host Based Intrusions Based On Hybrid SVM Using Grey Wolf Optimizer 1 Vidhya Sathish 1* and P. Sheik Abdul Khader 2 1 Research Scholar, Department of Computer Applications, B.S.Abdur Rahman University, Chennai-48, India 2 Professor & Director Data Centre, Department of Computer Applications, B.S.Abdur Rahman University, Chennai-48, India *Author for Correspondence: vidhyasathish83@gmail.com Abstract The blooming of intrusion instance trace notified as grim threat as per internet industry is concerned. To overcome, detection methodologies are designed by adopting an extensive intense research in the internet industry. Based on the consideration of challenging task and performance existence of contemporary computational methodologies, the objective of this Proposed Research has developed the enhanced hybrid strategy by combining the Support Vector Machine approach from classifier-based techniques and the Grey Wolf Optimizer from evolutionary techniques to optimize the support vector machine parameter towards the accurate classification of Host based intrusions with high detection accuracy and minimal false leads. Keywords: Support Vector Machine, Grey Wolf Optimizer, Attribute Classification, High Detection accuracy 1. Introduction The blooming of intrusion instance trace notified as grim threat as per internet industry is concerned. The reason is that they may reside over Host end points from neither inside nor outside the organization [1-2]. In common, there are four types of intrusion turned as a root cause for disrupting the Host service. They are known to be Type 1: Denial-Of-Service attacks, Type 2 : User-To-Root attacks, Type 3 : Remote-To-Local attacks and Type 4 : Probing attacks. The 'Type 1' is the class of attacks making the system resources idle. Based on this, 'back', 'smurf', 'teardrop' and 'land' attacks are evolved. The 'Type 2' attacks make the unauthorized access gain authorized privileges from the user's account. The 'Type 3' attacks make the unauthorized access from the remote machine. Based on this, 'Guess Passwd', and 'imap' attacks are evolved. The 'Type 4' attacks bloom based on the port scanning of network. For example, 'nmap', 'portsweep', and 'satan' attacks are evolved. To overcome these intrusions, detection methodologies[3-5] are designed by adopting two common processes during training and testing phases. First, the profile of normal behavior is built during the training phase and second, the current traffic is compared with the profile created in the training phase during the testing phase. Generally, Signature-based Detection methodologies and Anomaly-based Detection Methodologies are developed as the broad categories of Intrusion Detection Systems. The Signature-based detection methodologies are, in specific, for detecting 'known' pattern i.e., already trained by the system. The Anomaly-based Detection methodologies are, in specific, for detecting unknown anomalies in the current traffic. Most of the detection Received (January 18, 2017), Review Result (August 16, 2017), Accepted (September 8, 2017)