H. X. ZHOU ET AL.

Copyright © 2013 SciRes. CN

, high dimensional feature space

, nonlinear

mapping

. Nonlinear samples can be mapped

to high-dimensional feature space

by kernel function

and mapping

to construct an optimal separating

hyperplane in

. The points on the optimal separating

hyperplane need to meet:

, (1)

and classification interval is equ al to

. If we want

the best effect of classifying, classification interval shall

take the maximum, that is to say,

ω

shall take the

min i mu m [6].

In practice, classic support vector machine cannot solve

mul ti -class problems. So we need to take other ways to

solve them. In [7], the author listed some common mul-

ti-class classification method, such as one-against -one me-

thod, one-against-all method, binary tree method, error

correcting output codes (ECOC) method, directed acyclic

graph SVM (DAGSVM) method, etc.

2.2. Hadamard Coding Algorithm

Hadamard error correcting output codes method is a typ-

ical algorithm which decomposes multi-class problem into

several two-class problems. Hadamard matrix was pro-

posed by James Joseph Sylvester on the basis of ortho-

gonality in 1867 [8]. It is a square matrix which is made

of “−1” and “+1”, and any different two rows of it is

mutually orthogonal.

dimensional Hadamard matrix

can be obtained by

dimensional matrix through

the method of recursing.

/2 /2

/2 /2

N

H

=

−

(2)

For

dimensional matrix, any two rows or two

columns are neither same nor complementary. The dis-

tance between any two rows or two columns is

.

These features meet the needs of classifier training, but

the first “−1” column in the matrix cannot be used for

classifier coding. So the original

dimensional matrix

needs to be cut in a certain degree.

3. Experimental Design and Implementation

Experimental design includes two aspects: coding matrix

construction and the training of classifier. Coding matrix

construction is conducted on the basis of Hadamard ma-

trix. The realization of classifier is implemented on NS2

and LIBSVM pla t form.

3.1. Construct Modified Coding Matrix

According to the characteristics of the matrix and coding

principles, the approach of Sparse-ECOC matrix struc-

ture can be shown as follows:

• Obtained a

dimensional Hadamard matrix ac-

cording to Equation (2).

• Delete the first “−1” column, and obtained a

dimensional matrix.

• Take the first

lines of the matrix, and obtained a

dimensional matrix.

• Chose an element from each row and replace it with

element “0”. Ensure the minimum hamming distance

as large as possible.

The sign l expresses sample class number. The mod-

ified coding matrix has simple coding scheme, less num-

ber of classifiers constructed, and convenient calculation.

Any two rows or two columns are neither same nor com-

plementary. Th e hamming distance b etween any tw o rows

is equal to

.

The coding matrix constructed in this way is ternary

code matrix. In ternary code encoding, element “1” ex-

presses positive, element “−1” expresses negative, and

element “0” expresses doing nothing with it [9]. The ad-

dition of zero elements made classifier more simplified,

so we call this coding matrix Sparse-ECOC matrix.

The Sparse-ECOC matrix not only satisfies the train-

ing requirements of multi-class SVM classifier, but also

reduces each single classifier's construction time because

of the addition of zero elements. These properties effec-

tively improve the training speed and comprehensive

performance.

3.2. Classifier Implem entation

The Sparse-ECOC multi-class algorithm proposed in this

paper mainly detect for hello flooding attack, denial-of-

service (DoS) attack, blackhole attack, selective for-

warding attack and sybil attack in WSN. Detect and clas-

sify attacks by analyzing the energy of nodes and packets

received and send situations in the networks. In order to

reduce the complexity of calculation, we choose appro-

priate flow characteristics for each attack as less as poss-

ible.

For hello flooding attack, we select the energy of

package sent as its feature. For DoS attack, we select the

number of data packets received. For blackhole attack,

we select the number of route request replies received,

the number of route request replies sent, and the number

of route request replies dropped. For selective forwarding

attack, we select the number of route errors send and the

number of route errors received. For sybil attack, we se-

lect the frequency of the node selected as cluster head

[10].

Classifier realization mainly includes four processes: data

acquisition, data preprocessing, kernel function selection

and classifier training, algorithm verification (Figure 1).

1) Data acq uision: Bu ild a hierarchic al and cluster struc-

ture model of WSN in NS2. We choose IEEE 802.15.4