NEURAL NETWORK APPROACHES FOR INTRUSION DETECTION AND RECOGNITION

Authors

  • Vladimir Golovko
  • Leanid Vaitsekhovich

DOI:

https://doi.org/10.47839/ijc.5.3.416

Keywords:

Neural networks, computer security, network attack, intrusion detection, principal component analysis, multilayer perceptron

Abstract

Most current Intrusion Detection Systems (IDS) examine all data features to detect intrusion. Also existing intrusion detection approaches have some limitations, namely impossibility to process large number of audit data for real-time operation, low detection and recognition accuracy. To overcome these limitations, we apply modular neural network models to detect and recognize attacks in computer networks. It is based on combination of principal component analysis (PCA) neural networks and multilayer perceptrons (MLP). PCA networks are employed for important data extraction and to reduce high dimensional data vectors. We present two PCA neural networks for feature extraction: linear PCA (LPCA) and nonlinear PCA (NPCA). MLP is employed to detect and recognize attacks using feature-extracted data instead of original data. The proposed approaches are tested using KDD-99 dataset. The experimental results demonstrate that the designed models are promising in terms of accuracy and computational time for real world intrusion detection.

References

S.Kumar and E.H.Spafford, “A Software architecture to support misuse intrusion detection”, Proceedings of the 18th National Information Security Conference, pp.194-204, 1995.

K.Ilgun, R.A.Kemmerer, P.A.Porras. “State transition analysis: A rule-based intrusion detection approach”, IEEE Transaction on Software Engineering, vol.21, no.3, pp.181-199, 1995.

SNORT, http://www.snort.org.

T.Lunt, A.Tamaru, F.Gilham, et al, “A Real-time Intrusion Detection Expert System (IDES) – final technical report”, Technical report, Computer Science Laboratory, SRI International, Menlo Park, California, Feb. 1992.

P.A.Porras and P.G.Neumann, “EMERALD: Event monitoring enabling responses to anomalous live disturbances”, Proceedings of National Information Systems Security Conference, Baltimore MD, October 1997.

D.E.Denning, “An intrusion-detection model”, IEEE Transaction on Software Engineering. vol.13, no.2, pp.222-232, 1987.

W.Lee, S.Stolfo, K.Mok, “A data mining framework for adaptive intrusion detection”, Proceedings of the 1999 IEEE Symposium on Security and Privacy, Los Alamos, CA, pp.120-132, 1999.

W.Lee, S.Stolfo, “A Framework for constructing features and models for intrusion detection systems”, ACM Transactions on Information and System Security, vol3, no.4, pp.227-261, 2000.

Y.Liu, K.Chen, X.Liao, et al, “A genetic clustering method for intrusion detection”, Pattern Recognition, vol.37, no.5, pp.927-924, 2004.

E.Eskin, A.Rnold, M.Prerau, L.Portnoy, S.Stolfo, “A Geometric framework for unsupervised anomaly detection”, Applications of Data Mining in Computer Security. Kluwer Academics, 2002.

M.Shyu, S.Chen, K. Sarinnapakorn, L.Chang, “A Novel Anomaly Detection Scheme Based on Principal Component Classifier”, Proceedings of the IEEE Foundations and New Directions of Data Mining Workshop, in conjunction with the Third IEEE International Conference on Data Mining (ICDM’03), pp. 172-179, 2003.

H.Kayacik, A.Zincir-Heywood and M.Heywood, “On the capability of an SOM based intrusion detection system”, in Proc. IEEE Int. Joint Conf. Neural Networks (IJCNN’03), pp. 1808-1813, 2003.

Zheng Zhang, Jun Li, C.N. Manikopoulos, Jay Jorgenson, Jose Ucles, “HIDE : a Hierarchical Network Intrusion Detection System Using Statistical Preprocessing and Neural Network Classification”, Proceedings of the 2001 IEEE Workshop on Information Assurance and Security United States Military Academy, West Point, NY, pp.85-90, 2001.

V.Golovko, L.Vaitsekhovich, “Neural Network Techniques for Intrusion Detection”, Proceedings of International Conference on Neural Networks and Artificial Intelligence (ICNNAI-2006), pp.65-69, 2006.

1999 KDD Cup Competition. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.

H.Drucker, R.Schapire and P.Simard, “Improving performance in neural networks using a boosting algorithm”, In S.J.Hanson, J.D.Cowan and C.L.Giles eds., Advanced in Neural Information Processing Systems 5, Denver, CO, Morgan Kaufmann, San Mateo, CA, pp.42-49, 1993.

E. Oja, “Principal components, minor components and linear networks. Neural Networks”, vol.5, pp.927-935, 1992.

Downloads

Published

2014-08-01

How to Cite

Golovko, V., & Vaitsekhovich, L. (2014). NEURAL NETWORK APPROACHES FOR INTRUSION DETECTION AND RECOGNITION. International Journal of Computing, 5(3), 118-125. https://doi.org/10.47839/ijc.5.3.416

Issue

Section

Articles