Analysis of neural networks usage for detection of a new attack in IDS

• Autorzy: Kukiełka P. , Kotulski Z.
• Języki publikacji: EN

Abstrakty

EN

Generally, Intrusion Detection Systems (IDS) work using two methods of identification of attacks: by signatures, that are specific defined elements of the network traffic possible to identify and by anomalies being some deviation form of the network behaviour assumed as normal. Recently, some attempts have been made to implement artificial intelligence method for detection of attacks. Many such implementations use for testing and learning process the data set provided by KDD (Knowledge Discovery and Data Mining Competition) project in 1999. Unfortunately, KDD99 data set was created more than eight years ago and during this time many new attacks have been discovered. In this paper we present our research on updating KDD99 data with traces of attacks of new types. After updating, the data set was used for training and testing MLP (Multi Layer Perceptron) neural network architecture IDS.

Słowa kluczowe

EN

knowledge discovery and data mining competition; KDD; Multilayer Perceptron; MLP

• Wydawca: Wydawnictwo UMCS
• Czasopismo: Annales Universitatis Mariae Curie-Skłodowska. Sectio AI, Informatica
• Rocznik: 2010
• Tom: Vol. 10, no. 1
• Strony: 51--59
• Opis fizyczny: Bibliogr. 10 poz., rys., tab.

Twórcy

autor

Kukiełka P.

• Institute of Telecommunications, Warsaw University of Technology, Nowowiejska 15/19, 00-665 Warsaw, Poland

autor

Kotulski Z.

• Institute of Fundamental Technological Research, Polish Academy of Sciences, Swietokrzyska 21, 00-049 Warsaw, Poland

Bibliografia

• [1] Lee W., Stolfo S. J., A framework for constructing features and models for intrusion detection systems, ACM Transactions on Information and System Security (TISSEC) 3(4) (2000): 227–261.
• [2] Rutkowski L., Metody i Techniki Sztucznej Inteligencji (in Polish) (PWN, Warszawa, 2005).
• [3] Lee W., Stolfo S.J., Data mining approaches for intrusion detection, Proc. of the Seventh USENIX Security Symposium (SECURITY ’98) (San Antonio, 1998).
• [4] Lippmann R., Haines J. W., Fried D. J. et al., The 1999 darpa off-line intrusion detection evaluation, Computer Networks: The International Journal of Computer and Telecommunications Networking 34 (2000): 579–595.
• [5] Paxson V., Bro: A system for detecting network intruder in real time, Proceedings of the 7th USENiX Security Symposium (San Antonio, 1998).
• [6] Elkan Ch., Results of the KDD’99 classifier-learning contest (1999), http://www.cse.ucsd.edu/#elkan/clresults.html.
• [7] Osowski S., Sieci Neuronowe do Przetwarzania Informacji (in Polish) (Oficyna Wydawnicza Politechniki Warszawskiej, Warszawa 2000), ISBN: 83-7207-187-X.
• [8] Kukielka P., Kotulski Z., Analysis of different architectures of neural networks for application in intrusion detection systems, International Multiconference on Computer Science and Information Technology (Wisła, 2008): 20–22.
• [9] The Metasploit Project, www.metasploit.com.
• [10] Bro-Intrusion Detection System, www.bro-ids.org.