Employment of neural network based classifier for intrusion detection

Vaitsekhovich, L.; Golovko, V.

Artykuł - szczegóły

Tytuł artykułu

Employment of neural network based classifier for intrusion detection

Autorzy

Vaitsekhovich L. , Golovko V.

Treść / Zawartość

Pełne teksty:

httpwww_actawm_pb_edu_plvol2no4vaitsekhovichgolovko.pdf

Pobierz

Identyfikatory

Warianty tytułu

Języki publikacji

Abstrakty

Most current Intrusion Detection Systems (IDS) examine all data features to detect intrusion. Also existing intrusion detection approaches have some limitations, namely impossibility to process a large number of audit data for real-time operation, low detection and recognition accuracy. To overcome these limitations, we apply modular neural network models to detect and recognize attacks in computer networks. They are based on the combination of principal component analysis (PCA) neural networks and multilayer perceptrons (MLP). PCA networks are employed for important data extraction and to reduce high dimensional data vectors. We present two PCA neural networks for feature extraction: linear PCA (LPCA) and nonlinear PCA (NPCA). MLP is employed to detect and recognize attacks using feature-extracted data instead of original data. The proposed approaches are tested with the help of KDD-99 dataset. The experimental results demonstrate that the designed models are promising in terms of accuracy and computational time for real world intrusion detection.

Słowa kluczowe

intrusion detection systems (IDS) neural networks

systemy wykrywania włamań sieci neuronowe

Wydawca

Oficyna Wydawnicza Politechniki Białostockiej

Czasopismo

Acta Mechanica et Automatica

Rocznik

2008

Tom

Vol. 2, no. 4

Strony

93--98

Opis fizyczny

Bibliogr. 17 poz., rys., tab.

Twórcy

autor

Vaitsekhovich L.

autor

Golovko V.

Brest State Technical University, Moskovskaja str. 267, 224017 Brest, Belarus, vspika@rambler.ru

Bibliografia

1. Denning D. E. (1987), An intrusion-detection model, IEEE Transaction on Software Engineering, Vol. 13, No. 2, 222-232.
2. Drucker H., Schapire R., Simard P. (1993), Improving performance in neural networks using a boosting algorithm, S. J. Hanson, J.D.Cowan and C.L.Giles eds., Advanced in Neural Information Processing Systems 5, Denver, CO, Morgan Kaufmann, San Mateo, CA, 42-49.
3. Eskin E., Rnold A., Prerau M., Portnoy L., Stolfo S. (2002), A Geometric framework for unsupervised anomaly detection, Applications of Data Mining in Computer Security, Kluwer Academics.
4. Golovko V., Vaitsekhovich L. (2006), Neural Network Techniques for Intrusion Detection, Proceedings of International Conference on Neural Networks and Artificial Intelligence (ICNNAI-2006), 65-69.
5. Ilgun K., Kemmerer R. A., Porras P. A. (1995), State transition analysis: A rule-based intrusion detection approach, IEEE Transaction on Software Engineering, Vol. 21, No. 3, 181-199.
6. Kayacik H., Zincir-Heywood A., Heywood M. (2003), On the capability of an SOM based intrusion detection system, Proc. IEEE Int. Joint Conf. Neural Networks (IJCNN’03), 1808-1813.
7. Kumar S., Spafford E. H. (1995), A Software architecture to support misuse intrusion detection, Proceedings of the 18th National Information Security Conference, 1995, 194-204.
8. Lee W., Stolfo S. (2000), A Framework for constructing features and models for intrusion detection systems, ACM Transactions on Information and System Security, Vol. 3, No. 4, 227-261.
9. Lee W., Stolfo S., Mok K. (1999), A data mining framework for adaptive intrusion detection, Proceedings of the 1999 IEEE Symposium on Security and Privacy, Los Alamos, CA, 120-132.
10. Liu Y., Chen K., Liao X. (2004), A genetic clustering method for intrusion detection”, Pattern Recognition, Vol. 37, No. 5, 927-924.
11. Lunt T., Tamaru A., Gilham F. (1992), A Real-time Intrusion Detection Expert System (IDES) – final technical report, Technical report, Computer Science Laboratory, SRI International, Menlo Park, California, Feb.
12. Oja E. (1992), Principal components, minor components and linear networks. Neural Networks”, Vol. 5, 927-935.
13. Porras P. A., Neumann P. G. (1997), EMERALD: Event monitoring enabling responses to anomalous live disturbances, Proceedings of National Information Systems Security Conference, Baltimore MD.
14. Shyu M., Chen S., Sarinnapakorn K., Chang L. (2003), A Novel Anomaly Detection Scheme Based on Principal Component Classifier, Proceedings of the IEEE Foundations and New Directions of Data Mining Workshop, in conjunction with the Third IEEE International Conference on Data Mining (ICDM’03), 172-179
15. Zhang Z., Li J., Manikopoulos C. N., Jorgenson J., Ucles J. (2001), HIDE : a Hierarchical Network Intrusion Detection System Using Statistical Preprocessing and Neural Network Classification, Proceedings of the 2001 IEEE Workshop on Information Assurance and Security United States Military Academy, West Point, NY, 85-90.
16. 1999 KDD Cup Competition. Available: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
17. SNORT. Available: http://www.snort.org.

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-article-BPB2-0033-0040