Systemy wykrywania Intruzów wykorzystujące metody sztucznej Inteligencji

• Autorzy: Kukiełka R. , Kotulski Z.

Warianty tytułu

EN

Intrusion detection systems based on the artificial intelligence methods

• Języki publikacji: PL

Abstrakty

PL

W ostatnich latach sztuczna inteligencja znajduje zastosowanie w wielu dziedzinach. Jedną z nich są również systemy wykrywania intruzów IDS (Intrusion Detection System). Dzięki zdolności generalizacji metody sztucznej inteligencji umożliwiają klasyfikację ataków nie tylko według nauczonych wzorców, ale również wszelkich ataków podobnych do nich oraz niektórych nowych typów. IDS stosujące takie metody mogą się również w sposób dynamiczny dostosowywać do zmieniającej się sytuacji w sieci (np. uczyć się nowych zachowań użytkowników lub nowych ataków). Ich zaletą jest to, że nie wymagają budowy skomplikowanych zbiorów reguł i sygnatur odrębnych dla każdej instancji ataków, ponieważ dane niezbędne do wykrycia ataku są uzyskiwane automatycznie w procesie nauki. Artykuł zawiera podstawowe pojęcia związane z systemami wykrywania włamań oraz przegląd wyników dotyczących zastosowania w IDS metod sztucznej inteligencji, takich jak: drzewa decyzyjne, algorytmy genetyczne, systemy immunologiczne, sieci Bayesa oraz sieci neuronowe.

EN

Last years one of the most extensively studied field of research is artificial intelligence. It is used in many practical applications, one of them is Intrusion Detection Systems (IDS). Thanks to their generalization feature artificial intelligence methods allow to classify not only the learned attacks patterns but also their modified versions and some new attacks. They could dynamically adapt to changing situation in the network (eg., learn new users' behaviors or new attacks). Ań advantage of application of the artificial intelligence methods in IDS is that they do not require generation of the rule or the signature for each new instance of an attack because they automatically update the IDS knowledge in the learning phase. The first part of this paper includes basic information about intrusion detection system. In the next sections we present application in IDS such artificial intelligence methods like: decision trees, genetic algorithms, immunology systems, Bayes networks, and neural networks.

Słowa kluczowe

PL

bezpieczeństwo Internetu; systemy wykrywania intruzów; wykrywanie anomalii; metody sztucznej inteligencji

EN

Internet security; intrusion detection systems (IDS); anomalies detection; artificial intelligence methods

• Wydawca: Wydawnictwo SIGMA-NOT
• Czasopismo: Przegląd Telekomunikacyjny + Wiadomości Telekomunikacyjne
• Rocznik: 2011
• Tom: nr 4
• Strony: 114--121
• Opis fizyczny: Bibliogr. 46 poz., rys., tab.

Twórcy

autor

Kukiełka R.

autor

Kotulski Z.

• Instytut Telekomunikacji, Politechnika Warszawska,

Bibliografia

• [1] Amini M., Jalili R., Shahriari H. R.: RT-UNNID: A practical solution to real-time network-based intrusion detection using unsupenised neural networks, Computers & Security 25, May 2006
• [2] Amor N. B., Benferhat S., Elouedi Z.: Naive Bayes vs decision trees m intrusion detection systems, In Proc. ACM Symp. on Applied Computing, 2004
• [3] J. R Andersen: Computer Security Threat Monitoring and Surveillance, Fort Washington, Pa, 1980.
• [4] Bivens A., Palagiri C., Smith R., Szymanski B., Embrechts M.: Network-Based Intrusion Detection using Neural Networks, ASME Press, vol. 12 , New York 2002
• [5] Cannady J.: Mificial neural networks for Misuse Detection, National Information Systems Security Conference, 1998
• [6] Cannady J., Maheffey J.: The application of artificial neural networks to misuse detection. tnitial resutts; In: Proc. of tnę 1 st International Work-shop on Recent Advances in Intrusion Detection (RAID), Loiwain-Ia-Neuve, Belgium, 1998
• [7] Chebrolua S., Abrahama A., Thomasa J. R: Feature deduction and ensemble design of intrusion detection systems, Computers & Security, 2004
• [8] Chen Y, Abraham A., Yang B.: Hybrid Flexible Neural-Tree Based IDS, International Journal of Intelligent Systems, vol. 22, no. 4, 2007
• [9] Chen Y, Abraham A.: Feature selection and intrusion detection using Hybrid Flexible Neural Tree, In Proc. of Second International Symposium on Neural Networks (ISNN-05), LNCS 3498, 2005
• [10] Barbara D., Couto J., Jajodia S., Popyack L., Wu N.: ADAM: Detecting Intrusions by Data Mining, In Proc of the 2001 IEEE Workshop on Information Assurance and Security, T1A3 1100 United States Military Academy, West Point, NY, 5-6 June 2001
• [11] Debar H., Becke M., Siboni D.: A neural network component low an intrusion detection system, In Proc. of the IEEE Computer Society Symposium on Research in Security and Privacy, 1992
• [12] Debar H., Dorizzi B.: An Application of a Recurrent Network to an Intrusion Detection System, In Proc. of the International Joint Conference on Neural Network, 1992
• [13] Hofmeyr S. A., Forrest S.: Immunity by Design: An Artificial Immune System, In Proc. of the Genetic and Evolutionary Computation Conference (GECCO), Morgan-Kaufmann, San Francisco, CA, 1999
• [14] Horeis T.: Intrusion Detection with Neural Networks-Combination of SOM and RBF networks for human Expert integration, available online in http://ieeecis.org/_files/EAC_Research_2003_Report_Horeis.pdf, 2003
• [15] Hwang T. S., Lee T.-J., Lee Y-J.: A three-tier IDS via Data Mining Approach, In: Proc. of the 3rd Annual ACM Workshop on Mining Network Data (MineNet), San Diego USA, June 12 2007
• [16] Jawhar M. M. T., Mehrotra M: Aromaty Intrusion Detection System using Hamming Network Approach. International Journal of Computer Science & Communication, Vol. 1, No. 1, January June 2010
• [17] Jawhar M. M. I: Design Network Intrusion Detection System using hybrid Fuzzy-Neural Network, International Journal of Computer Science and Security, Volume 4
• [18] Kayacik H.G., Zincir-Heywood A.N., Heywood M.I.: Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD99 Intrusion Detection Dataset, In Proc. of the Third Annual Conference on Privacy, Security and Trust (PST-2005), October 2005
• [19] Kim J., Bentley R, Aickelin U., Greensmith J., Tedesco G., Twycross J.: Immune System Approaches to Intrusion Detection - A Revie, Natural Computing, vol. 6, no. 4, December 2007
• [20] Kruegel C., Toth T: Using decision trees to improve signature-based intrusion detection, In Proc. of the 6th Symposium on Recent Advances in Intrusion Detection (RAID;, 2003
• [21] Kukiełka R: Wykrywanie ataków na systemy informacyjne z wykorzystaniem metod adaptacyjnych, rozprawa doktorską Politechnika Warszawska Wydział Elektroniki i Technik Informacyjnych, Warszawa 2010
• [22] Kukiełka R, Kotulski Z.: Analysis of different architectures of neural networks for application in Intrusion Detection Systems. IMCSIT 2008
• [23] Kukiełka R, Kotulski Z.: Adaptation of the neural network-based IDS to newattacks detection, CoRR abs/1009.2406: (2010)
• [24] Lee W, Stolfo S. J.: A Framework for Constructing Features and Models for Intrusion Detection System, ACM Transactions on Information and System Security (T1SSEC), 3(4) 2000
• [25] Li W: Using Genetic Algorithm for network intrusion detection, In Proc. United States Department of Energy Cyber Security Group 2004 Training Conference, Kansas City, Kansas, May 24-27, 2004
• [26] X. Li, Ye N.: Decision tree classifier for computer intrusion detection, Journal of Parallel and Distributed Computing Practices, 2001
• [27] Lichodzijewski P, Zincir-Heywood A. N., Heywood M. L: Host-based intrusion detection using self-organizing maps, In Proc. of the 2002 IEEE World Congress on Computational Intelligenoe, 2002
• [28] Lichodzijewski R, Zincir-Heywood A. N., Heywood M. l.: Dynamic Intrusion Detection Using Self-Organizing Maps, In Proc. of the IEEE International Joint Conference on Neural Networks. IEEE, May 2002
• [29] Lippmann R., Haines J.W., Fried D.J., Korba J., Das K.: The 1999 Darpa Off-Line Intrusion Detection Evaluation, Computer Networks: The International Journal of Computer and Telecommunications Networking 34 (2000) 579-595, 2000.
• [30] Moradi M., Zuikemine M.: Neural Network Based System for Intrusion Detection and Classification of Attacks, IEEE International Conference on Advances in Intelligent Systems - Theory and Applications, Uccembourg-Kirchberg, Luxembourg, November 15-18, 2004
• [31] Mukkamala S., Janoski G., Sung A H.: Intrusion Detection Using Neural Networks and Support Vector Machines, In Proc. of the IEEE International Joint Conference on Neural Networks, IEEE Computer Society Press, 2002
• [32] Mukkamala S., Sung A. H., Abraham A., Ramos V: Intrusion Detection Systems using Adaptive Regression Splines. In Proc. of ICEIS-04 - 6th Int. Conf. on Enterprise Information Systems, Porto, Portugal, April 14-17, 2004
• [33] Mukkamala S., Sung A. H.: Feature selection for Intrusion Detection using Neural Networks and Support Vector Machines, Journal of the Transportation Research Board (of the National Academies), 2003
• [34] Mukkamala S., Sung A. H., Abraham A: Modeling Intrusion Detection Systems Using Unear Genetic Programming Approach, In Proc. of the 17th International Conference on Innovations in Applied Artificial Intelligence, Ottawa, Canada, 2004
• [35] Osowski S.: Sieci neuronowe do przetwarzanie informacji, Oficyna Wydawnicza Politechniki Warszawskiej, Warszawa 2006, ISBN 83-7207-615-4
• [36] Pan Z. S., Chen S. C., Hu G. B.: Hybrid neural network and C4.5 for misuse detection, In Proc. of the Second International Conference on Machine Learning and Cybernetics (ICMLC'03), 2003
• [37] Puttini R. S., Marrakchi Z., Mo L.: A Bayesian Classification Model for Real-Time Intrusion Detection, In Proc. of the 22th International Workshop on Bayesian Inference and Maximum Entropy Methods in Science and Engineering, 2002
• [38] Rhodes B. C., Mahaffey J. A., Cannady J. D.: Multiple sett-organizing maps for intrusion detection, In Proc. of the 23rd National Information Systems Security Conference, 2000
• [39] Rutkowski L.: Metody i techniki sztucznej inteligencji, Wydawnictwo Naukowe PWN, Warszawa 2006, ISBN-13 978-83-01-14529-3
• [40] Ryan J., Lin M J., Miikkulain R..- Intrusion detection with neural networks, Advances in Neural Information Processing Systems, vol. 10, Cambridge, MA: MIT Press; 1998
• [41] Seredynski R, Bouvry R: Some Issues in Solving the Anomaly Detection Problem using Immunological Approach, In Proc. of 19th International Parallel and Distributed Processing Symposium (IPDPS), Denver, USA, 2005
• [42] Skaruz J., Seredynski F: Recurrent neural networks towards detection of SOL attacks, IEEE International Parallel and Distributed Processing Symposium - IPDPS, 2007, 26-30 March 2007
• [43] Stein G., Chen B., Wu A. S., Hua K. A.: Decision Tree Classifier For Network Intrusion Detection With GA-based Feature Selection, In Proc. of the 43rd Annual Southeast Regional Conference, Kennesaw, Georgia, March 2005
• [44] Xu Q., Pei W., Yang Li, Zhao Q.: An Intrusion Detection Approach Based On Understandable Neural Network Trees, International Journal of Computer Science and Network Security, November 2006, v6111
• [45] Yao J.T., Zhao S.L., Saxton LV: A Study on fuzzy intrusion detection, In Proc. of SPIEVol.5812, Data Mining, Intrusion Detection, Information Assurance, And Data Networks Security, Oriando, Ronda, USA, 28 March -1 April 2005
• [46] Zhong J., Ghorbani A.: Network Intrusion Detection Using an Improved Competitive Learning Neural Network, In Proc. of the Second Annual Conference on Communication Networks and Services Research, 2004