Journal of Computing Science and Engineering

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지
DOI QR코드

DOI QR Code

Intrusion Detection: Supervised Machine Learning

  • Fares, Ahmed H. (Department of Electrical & Computer Engineering, Benha University) ;
  • Sharawy, Mohamed I. (Department of Electrical & Computer Engineering, Benha University) ;
  • Zayed, Hala H. (Department of Computer Science, Faculty of Computers, Benha University)
  • Received : 2010.11.25
  • Accepted : 2011.11.11
  • Published : 2011.12.30
Download PDF
⟨ Previous Next ⟩

Abstract

Due to the expansion of high-speed Internet access, the need for secure and reliable networks has become more critical. The sophistication of network attacks, as well as their severity, has also increased recently. As such, more and more organizations are becoming vulnerable to attack. The aim of this research is to classify network attacks using neural networks (NN), which leads to a higher detection rate and a lower false alarm rate in a shorter time. This paper focuses on two classification types: a single class (normal, or attack), and a multi class (normal, DoS, PRB, R2L, U2R), where the category of attack is also detected by the NN. Extensive analysis is conducted in order to assess the translation of symbolic data, partitioning of the training data and the complexity of the architecture. This paper investigates two engines; the first engine is the back-propagation neural network intrusion detection system (BPNNIDS) and the second engine is the radial basis function neural network intrusion detection system (BPNNIDS). The two engines proposed in this paper are tested against traditional and other machine learning algorithms using a common dataset: the DARPA 98 KDD99 benchmark dataset from International Knowledge Discovery and Data Mining Tools. BPNNIDS shows a superior response compared to the other techniques reported in literature especially in terms of response time, detection rate and false positive rate.

Keywords

References

  1. R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das, "1999 DARPA off-line intrusion detection evaluation," Computer Networks, vol. 34, no. 4, pp. 579-595, 2000. https://doi.org/10.1016/S1389-1286(00)00139-0
  2. D. Anderson, T. Frivold, and A. Valdes, Next-Generation Intrusion Detection Expert System (NIDES): a summary. SRI Technical Report No.: SRI-CSL-95-07, Menlo Park, CA: SRI International Computer Science Laboratory, 1995.
  3. K. R. Kendall, "A database of computer attacks for the evaluation of intrusion detect systems," MS Thesis, Massachusetts Institute of Technology, Cambridge, MA, 1999.
  4. W. H. Chen, S. H. Hsu, and H. P. Shen, "Application of SVM and ANN for intrusion detection," Computers and Operations Research, vol. 32, no. 10, pp. 2617-2634, 2005. https://doi.org/10.1016/j.cor.2004.03.019
  5. T. Horeis, "Intrusion detection with neural networks combination of self-organizing maps and radial basis function networks for human expert integration," http://citeseerx.ist.psu.edu/viewdoc/ download?doi=10.1.1.106.191&rep=rep1&type=pdf.
  6. H. Gunes Kayacik, A. Nur Zincir-Heywood, and M. I. Heywood, "A hierarchical SOM-based intrusion detection system," Engineering Applications of Artificial Intelligence, vol. 20, no. 4, pp. 439-451, 2007. https://doi.org/10.1016/j.engappai.2006.09.005
  7. G. Liu, Z. Yi, and S. Yang, "A hierarchical intrusion detection model based on the PCA neural networks," Neurocomputing, vol. 70, no. 7-9, pp. 1561-1568, 2007. https://doi.org/10.1016/j.neucom.2006.10.146
  8. R. Beghdad, "Critical study of neural networks in detecting intrusions," Computers and Security, vol. 27, no. 5-6, pp. 168- 175, 2008. https://doi.org/10.1016/j.cose.2008.06.001
  9. K. Shafi and H. A. Abbass, "An adaptive genetic-based signature learning system for intrusion detection," Expert Systems with Applications, vol. 36, no. 10, pp. 12036-12043, 2009. https://doi.org/10.1016/j.eswa.2009.03.036
  10. E. Eskin, A. Arnold, M. Prerau, L. Portnoy, and S. Stolfo, "A geometric framework for unsupervised anomaly detection: detecting intrusions in unlabeled data," Applications of Data Mining in Computer Security. Advances in Information Security Vol. 6, D. Barbara and S. Jajodia, Eds., Boston, MA: Kluwer Academic Publishers, 2002, pp. 77-101.
  11. M. S. Mok, S. Y. Sohn, and Y. H. Ju, "Random effects logistic regression model for anomaly detection," Expert Systems with Applications, vol. 37, no. 10, pp. 7162-7166, 2010. https://doi.org/10.1016/j.eswa.2010.04.017
  12. G. Wang, J. Hao, J. Mab, and L. Huang, "A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering," Expert Systems with Applications, vol. 37, no. 9, pp. 6225-6232, 2010. https://doi.org/10.1016/j.eswa.2010.02.102
  13. A. H. Fares, M. I. Sharrawy, and H. H. Zayed, "A fast intrusion detection technique based on machine learning," Proceedings of the 35th International Conference for Statistics and Computer Science and Its Applications, Cairo, Egypt, April 11-22, 2010.
  14. S. S. Haykin, Neural Networks: A Comprehensive Foundation, 2nd ed., Upper Saddle River, NJ: Prentice Hall, 1999.
  15. K. Mehrotra, C. K. Mohan, and S. Ranka, Elements of Artificial Neural Networks, Cambridge, MA: MIT Press, 1997.
  16. Information Systems Technology Group, "The 1998 intrusion detection off-line evaluation plan information," http://www.ll.mit.edu/ mission/communications/ist/corpora/ideval/index.html.
  17. The KDD cup 1999 data set, http://kdd.ics.uci.edu/databases/ kddcup99/kddcup99.html.
  18. S. Hettich, S. D. Bay, "The UCI KDD archive," http://kdd.ics.uci.edu.
  19. KDD data set task and features categories details, http://kdd.ics.uci.edu/ databases/kddcup99/task.html.
  20. K. M. Faraoun and A. Boukelif, "Neural networks learning improvement using the K-means clustering algorithm to detect network," International Journal of Computational Inteligence, vol. 3, no. 2, pp. 161-168, 2006.

Cited by

  1. A Comparative Study on the Performance of Intrusion Detection using Decision Tree and Artificial Neural Network Models vol.11, pp.4, 2015, https://doi.org/10.17662/ksdim.2015.11.4.033
  2. The prediction of action positions in team handball by non-linear hybrid neural networks vol.17, pp.3, 2017, https://doi.org/10.1080/24748668.2017.1336688
  3. A Comparative Study on the Performance of SVM and an Artificial Neural Network in Intrusion Detection vol.17, pp.2, 2016, https://doi.org/10.5762/KAIS.2016.17.2.703
  4. A Survey on Intrusion-Tolerant System vol.7, pp.4, 2013, https://doi.org/10.5626/JCSE.2013.7.4.242