Document Type : Review Article
Authors
Abstract
The number of attacks in computer networks has grown extensively, and many new intrusive methods have appeared. Intrusion detection is known as an effective method to secure the information and communication systems. In this paper, the performance of Elman and partial-connected dynamic neural network (PCDNN) architectures are investigated for misuse detection in computer networks. To select the most significant features, logistic regression is also used to rank the input features of mentioned neural networks (NNs) based on the Chi-square values for different selected subsets in this work. In addition, genetic algorithm (GA) is used as an optimization search scheme to determine the sub-optimal architecture of investigated NNs with selected input features. International knowledge discovery and data mining group (KDD) dataset is used for training and test of the mentioned models in this study. The features of KDD data are categorized as basic, content, time-based traffic, and host-based traffic features. Empirical results show that PCDNN with selected input features and categorized input connections offers better detection rate (DR) among the investigated models. The mentioned NN also performs better in terms of cost per example (CPE) when compared to other proposed models in this study. False alarm rate (FAR) of the PCDNN with selected input features and categorized input connections is better than other proposed models, as well.
Keywords
[1] Cansian A.M., Moreira E., Carvalho A., and Bonifacio J.M., “Network intrusion detection using neural networks”, in Proc. Int. Conf. on Computational Intelligence and Multimedia Applications, pp. 276-280, 1997.
[2] Yeung D.Y., Ding Y., “Host-based intrusion detection using dynamic and static behavioral models”, Journal of Pattern Recognition, Vol. 36, pp. 229-243, 2003.
[3] Garcia-Teodoro P., Diaz-Verdejo J., Macia-Fernandez G., and Vazquez E., “Anomaly-base network intrusion detection: techniques, systems and challenges”, Journal of Computers & Security, Vol. 28, pp. 18-28, 2009.
[4] Ramadas M., Ostermann S., and Tjaden B., “Detecting anomalous network traffic with self-organizing maps”, Recent Advances in Intrusion Detection, RAID, Lecture Notes in Computer Science (LNCS), Vol. 2820, pp. 36-54, 2003.
[5] Beghdad R., “Training all the KDD data set to classify and detect attacks”, Neural Network World, Vol. 17, pp. 81-91, 2007.
[6] Sheikhan M., Jadidi Z., “Misuse detection using hybrid of association rule mining and connectionist modeling”, World Applied Sciences Journal, Vol. 7, Special Issue of Computer & IT, pp. 31-37, 2009.
[7] Ye N., Emran S.M., Chen Q., and Vilbert S., “Multivariate statistical analysis of audit trials for host-based intrusion detection”, IEEE Transactions on Computers, Vol. 51, pp. 810-820, 2002.
[8] Kruegel C., Mutz D., Robertson W., and Valeur F., “Bayesian event classification for intrusion detection”, in Proc. Annual Computer Security Applications Conf., pp. 14-23, 2003.
[9] Song D., Heywood M.I., and Zincir-Heywood A.N., “Training genetic programming on half a million patterns: an example from anomaly detection”, IEEE Transactions on Evolutionary Computation, Vol. 9, pp. 225-239, 2005.
[10] Sequeira K., Zaki M., “ADMIT: anomaly-based data mining for intrusions”, in Proc. ACM SIGKDD Int. Conf. on Knowledge Discovery and Data Mining, pp. 386-395, 2002.
[11] Dickerson J.E., “Fuzzy network profiling for intrusion detection”, in Proc. North American Fuzzy Information Processing Society (NAFIPS) Int. Conf., pp. 301-306, 2000.
[12] Gomez J., Dasgupta D., “Evolving fuzzy classifiers for intrusion detection”, in Proc. IEEE Workshop on Information Assurance, pp. 68-75, 2002.
[13] Shon T., Moon J., “A hybrid machine learning approach to network anomaly detection”, Journal of Information Sciences, Vol. 177, pp. 3799-3821, 2007.
[14] Han S.J., Cho S.B., “Detecting intrusion with rule-based integration of multiple models”, Journal of Computers & Security, Vol. 22, pp. 613-623, 2003.
[15] Novikov D., Yampolskiy R.V., and Reznik L., “Artificial intelligence approaches for intrusion detection”, in Proc. IEEE Conf. on Systems, Applications and Technology, pp. 1-8, 2006.
[16] Biermann E., Cloeteand E., and Venter L.M., “A comparison of intrusion detection systems”, Journal of Computers & Security, Vol. 20, pp. 676-683, 2001.
[17] Debar H., Dorizzi B., “An application of recurrent network to an intrusion detection system”, in Proc. Int. Joint Conf. on Neural Networks, pp. 478-483, 1992.
[18] Kayacik G., Zincir-Heywood N., and Heywood M., “On the capability of an SOM-based intrusion detection system”, in Proc. Int. Joint Conf. on Neural Networks, pp. 1808-1813, 2003.
[19] Golovko V., Vaitsekhovich L., Kochurko P., and Rubanau U., “Dimensionality reduction and attack recognition using neural network approaches”, in Proc. Int. Joint Conf. on Neural Networks, pp. 2734-2739, 2007.
[20] Beghdad R., “Critical study of neural networks in detecting intrusions”, Journal of Computers and Security, Vol. 27, pp. 168-175, 2008.
[21] Sheikhan M., Sha'bani A.A., “Fast neural intrusion detection system based on hidden weight optimization algorithm and feature selection”, World Applied Sciences Journal, Special Issue of Computer & IT, Vol. 7, pp. 45-53, 2009.
[22] Sheikhan M., Jadidi Z., and Beheshti M., “Effects of feature reduction on the performance of attack recognition by static and dynamic neural networks”, World Applied Sciences Journal, Vol. 8, pp. 302-308, 2010.
[23] Joshi M.V., Agrawal R.C., and Kumar V., “Mining needless in a haystack: classifying rare classes via two-phase rule induction”, in Proc. ACM SIGMOD Conf. on Management of Data, pp. 91-102, 2001.
[24] Lin Y., Chen K., and Liao X., “A genetic clustering method for intrusion detection”, Journal of Pattern Recognition, Vol. 37, pp. 924-927, 2004.
[25] Pfahringer B., “Winning the KDD 99 classification cup: bagged boosting”, Journal of SIGKDD Explorations, Vol. 1, pp. 65-66, 2000.
[26] Levin I., “KDD classifier learning contest: LLSoft's results overview”, Journal of SIGKDD Explorations, Vol. 1, pp. 67-75, 2000.
[27] Denning D.E., “An intrusion-detection model”, IEEE Transactions on Software Engineering, Vol. 13, pp. 222-232, 1987.
[28] Mukkamala S., Janoski G., and Sung A.H., “Intrusion detection using neural networks and support vector machines”, in Proc. Int. Joint Conf. on Neural Networks, pp. 1702-1707, 2002.
[29] Abadeh M.S., Habibi J., and Lucas C., “Intrusion detection using a fuzzy genetic–based learning algorithm”, Journal of Network and Computer Applications, Vol. 30, pp. 414-428, 2005.
[30] Tajbakhsh A., Rahmati M., and Mirzaei A., “Intrusion detection using fuzzy association rules”, Journal of Applied Soft Computing, Vol. 9, pp. 462-469, 2009.
[31] Sheikhan M., Gharavian D., “Combination of Elman neural network and classification-based predictive association rules to improve computer networks' security”, World Applied Sciences Journal, Vol. 7, Special Issue of Computer & IT, pp. 80-86, 2009.
[32] Sheikhan M., Khalili A., “Intrusion detection based on rule extraction from dynamic cell structure neural network”, Majlesi Journal of Electrical Engineering, Vol. 4, No. 4, pp. 24-34, 2010.
[33] Tamilarasan A., Mukkamala S., Sung A.H., and Yendrapalli K., “Feature ranking and selection for intrusion detection using artificial neural networks and statistical methods”, in Proc. Int. Joint Conf. on Neural Networks, pp. 4754-4761, 2006.
[34] KDD Cup 1999 Data, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, accessed July 2008.
[35] Hochman R., Khoshgoftaar T.M., Allen E.B., and Hudepohl J.P., “Using the genetic algorithm to build optimal neural networks for fault-prone module detection”, in Proc. 7th Int. Symp. on Software Reliability Engineering, pp. 152-162, 1996.
[36] Sheikhan M., Movaghar B., “Exchange rate prediction using an evolutionary connectionist model”, World Applied Sciences Journal, Special Issue of Computer & IT, Vol. 7, pp. 8-16, 2009.
[37] Agrawal R., Joshi M.V., “PNrule: a new framework for learning classifier models in data mining (a case-study in network intrusion detection)”, IBM Research Division, Report No. RC-21719, 2000.
[38] Duda R.O., Hart P.E., Pattern Classification and Scene Analysis, Wiley, 1973.
[39] Han F.M., Principles of Neurocomputing for Science and Engineering, McGraw Hill, 1991.
[40] Hartigan J.A., Clustering Algorithms, John Wiley and Sons, 1975.
[41] Lee Y., Classifiers: Adaptive Modules in Pattern Recognition Systems, Cambridge, MIT Press, 1989.
[42] Carpenter G.A., Grossberg S., Markuzon N., Reynolds J.H., and Rosen D.B., “Fuzzy ARTMAP: A neural network architecture for incremental supervised learning of analog multidimensional maps”, IEEE Transactions on Neural Networks, Vol. 3, pp. 698-713, 1992.
[43] Tran T.P., Jan T., “Boosted modified probabilistic neural network (BMPNN) for network intrusion detection”, in Proc. Int. Joint Conf. on Neural Networks, pp. 2354-2361, 2006.
[44] Chen Y., Abraham A., and Yang B., “Hybrid flexible neural-tree-based intrusion detection systems”, International Journal of Intelligent Systems, Vol. 22, pp. 337-352, 2007.
[45] Chang R-I., Lai L-B., Su W-D., Wang J-C., and Kouh J-S., “Intrusion detection by backpropagation neural networks with sample-query and attribute-query”, International Journal of Computational Intelligence Research, Vol. 3, pp. 6-10, 2007.
[46] Venkatachalam V., Selvan S., “An approach for reducing the computational complexity of LAMSTAR intrusion detection system using principal component analysis”, International Journal of Computer Science, Vol. 2, pp. 76-84, 2007.
[47] Yu L., Chen B., and Xiao J., “An integrated system of intrusion detection based on rough set and wavelet neural network”, in Proc. IEEE Int. Conf. on Natural Computation, pp. 194-199, 2007.
[48] Sabhnani M., Serpen G., “Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set”, Journal of Intelligent Data Analysis, Vol. 6, pp. 1-13, 2004.
)