Intrusion Detection Method Using Neural Networks Based on the Reduction of Characteristics

The application of techniques based on Artificial Intelligence for intrusion detection systems (IDS), mostly, artificial neural networks (ANN), is becoming a mainstream as well as an extremely effective approach to address some of the current problems in this area. Nevertheless, the selection criteria of the features to be used as inputs for the ANNs remains a problematic issue, which can be put, in a nutshell, as follows: The wider the detection spectrum of selected features is, the lower the performance efficiency of the process becomes and vice versa. This paper proposes sort of a compromise between both ends of the scale: a model based on Principal Component Analysis (PCA) as the chosen algorithm for reducing characteristics in order to maintain the efficiency without hindering the capacity of detection. PCA uses a data model to diminish the size of ANN's input vectors, ensuring a minimum loss of information, and consequently reducing the complexity of the neural classifier as well as maintaining stability in training times. A test scenario for validation purposes was developed, using based-on-ANN IDS. The results obtained based on the tests have demonstrated the validity of the proposal.

[1]  Alok N. Choudhary,et al.  A reconfigurable architecture for network intrusion detection using principal component analysis , 2006, FPGA '06.

[2]  Xin Xu,et al.  An Adaptive Network Intrusion Detection Method Based on PCA and Support Vector Machines , 2005, ADMA.

[3]  Jacek M. Zurada,et al.  Advances in Neural Networks - ISNN 2006, Third International Symposium on Neural Networks, Chengdu, China, May 28 - June 1, 2006, Proceedings, Part I , 2006, International Symposium on Neural Networks.

[4]  Chunlin Zhang,et al.  Comparison of BPL and RBF Network in Intrusion Detection System , 2003, RSFDGrC.

[5]  Douglas Comer,et al.  Internetworking with TCP/IP , 1988 .

[6]  David M. Skapura,et al.  Neural networks - algorithms, applications, and programming techniques , 1991, Computation and neural systems series.

[7]  Shawn Ostermann,et al.  Detecting Anomalous Network Traffic with Self-organizing Maps , 2003, RAID.

[8]  Francisco Ibarra,et al.  Application of Neural Networks in Network Control and Information Security , 2006, ISNN.

[9]  M.I. Heywood,et al.  Host-based intrusion detection using self-organizing maps , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[10]  A.H. Sung,et al.  Identifying important features for intrusion detection using support vector machines and neural networks , 2003, 2003 Symposium on Applications and the Internet, 2003. Proceedings..

[11]  Michael Schatz,et al.  A Real-Time Intrusion Detection System Based on Learning Program Behavior , 2000, Recent Advances in Intrusion Detection.

[12]  Ajith Abraham,et al.  Feature deduction and ensemble design of intrusion detection systems , 2005, Comput. Secur..

[13]  Andrew H. Sung,et al.  Feature Ranking and Selection for Intrusion Detection Systems Using Support Vector Machines , 2002 .

[14]  Hervé Debar,et al.  Intrusion Detection: Introduction to Intrusion Detection and Security Information Management , 2005, FOSAD.

[15]  Taskin Kavzoglu Determining Optimum Structure for Artificial Neural Networks , 1999 .

[16]  Sergio M. Savaresi,et al.  Unsupervised learning techniques for an intrusion detection system , 2004, SAC '04.