Identifying Key Variables for Intrusion Detection Using Soft Computing Paradigms

This paper concerns using learning machines for intrusion detection. Two classes of learning machines are studied: Artificial Neural Networks (ANNs) and Support Vector Machines (SVMs). We show that SVMs are superior to ANNs for intrusion detection in three critical respects: SVMs train, and run, an order of magnitude faster; SVMs scale much better; and SVMs give higher classification accuracy. We also address the related issue of ranking the importance of input features, which is itself a problem of great interest in modeling. Since elimination of the insignificant and/or useless inputs leads to a simplification of the problem and possibly faster and more accurate detection, feature selection is very important in intrusion detection. Two methods for feature ranking are presented: the first one is independent of the modeling tool, while the second method is specific to SVMs. The two methods are applied to identify the important features in the 1999 DARPA intrusion data. It is shown that the two methods produce results that are largely consistent. We present various experimental results that indicate that SVM-based intrusion detection using a reduced number of features can deliver enhanced or comparable performance. An SVM-based IDS for class-specific detection is thereby proposed. Finally, we also illustrate some of our current ongoing research work using neuro-fuzzy systems and linear genetic programming.

[1]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[2]  Andrew H. Sung,et al.  Comparison of Neural Networks and Support Vector Machines in Intrusion Detection , 2002 .

[3]  Eugene H. Spafford,et al.  An Application of Pattern Matching in Intrusion Detection , 1994 .

[4]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[5]  Yinghua Lin,et al.  A new approach to fuzzy-neural system modeling , 1995, IEEE Trans. Fuzzy Syst..

[6]  Risto Miikkulainen,et al.  Intrusion Detection with Neural Networks , 1997, NIPS.

[7]  Andrew H. Sung,et al.  Ranking importance of input parameters of neural networks , 1998 .

[8]  Hervé Debar,et al.  An application of a recurrent network to an intrusion detection system , 1992, [Proceedings 1992] IJCNN International Joint Conference on Neural Networks.

[9]  Susan M. Bridges,et al.  Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection , 2000, Int. J. Intell. Syst..

[10]  Michael J. Cramer New Methods of Intrusion Detection using Control-Loop Measurement , 1995 .

[11]  James Cannady,et al.  Artificial Neural Networks for Misuse Detection , 1998 .

[12]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  Anders Krogh,et al.  Introduction to the theory of neural computation , 1994, The advanced book program.

[14]  Vladimir Vapnik,et al.  The Nature of Statistical Learning , 1995 .

[15]  Thorsten Joachims,et al.  Making large scale SVM learning practical , 1998 .

[16]  Thorsten Joachims,et al.  Estimating the Generalization Performance of an SVM Efficiently , 2000, ICML.

[17]  Andrew H. Sung,et al.  Monitoring Information System Security , 2001 .

[18]  Vladimir N. Vapnik,et al.  The Nature of Statistical Learning Theory , 2000, Statistics for Engineering and Information Science.

[19]  F. Ashcroft,et al.  VIII. References , 1955 .

[20]  Chuen-Tsai Sun,et al.  Neuro-fuzzy And Soft Computing: A Computational Approach To Learning And Machine Intelligence [Books in Brief] , 1997, IEEE Transactions on Neural Networks.

[21]  Ajith Abraham,et al.  Neuro Fuzzy Systems: Sate-of-the-Art Modeling Techniques , 2001, IWANN.

[22]  Michael Schatz,et al.  Learning Program Behavior Profiles for Intrusion Detection , 1999, Workshop on Intrusion Detection and Network Monitoring.

[23]  Peter Nordin,et al.  Genetic programming - An Introduction: On the Automatic Evolution of Computer Programs and Its Applications , 1998 .