Intrusion detection using hierarchical neural networks

Most intrusion detection system (IDS) with a single-level structure can only detect either misuse or anomaly attacks. Some IDSs with multi-level structure or multi-classifier are proposed to detect both attacks, but they are limited in adaptively learning. In this paper, two hierarchical IDS frameworks using Radial Basis Functions (RBF) are proposed. A serial hierarchical IDS (SHIDS) is proposed to identify misuse attack accurately and anomaly attacks adaptively. A parallel hierarchical IDS (PHIDS) is proposed to enhance the SHIDS's functionalities and performance. The experiments show that the two proposed IDSs can detect network intrusions in real-time, train new classifiers for novel intrusions automatically, and modify their structures adaptively after new classifiers are trained.

[1]  Robert S. Sielken Application Intrusion Detection , 1999 .

[2]  Geoffrey E. Hinton,et al.  Learning internal representations by error propagation , 1986 .

[3]  Ulf Lindqvist,et al.  Detecting computer and network misuse through the production-based expert system toolset (P-BEST) , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[4]  Michael Negnevitsky,et al.  Artificial Intelligence: A Guide to Intelligent Systems , 2001 .

[5]  James L. McClelland,et al.  Parallel distributed processing: explorations in the microstructure of cognition, vol. 1: foundations , 1986 .

[6]  D. Endler,et al.  Intrusion detection. Applying machine learning to Solaris audit data , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[7]  Ray Hunt,et al.  Intrusion detection techniques and approaches , 2002, Comput. Commun..

[8]  Pawel Strumillo,et al.  Radial Basis Function Neural Networks: Theory and Applications , 2003 .

[9]  Anup K. Ghosh,et al.  Detecting anomalous and unknown intrusions against programs , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[10]  P. Werbos,et al.  Beyond Regression : "New Tools for Prediction and Analysis in the Behavioral Sciences , 1974 .

[11]  Symeon Papavassiliou,et al.  Network intrusion and fault detection: a statistical anomaly approach , 2002, IEEE Commun. Mag..

[12]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[13]  Fabio Roli,et al.  Fusion of multiple classifiers for intrusion detection in computer networks , 2003, Pattern Recognit. Lett..

[14]  Michael Wenstrom Managing Cisco Network Security , 2001 .

[15]  Sung-Bae Cho,et al.  Incorporating soft computing techniques into a probabilistic intrusion detection system , 2002, IEEE Trans. Syst. Man Cybern. Part C.

[16]  James Cannady,et al.  Artificial Neural Networks for Misuse Detection , 1998 .

[17]  Cannady,et al.  Next Generation Intrusion Detection: Autonomous Reinforcement Learning of Network Attacks , 2000 .

[18]  Stefan Axelsson,et al.  The base-rate fallacy and the difficulty of intrusion detection , 2000, TSEC.

[19]  Anita K. Jones,et al.  Computer System Intrusion Detection: A Survey , 2000 .

[20]  Lefteri H. Tsoukalas,et al.  Fuzzy and neural approaches in engineering , 1997 .

[21]  Lotfi A. Zadeh,et al.  Fuzzy logic, neural networks, and soft computing , 1993, CACM.

[22]  Joydeep Ghosh,et al.  An overview of radial basis function networks , 2001 .

[23]  Belur V. Dasarathy,et al.  Decision fusion , 1994 .

[24]  Risto Miikkulainen,et al.  Intrusion Detection with Neural Networks , 1997, NIPS.

[25]  Selim G. Akl,et al.  Views for Multilevel Database Security , 1987, IEEE Transactions on Software Engineering.

[26]  Susan C. Lee,et al.  Training a neural-network based intrusion detector to recognize novel attacks , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[27]  Salvatore J. Stolfo,et al.  Using artificial anomalies to detect unknown and known network intrusions , 2003, Knowledge and Information Systems.