A Hybrid Network Anomaly and Intrusion Detection Approach Based on Evolving Spiking Neural Network Classification

The evolution of network services is closely connected to the understanding and modeling of their corresponding traffic. The obtained conclusions are related to a wide range of applications, like the design of the transfer lines’ capacity, the scalar taxing of customers, the security violations and the spotting of errors and anomalies. Intrusion Detection Systems (IDS) monitor and analyze the events in traffic, to locate indications for potential intrusion and integrity violation attacks, resulting in the violation of trust and availability of information resources. They act in a complimentary mode with the existing security infrastructure, aiming in the early warning of the administrator, offering him details that will let him reach proper decisions and correction actions. This paper proposes a network-based online system, which uses minimum computational power to analyze only the basic characteristics of network flow, so as to spot the existence and the type of a potential network anomaly. It is a Hybrid Machine Learning Anomaly Detection System (HMLADS), which employs classification performed by Evolving Spiking Neural Networks (eSNN), in order to properly label a Potential Anomaly (PAN) in the net. On the other hand it uses a Multi-Layer Feed Forward (MLFF) ANN to classify the exact type of the intrusion.

[1]  Ron Kohavi,et al.  A Study of Cross-Validation and Bootstrap for Accuracy Estimation and Model Selection , 1995, IJCAI.

[2]  Arnaud Delorme,et al.  Networks of integrate-and-fire neurons using Rank Order Coding B: Spike timing dependent plasticity and emergence of orientation selectivity , 2001, Neurocomputing.

[3]  Mehdi Bahrami,et al.  An overview to Software Architecture in Intrusion Detection System , 2011, ArXiv.

[4]  Biswanath Mukherjee,et al.  A Methodology for Testing Intrusion Detection Systems , 1996, IEEE Trans. Software Eng..

[5]  J. Suguna,et al.  Ensemble Fuzzy Clustering for Mixed Numeric and Categorical Data , 2012 .

[6]  Ali A. Ghorbani,et al.  Network Anomaly Detection Based on Wavelet Analysis , 2009, EURASIP J. Adv. Signal Process..

[7]  Li Yang,et al.  The research of intrusion detection based on genetic neural network , 2008, 2008 International Conference on Wavelet Analysis and Pattern Recognition.

[8]  Michael Defoin-Platel,et al.  Integrated Feature and Parameter Optimization for an Evolving Spiking Neural Network , 2008, ICONIP.

[9]  Hongjoong Kim,et al.  A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods , 2006, IEEE Transactions on Signal Processing.

[10]  J. Hossen,et al.  A Modified Hybrid Fuzzy Clustering Algorithm for Data Partitions , 2011 .

[11]  Nikola Kasabov,et al.  Evolving Connectionist Systems: The Knowledge Engineering Approach , 2007 .

[12]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[13]  Jacques Gautrais,et al.  Rank order coding , 1998 .

[14]  Pat Langley,et al.  Estimating Continuous Distributions in Bayesian Classifiers , 1995, UAI.

[15]  Salvatore J. Stolfo,et al.  Cost-based modeling for fraud and intrusion detection: results from the JAM project , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[16]  Leon Reznik,et al.  Anomaly Detection Based Intrusion Detection , 2006, Third International Conference on Information Technology: New Generations (ITNG'06).

[17]  Malcolm I. Heywood,et al.  Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 , 2005, PST.

[18]  Zurina Mohd Hanapi,et al.  Hybrid of fuzzy Clustering Neural Network over NSL Dataset for Intrusion Detection System , 2013, J. Comput. Sci..

[19]  Sung-Bae Cho,et al.  Evolutionary neural networks for anomaly detection based on the behavior of a program , 2005, IEEE Trans. Syst. Man Cybern. Part B.

[20]  Heaton T. Jeff,et al.  Introduction to Neural Networks with Java , 2005 .

[21]  Vladimir N. Vapnik,et al.  The Nature of Statistical Learning Theory , 2000, Statistics for Engineering and Information Science.

[22]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[23]  Simei Gomes Wysoski,et al.  Adaptive Learning Procedure for a Network of Spiking Neurons and Visual Pattern Recognition , 2006, ACIVS.

[24]  Arnaud Delorme,et al.  Spike-based strategies for rapid processing , 2001, Neural Networks.