An integrated intrusion detection system by using multiple neural networks

Neural networks approach is one of the most promising methodologies for intrusion detection in network security. An integrated intrusion detection system (IIDS) scheme based on multiple neural networks is proposed. The approaches used in IIDS include principal component neural networks, growing neural gas networks and principal component self-organizing map networks. By the abilities of classification and clustering analysis of the above methods, IIDS can be adapted to both anomaly and misuse detections for intrusive outsiders. The training stage is a mixture of supervised manner and unsupervised one. Furthermore, IIDS uses the buffering and spoofing principles of address resolution protocol (ARP) to capture and refuse the insider intruders trying to log on a local area network (LAN). Therefore, IIDS is able to detect the intrusions/attacks both from the outer Internet and an inner LAN. Experiments are carried out to illustrate the performance of the proposed intrusion detection system by using the KDD CUP 1999 Intrusion Detection Evaluation dataset.

[1]  Ezequiel López-Rubio,et al.  A principal components analysis self-organizing map , 2004, Neural Networks.

[2]  M. Shyu,et al.  A Novel Anomaly Detection Scheme Based on Principal Component Classifier , 2003 .

[3]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .

[4]  Zhang Yi,et al.  A hierarchical intrusion detection model based on the PCA neural networks , 2007, Neurocomputing.

[5]  Thomas Martinetz,et al.  'Neural-gas' network for vector quantization and its application to time-series prediction , 1993, IEEE Trans. Neural Networks.

[6]  Zhang Yi,et al.  Intrusion Detection Using PCASOM Neural Networks , 2006, ISNN.

[7]  S. T. Sarasamma,et al.  Hierarchical Kohonenen net for anomaly detection in network security , 2005, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[8]  Andreas Rauber,et al.  The growing hierarchical self-organizing map: exploratory analysis of high-dimensional data , 2002, IEEE Trans. Neural Networks.

[9]  Zhang Yi,et al.  Determination of the Number of Principal Directions in a Biologically Plausible PCA Model , 2007, IEEE Transactions on Neural Networks.

[10]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[11]  James Cannady,et al.  Artificial Neural Networks for Misuse Detection , 1998 .

[12]  Anup K. Ghosh,et al.  A Study in Using Neural Networks for Anomaly and Misuse Detection , 1999, USENIX Security Symposium.

[13]  Teuvo Kohonen,et al.  Self-Organizing Maps , 2010 .

[14]  Rebecca Gurley Bace,et al.  Intrusion Detection , 2018, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[15]  Timo Horeis Intrusion Detection with Neural Networks – Combination of Self-Organizing Maps and Radial Basis Function Networks for Human Expert Integration , .

[16]  Ezequiel López-Rubio,et al.  The Principal Components Analysis Self-Organizing Map , 2002, ICANN.