Intrusion detection through artificial neural networks

The main problem with rule-based intrusion detection systems is the update discrepancy in their knowledge base, in relation the continuous differentiated forms of intrusion. Those IDSs basically work based on the misuse detection method, which monitors network and computers for known attack patterns. This article shows the build of a prototype for a network intrusion detection system, that uses an artificial neural network as a detection mechanism. In the network training and learning phases, which are an adaptive process, the knowledge base of IDS Snort was applied. The built IDSs allow the detection of an acceptable proportion of variants of intrusion, beyond the already known intrusion forms. This last characteristic presents expressive advantages comparing to intrusion detection systems purely based on rules, because it dismisses the use of an extensive knowledge base and solves the false negative and false positive problems, through the fine adjustment of weights, given by the variation of the acceptation rate in the network output, when the network is trained.

[1]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[2]  Steven McCanne,et al.  The BSD Packet Filter: A New Architecture for User-level Packet Capture , 1993, USENIX Winter.

[3]  Lee M. Rossey,et al.  Extending the DARPA off-line intrusion detection evaluations , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[4]  Azzedine Boukerche,et al.  An agent based and biological inspired real-time intrusion detection and security model for computer network operations , 2007, Comput. Commun..

[5]  James Cannady,et al.  The Application of Artificial Neural Networks to Misuse Detection : Initial Results , 2000 .

[6]  D. Dasgupta,et al.  Mobile security agents for network traffic analysis , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[7]  Charles E. Kahn,et al.  A common intrusion detection framework , 2000 .

[8]  Monis Akhlaq,et al.  Evaluating Intrusion Detection Systems in High Speed Networks , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[9]  Simon Haykin,et al.  Neural Networks: A Comprehensive Foundation (3rd Edition) , 2007 .

[10]  Mike Erlinger,et al.  Intrusion Detection Message Exchange Requirements , 2007, RFC.

[11]  Edson dos Santos Moreira,et al.  Implementation of an intrusion detection system based on mobile agents , 2000, 2000 Proceedings International Symposium on Software Engineering for Parallel and Distributed Systems.

[12]  Risto Miikkulainen,et al.  Intrusion Detection with Neural Networks , 1997, NIPS.

[13]  Simon Haykin,et al.  Neural Networks: A Comprehensive Foundation , 1998 .