Evolving Block-Based Neural Network and Field Programmable Gate Arrays for Host-Based Intrusion Detection System

In this paper, we design a prototype with hybrid software-enabled detection engine on the basis of an evolving block-based neural network (BBNN), and integrate it with a Field Programmable Gate Arrays (FPGA) board to enable a real-time host-based intrusion detection system (IDS). The established prototype can feed sequence of system calls obtained from a server directly into the BBNN based IDS. The structure and weights of BBNN are evolved by Genetic Algorithms. Experimental performance comparisons have been conducted against four major Support Vector Machines (SVMs) by carrying out leave-one-out cross validation. The results show that the improved BBNN outperforms other algorithms with respect to the classification and detection performances. The false alarm rate is successfully reduced as low as 2.22% while the detection rate 100% is still maintained. The running times of the proposed hardware based IDS versus other software based systems are also discussed.

[1]  Rogério de Lemos,et al.  Immune-Inspired Adaptable Error Detection for Automated Teller Machines , 2007, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[2]  Vladimir Vapnik,et al.  An overview of statistical learning theory , 1999, IEEE Trans. Neural Networks.

[3]  Seong-Gon Kong,et al.  Block-based neural networks , 2001, IEEE Trans. Neural Networks.

[4]  Ayman M. Bahaa Eldin,et al.  Agent based correlation model for intrusion detection alerts , 2010, 2010 IEEE International Conference on Intelligence and Security Informatics.

[5]  Anurag Kumar,et al.  Optimal Sleep-Wake Scheduling for Quickest Intrusion Detection Using Wireless Sensor Networks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[6]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[7]  Yuxin Ding,et al.  Host-based intrusion detection using dynamic and static behavioral models , 2003, Pattern Recognit..

[8]  Min-Soeng Kim,et al.  Study on encoding schemes in compact genetic algorithm for the continuous numerical problems , 2007, SICE Annual Conference 2007.

[9]  Rainer Storn,et al.  Differential Evolution – A Simple and Efficient Heuristic for global Optimization over Continuous Spaces , 1997, J. Glob. Optim..

[10]  Junzhong Zhao,et al.  A model of evolving intrusion detection system based on data mining and immune principle , 2004, 2004 IEEE Region 10 Conference TENCON 2004..

[11]  John H. Holland,et al.  Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control, and Artificial Intelligence , 1992 .

[12]  Hung T. Nguyen,et al.  Hybrid Fuzzy Logic-Based Particle Swarm Optimization for Flow shop Scheduling Problem , 2011, Int. J. Comput. Intell. Appl..

[13]  Xizhao Wang,et al.  Covariance-Matrix Modeling and Detecting Various Flooding Attacks , 2007, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[14]  Gregory D. Peterson,et al.  Evolvable Block-Based Neural Network Design for Applications in Dynamic Environments , 2010, VLSI Design.

[15]  Luca Maria Gambardella,et al.  Ant colony system: a cooperative learning approach to the traveling salesman problem , 1997, IEEE Trans. Evol. Comput..

[16]  James Kennedy,et al.  Particle swarm optimization , 2002, Proceedings of ICNN'95 - International Conference on Neural Networks.

[17]  Lilly Suriani Affendey,et al.  Intrusion detection using data mining techniques , 2010, 2010 International Conference on Information Retrieval & Knowledge Management (CAMP).