A Machine Learning Approach with Verification of Predictions and Assisted Supervision for a Rule-Based Network Intrusion Detection System

Network security is a branch of network management in which network intrusion detection systems provide attack detection features by monitorization of traffic data. Rule-based misuse detection systems use a set of rules or signatures to detect attacks that exploit a particular vulnerability. These rules have to be handcoded by experts to properly identify vulnerabilities, which results in misuse detection systems having limited extensibility. This paper proposes a machine learning layer on top of a rule-based misuse detection system that provides automatic generation of detection rules, prediction verification and assisted classification of new data. Our system offers an overall good performance, while adding an heuristic and adaptive approach to existing rule-based misuse detection systems.

[1]  Gaia Maselli Design and Implementation of an Anomaly Detection System: an Empirical Approach , 2003 .

[2]  W. R. Garner Concept Learning: An Information- Processing Problem , 1964 .

[3]  Qiang Chen,et al.  Computer intrusion detection through EWMA for autocorrelated and uncorrelated data , 2003, IEEE Trans. Reliab..

[4]  Eugene H. Spafford,et al.  A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION , 1994 .

[5]  John W. Sammon,et al.  A Nonlinear Mapping for Data Structure Analysis , 1969, IEEE Transactions on Computers.

[6]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[7]  N.B. Idris,et al.  Artificial Intelligence Techniques Applied to Intrusion Detection , 2005, 2005 Annual IEEE India Conference - Indicon.

[8]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[9]  Giovanni Vigna,et al.  Hi-DRA: Intrusion Detection for Internet Security , 2005, Proceedings of the IEEE.

[10]  Lih-Chyau Wuu,et al.  Building intrusion pattern miner for Snort network intrusion detection system , 2007, J. Syst. Softw..

[11]  J. Ross Quinlan,et al.  C4.5: Programs for Machine Learning , 1992 .

[12]  Kimmo Hätönen,et al.  A computer host-based user anomaly detection system using the self-organizing map , 2000, Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks. IJCNN 2000. Neural Computing: New Challenges and Perspectives for the New Millennium.

[13]  Nong Ye,et al.  Statistical process control for computer intrusion detection , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[14]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[15]  M. V. Velzen,et al.  Self-organizing maps , 2007 .

[16]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[17]  Bernhard Pfahringer,et al.  Winning the KDD99 classification cup: bagged boosting , 2000, SKDD.

[18]  Yacine Bouzida,et al.  Neural networks vs . decision trees for intrusion detection , 2006 .

[19]  Sugata Sanyal,et al.  Adaptive neuro-fuzzy intrusion detection systems , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..