A Hybrid Neural Network Approach to the Classification of Novel Attacks for Intrusion Detection

Intrusion Detection is an essential and critical component of network security systems. The key ideas are to discover useful patterns or features that describe user behavior on a system, and use the set of relevant features to build classifiers that can recognize anomalies and known intrusions, hopefully in real time. In this paper, a hybrid neural network technique is proposed, which consists of the self-organizing map (SOM) and the radial basis function (RBF) network, aiming at optimizing the performance of the recognition and classification of novel attacks for intrusion detection. The optimal network architecture of the RBF network is determined automatically by the improved SOM algorithm. The intrusion feature vectors are extracted from a benchmark dataset (the KDD-99) designed by DARPA. The experimental results demonstrate that the proposed approach performance especially in terms of both efficient and accuracy.

[1]  Tommy W. S. Chow,et al.  Induction machine fault detection using SOM-based RBF neural networks , 2004, IEEE Transactions on Industrial Electronics.

[2]  James Cannady Applying CMAC-based online learning to intrusion detection , 2000, Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks. IJCNN 2000. Neural Computing: New Challenges and Perspectives for the New Millennium.

[3]  Donald C. Wunsch,et al.  Intrusion detection using radial basis function network on sequences of system calls , 2003, Proceedings of the International Joint Conference on Neural Networks, 2003..

[4]  Teuvo Kohonen,et al.  Self-Organizing Maps , 2010 .

[5]  T. Ambwani,et al.  Multi class support vector machine implementation to intrusion detection , 2003, Proceedings of the International Joint Conference on Neural Networks, 2003..

[6]  Robert K. Cunningham,et al.  Improving Intrusion Detection Performance using Keyword Selection and Neural Networks , 2000, Recent Advances in Intrusion Detection.

[7]  Alexander Hofmann,et al.  Rule extraction from neural networks for intrusion detection in computer networks , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[8]  A.H. Sung,et al.  Identifying important features for intrusion detection using support vector machines and neural networks , 2003, 2003 Symposium on Applications and the Internet, 2003. Proceedings..

[9]  Daoqiang Zhang,et al.  Hybrid neural network and C4.5 for misuse detection , 2003, Proceedings of the 2003 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.03EX693).

[10]  Susan C. Lee,et al.  Training a neural-network based intrusion detector to recognize novel attacks , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[11]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[12]  Ali A. Ghorbani,et al.  Network intrusion detection using an improved competitive learning neural network , 2004, Proceedings. Second Annual Conference on Communication Networks and Services Research, 2004..

[13]  Zhen Liu,et al.  Classification of anomalous traces of privileged and parallel programs by neural networks , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..

[14]  Shawn Ostermann,et al.  Detecting Anomalous Network Traffic with Self-organizing Maps , 2003, RAID.

[15]  Kotaro Hirasawa,et al.  Growing RBF structures using self-organizing maps , 2000, Proceedings 9th IEEE International Workshop on Robot and Human Interactive Communication. IEEE RO-MAN 2000 (Cat. No.00TH8499).

[16]  James Cannady,et al.  Artificial Neural Networks for Misuse Detection , 1998 .

[17]  Bernd Fritzke,et al.  Growing cell structures--A self-organizing network for unsupervised and supervised learning , 1994, Neural Networks.

[18]  Zhen Liu,et al.  A comparison of input representations in neural networks: a case study in intrusion detection , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[19]  Ali A. Ghorbani,et al.  Y-means: a clustering method for intrusion detection , 2003, CCECE 2003 - Canadian Conference on Electrical and Computer Engineering. Toward a Caring and Humane Technology (Cat. No.03CH37436).

[20]  Anup K. Ghosh,et al.  A Study in Using Neural Networks for Anomaly and Misuse Detection , 1999, USENIX Security Symposium.