Lightweight IDS Based on Features Selection and IDS Classification Scheme

The Intrusion Detection System (IDS) deals with huge amount of data which contains irrelevant and redundant features causing slow training and testing process, higher resource consumption as well as poor detection rate. To overcome these limitations, we introduce the concept of lightweight IDS. The lightweight IDSs are small, powerful, and flexible enough to be used as permanent elements of the network security infrastructure. In this paper, we propose a novel concept for building lightweight IDS based on two different approaches. The first approach is using a features selection approach by applying Fuzzy Enhanced Support Vector Decision Function (Fuzzy ESVDF) algorithm. This approach is able to improve system efficiency. The second approach is using IDS classification scheme. The IDS classification scheme divides the detection process into four types according to the TCP/IP network model (Application Layer IDS, Transport Layer IDS, Network Layer IDS, and Link Layer IDS). This IDS classification scheme enhances an organization’s ability to detect most types of attack (improving system accuracy and generality). Also, it improves IDS scalability and extendibility. To design the proposed system, several experiments have been conducted, and they indicate that the proposed lightweight IDS can deliver satisfactory system performance.

[1]  B. Sick,et al.  Feature selection for intrusion detection: an evolutionary wrapper approach , 2004, 2004 IEEE International Joint Conference on Neural Networks (IEEE Cat. No.04CH37541).

[2]  Ali A. Ghorbani,et al.  Network intrusion detection using an improved competitive learning neural network , 2004, Proceedings. Second Annual Conference on Communication Networks and Services Research, 2004..

[3]  Peter L ichodzijewski Dynamic Intrusion Detection Using Self-Organizing Maps , 2002 .

[4]  Arthur B. Maccabe,et al.  The architecture of a network level intrusion detection system , 1990 .

[5]  Surat Srinoy,et al.  Intrusion Detection Model Based On Particle Swarm Optimization and Support Vector Machine , 2007, 2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications.

[6]  A.H. Sung,et al.  Identifying important features for intrusion detection using support vector machines and neural networks , 2003, 2003 Symposium on Applications and the Internet, 2003. Proceedings..

[7]  George Varghese,et al.  Intrusion Response Systems: A Survey , 2008 .

[8]  Ali A. Ghorbani,et al.  Features vs. Attacks: A Comprehensive Feature Selection Model for Network Based Intrusion Detection Systems , 2007, ISC.

[9]  Dong Seong Kim,et al.  Building Lightweight Intrusion Detection System Based on Random Forest , 2006, ISNN.

[10]  Dong Seong Kim,et al.  Toward Lightweight Intrusion Detection System Through Simultaneous Intrinsic Model Identification , 2006, ISPA Workshops.

[11]  Bin-Xing Fang,et al.  A Lightweight Intrusion Detection Model Based on Feature Selection and Maximum Entropy Model , 2006, 2006 International Conference on Communication Technology.

[12]  M.I. Heywood,et al.  Host-based intrusion detection using self-organizing maps , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[13]  M.M. Yasin,et al.  A study of host-based IDS using system calls , 2004, 2004 International Networking and Communication Conference.

[14]  Ali A. Ghorbani,et al.  A Feature Classification Scheme For Network Intrusion Detection , 2007, Int. J. Netw. Secur..

[15]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[16]  Fakhri Karray,et al.  Fuzzy ESVDF Approach for Intrusion Detection Systems , 2009, 2009 International Conference on Advanced Information Networking and Applications.

[17]  F. Karray,et al.  Features Selection Using Fuzzy ESVDF for Data Dimensionality Reduction , 2009, 2009 International Conference on Computer Engineering and Technology.

[18]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[19]  Andrew H. Sung,et al.  Feature Ranking and Selection for Intrusion Detection Using Artificial Neural Networks and Statistical Methods , 2006, The 2006 IEEE International Joint Conference on Neural Network Proceedings.

[20]  Andrew H. Sung,et al.  Artificial intelligent techniques for intrusion detection , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[21]  Vladimir A. Golovko,et al.  Joint Conference on Neural Networks , Orlando , Florida , USA , August 12-17 , 2007 Dimensionality Reduction and Attack Recognition using Neural Network Approaches , 2007 .

[22]  Fakhri Karray,et al.  TCP/IP Model and Intrusion Detection Systems , 2009, 2009 International Conference on Advanced Information Networking and Applications Workshops.

[23]  Leon Reznik,et al.  Anomaly Detection Based Intrusion Detection , 2006, Third International Conference on Information Technology: New Generations (ITNG'06).