Novel Intrusion Detection using Probabilistic Neural Network and Adaptive Boosting

This article applies Machine Learning techniques to solve Intrusion Detection problems within computer networks. Due to complex and dynamic nature of computer networks and hacking techniques, detecting malicious activities remains a challenging task for security experts, that is, currently available defense systems suffer from low detection capability and high number of false alarms. To overcome such performance limitations, we propose a novel Machine Learning algorithm, namely Boosted Subspace Probabilistic Neural Network (BSPNN), which integrates an adaptive boosting technique and a semi parametric neural network to obtain good tradeoff between accuracy and generality. As the result, learning bias and generalization variance can be significantly minimized. Substantial experiments on KDD 99 intrusion benchmark indicate that our model outperforms other state of the art learning algorithms, with significantly improved detection accuracy, minimal false alarms and relatively small computational complexity.

[1]  Donald F. Specht,et al.  Probabilistic neural networks , 1990, Neural Networks.

[2]  Zheng Zhang,et al.  HIDE : a Hierarchical Network Intrusion Detection System Using Statistical Preprocessing and Neural Network Classification , 2001 .

[3]  Donald F. Specht,et al.  A general regression neural network , 1991, IEEE Trans. Neural Networks.

[4]  LeeWenke,et al.  A framework for constructing features and models for intrusion detection systems , 2000 .

[5]  Tai-Myoung Chung,et al.  Effective Value of Decision Tree with KDD 99 Intrusion Detection Datasets for Intrusion Detection System , 2008, 2008 10th International Conference on Advanced Communication Technology.

[6]  Ivan Shabalin,et al.  The MP13 approach to the KDD'99 classifier learning contest , 2000, SKDD.

[7]  Itzhak Levin,et al.  KDD-99 classifier learning contest LLSoft's results overview , 2000, SKDD.

[8]  Zied Elouedi,et al.  Naive Bayes vs decision trees in intrusion detection systems , 2004, SAC '04.

[9]  Anthony Zaknich,et al.  Introduction to the modified probabilistic neural network for general signal processing applications , 1998, IEEE Trans. Signal Process..

[10]  James Cannady,et al.  Artificial Neural Networks for Misuse Detection , 1998 .

[11]  Ramesh C. Agarwal,et al.  PNrule: A New Framework for Learning Classifier Models in Data Mining (A Case-Study in Network Intrusion Detection) , 2001, SDM.

[12]  Anthony Zaknich,et al.  Neural Networks for Intelligent Signal Processing , 2003, Series on Innovative Intelligence.

[13]  D.S. Bauer,et al.  NIDX-an expert system for real-time network intrusion detection , 1988, [1988] Proceedings. Computer Networking Symposium.

[14]  Salvatore J. Stolfo,et al.  Using artificial anomalies to detect unknown and known network intrusions , 2003, Knowledge and Information Systems.

[15]  Igor Kononenko,et al.  Machine Learning and Data Mining: Introduction to Principles and Algorithms , 2007 .

[16]  Yoav Freund,et al.  A decision-theoretic generalization of on-line learning and an application to boosting , 1997, EuroCOLT.

[17]  Miheev Vladimir,et al.  The MP13 approach to the KDD'99 classifier learning contest , 2000 .

[18]  Prasert Kanthamanon,et al.  Hybrid Neural Networks for Intrusion Detection System , 2002 .

[19]  Kotagiri Ramamohanarao,et al.  Layered Approach Using Conditional Random Fields for Intrusion Detection , 2010, IEEE Transactions on Dependable and Secure Computing.

[20]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[21]  Anupam Joshi,et al.  Fuzzy clustering for intrusion detection , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..

[22]  Wei Wang,et al.  Modeling program behaviors by hidden Markov models for intrusion detection , 2004, Proceedings of 2004 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.04EX826).

[23]  T. Ambwani,et al.  Multi class support vector machine implementation to intrusion detection , 2003, Proceedings of the International Joint Conference on Neural Networks, 2003..

[24]  Salvatore J. Stolfo,et al.  Mining Audit Data to Build Intrusion Detection Models , 1998, KDD.

[25]  Charles Elkan,et al.  Results of the KDD'99 classifier learning , 2000, SKDD.

[26]  Yoav Freund,et al.  A decision-theoretic generalization of on-line learning and an application to boosting , 1995, EuroCOLT.

[27]  Christopher Krügel,et al.  Bayesian event classification for intrusion detection , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[28]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .

[29]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[30]  Bernhard Pfahringer,et al.  Winning the KDD99 classification cup: bagged boosting , 2000, SKDD.

[31]  Robert E. Schapire,et al.  A Brief Introduction to Boosting , 1999, IJCAI.

[32]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[33]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[34]  Ron Kohavi,et al.  Bias Plus Variance Decomposition for Zero-One Loss Functions , 1996, ICML.

[35]  Malcolm I. Heywood,et al.  Training genetic programming on half a million patterns: an example from anomaly detection , 2005, IEEE Transactions on Evolutionary Computation.

[36]  Yang Song,et al.  Efficient Multiclass Boosting Classification with Active Learning , 2007, SDM.