Octopus-IIDS: An anomaly based intelligent intrusion detection system

The intrusion detection systems (IDS) are designed to identify unwanted attempts at manipulating, accessing or disabling of computer systems, mainly through a network, such as the Internet. Additionally, the IDSs can perform other functions like intrusion prevention (IPS), including proactive functions. A recurrent problem in intrusion detection systems is the difficulty to distinguish legitimate access from attacks. A lot of conventional IDSs are signature based, although they do not identify variations of these attacks nor new attacks. This paper presents an intrusion detection system model based on the behavior of network traffic through the analysis and classification of messages. Two artificial intelligence techniques named Kohonen neural network (KNN) and support vector machine (SVM) are applied to detect anomalies. These techniques are used in sequence to improve the system accuracy, identifying known attacks and new attacks, in real time. The paper also makes an analysis of the features used to classify data in order to define which of them are really relevant for each class of attack defined in our experiments.

[1]  Susan C. Lee,et al.  Training a neural-network based intrusion detector to recognize novel attacks , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[2]  William L. Fithen,et al.  State of the Practice of Intrusion Detection Technologies , 2000 .

[3]  Cheng Xiang,et al.  Design of Multiple-Level Hybrid Classifier for Intrusion Detection System , 2005 .

[4]  Zhang Yi,et al.  A hierarchical intrusion detection model based on the PCA neural networks , 2007, Neurocomputing.

[5]  Sushil Jajodia,et al.  Integrating Data Mining Techniques with Intrusion Detection Methods , 1999, DBSec.

[6]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[7]  Sergio M. Savaresi,et al.  Unsupervised learning techniques for an intrusion detection system , 2004, SAC '04.

[8]  Fabio Roli,et al.  Fusion of multiple classifiers for intrusion detection in computer networks , 2003, Pattern Recognit. Lett..

[9]  Teuvo Kohonen,et al.  Self-organized formation of topologically correct feature maps , 2004, Biological Cybernetics.

[10]  Jacinth Salome,et al.  Fuzzy Data Mining and Genetic Algorithms Applied to Intrusion Detection , 2007 .

[11]  Hongjun Lu,et al.  Knowledge discovery and data mining , 1998, Knowl. Based Syst..

[12]  John C. Platt,et al.  Fast training of support vector machines using sequential minimal optimization, advances in kernel methods , 1999 .

[13]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[14]  Li Hongwei,et al.  Ad hoc-based feature selection and support vector machine classifier for intrusion detection , 2007, 2007 IEEE International Conference on Grey Systems and Intelligent Services.

[15]  Ali A. Ghorbani,et al.  Network intrusion detection using an improved competitive learning neural network , 2004, Proceedings. Second Annual Conference on Communication Networks and Services Research, 2004..

[16]  A.N. Zincir-Heywood,et al.  On the capability of an SOM based intrusion detection system , 2003, Proceedings of the International Joint Conference on Neural Networks, 2003..

[17]  Malcolm I. Heywood,et al.  Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 , 2005, PST.

[18]  Pieter H. Hartel,et al.  POSEIDON: a 2-tier anomaly-based network intrusion detection system , 2006, Fourth IEEE International Workshop on Information Assurance (IWIA'06).

[19]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[20]  Sheng-Hsun Hsu,et al.  Application of SVM and ANN for intrusion detection , 2005, Comput. Oper. Res..