A Neural Network Based System for Intrusion Detection and Classification of Attacks

With the rapid expansion of computer networks during the past decade, security has become a crucial issue for computer systems. Different soft-computing based methods have been proposed in recent years for the development of intrusion detection systems. This paper presents a neural network approach to intrusion detection. A Multi Layer Perceptron (MLP) is used for intrusion detection based on an off-line analysis approach. While most of the previous studies have focused on classification of records in one of the two general classes normal and attack, this research aims to solve a multi class problem in which the type of attack is also detected by the neural network. Different neural network structures are analyzed to find the optimal neural network with regards to the number of hidden layers. An early stopping validation method is also applied in the training phase to increase the generalization capability of the neural network. The results show that the designed system is capable of classifying records with about 91% accuracy with two hidden layers of neurons in the neural network and 87% accuracy with one hidden layer.

[1]  Kristopher Kendall,et al.  A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems , 1999 .

[2]  Giovanni Vigna,et al.  Intrusion detection: a brief history and overview , 2002 .

[3]  Salvatore J. Stolfo,et al.  AI Approaches to Fraud Detection and Risk Management , 1998, AI Mag..

[4]  Piero P. Bonissone,et al.  Soft computing: the convergence of emerging reasoning technologies , 1997, Soft Comput..

[5]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[6]  B. Ripley,et al.  Pattern Recognition , 1968, Nature.

[7]  Sara Matzner,et al.  An application of machine learning to network intrusion detection , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[8]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  M.I. Heywood,et al.  Host-based intrusion detection using self-organizing maps , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[10]  Risto Miikkulainen,et al.  Intrusion Detection with Neural Networks , 1997, NIPS.

[11]  James Cannady,et al.  Artificial Neural Networks for Misuse Detection , 1998 .

[12]  Robert K. Cunningham,et al.  Improving Intrusion Detection Performance using Keyword Selection and Neural Networks , 2000, Recent Advances in Intrusion Detection.