Soft computing in intrusion detection: the state of the art

The state of the art is explored in using soft computing (SC) methods for network intrusion detection, including the examination of efforts in ten specific areas of SC as well as consecutive, ensemble, and hybrid combinations. Numerous comparisons of these methods are listed followed by a recommendation for future research. This paper can be used as a reference of strategies, and as a resource for planning future research.

[1]  Piero P. Bonissone,et al.  Hybrid soft computing systems: where are we going? , 2000 .

[2]  Giuseppe Serazzi,et al.  Unsupervised learning algorithms for intrusion detection , 2008, NOMS 2008 - 2008 IEEE Network Operations and Management Symposium.

[3]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[4]  Stephanie Forrest,et al.  Principles of a computer immune system , 1998, NSPW '97.

[5]  Xingyu Wang,et al.  Distributed intrusion detection system based on data fusion method , 2004, Fifth World Congress on Intelligent Control and Automation (IEEE Cat. No.04EX788).

[6]  Zhou Zhiping,et al.  The Study of Intrusion Prediction Based on HsMM , 2008, 2008 IEEE Asia-Pacific Services Computing Conference.

[7]  Te-Shun Chou,et al.  Fuzzy Belief k-Nearest Neighbors Anomaly Detection of User to Root and Remote to Local Attacks , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[8]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[9]  Duminda Wijesekera,et al.  Modern Intrusion Detection, Data Mining, and Degrees of Attack Guilt , 2002, Applications of Data Mining in Computer Security.

[10]  Wei Wang,et al.  Towards Fast Detecting Intrusions: Using Key Attributes of Network Traffic , 2008, 2008 The Third International Conference on Internet Monitoring and Protection.

[11]  Ajith Abraham,et al.  Modeling intrusion detection system using hybrid intelligent systems , 2007, J. Netw. Comput. Appl..

[12]  Vinod Yegneswaran,et al.  Characteristics of internet background radiation , 2004, IMC '04.

[13]  Lotfi A. Zadeh,et al.  Some reflections on soft computing, granular computing and their roles in the conception, design and utilization of information/intelligent systems , 1998, Soft Comput..

[14]  Anup K. Ghosh,et al.  A Study in Using Neural Networks for Anomaly and Misuse Detection , 1999, USENIX Security Symposium.

[15]  Dirk Ourston,et al.  Coordinated Internet attacks: responding to attack complexity , 2004, J. Comput. Secur..

[16]  Álvaro Herrero,et al.  MOVIH-IDS: A mobile-visualization hybrid intrusion detection system , 2009, Neurocomputing.

[17]  Arthur P. Dempster,et al.  Upper and Lower Probabilities Induced by a Multivalued Mapping , 1967, Classic Works of the Dempster-Shafer Theory of Belief Functions.

[18]  Susan C. Lee,et al.  Training a neural-network based intrusion detector to recognize novel attacks , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[19]  I. Ramesh Babu Intrusion Detection Using Data Mining Along Fuzzy Logic and Genetic Algorithms , 2008 .

[20]  Sheng-Hsun Hsu,et al.  Application of SVM and ANN for intrusion detection , 2005, Comput. Oper. Res..

[21]  John A. Copeland,et al.  Soft computing tools to detect and characterize anomalous network behavior , 2000, Proceedings of the IEEE SoutheastCon 2000. 'Preparing for The New Millennium' (Cat. No.00CH37105).

[22]  Ravi Jain,et al.  Soft Computing Models for Network Intrusion Detection Systems , 2005, Classification and Clustering for Knowledge Discovery.

[23]  Okyay Kaynak,et al.  Computational Intelligence: Soft Computing and Fuzzy-Neuro Integration with Applications , 1998, NATO ASI Series.

[24]  Soheila Dehghanzadeh,et al.  Optimizing Fuzzy K-means for network anomaly detection using PSO , 2008, 2008 IEEE/ACS International Conference on Computer Systems and Applications.

[25]  Andrew H. Sung,et al.  Monitoring System Security Using Neural Networks and Support Vector Machines , 2001, HIS.

[26]  W. Timothy Strayer,et al.  Using Machine Learning Techniques to Identify Botnet Traffic , 2006 .

[27]  Lotfi A. Zadeh,et al.  Fuzzy Sets , 1996, Inf. Control..

[28]  Teresa F. Lunt,et al.  A survey of intrusion detection techniques , 1993, Comput. Secur..

[29]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[30]  Yong Zhang,et al.  Estimation of Distribution Algorithm for Optimization of Neural Networks for Intrusion Detection System , 2006, ICAISC.

[31]  Ming-Yang Su,et al.  A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach , 2009, Comput. Secur..

[32]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .

[33]  A.M. Cansian,et al.  Neural networks applied in intrusion detection systems , 1998, 1998 IEEE International Joint Conference on Neural Networks Proceedings. IEEE World Congress on Computational Intelligence (Cat. No.98CH36227).

[34]  Ming-Shi Wang,et al.  Genetic-clustering algorithm for intrusion detection system , 2008, Int. J. Inf. Comput. Secur..

[35]  Chaker Katar Combining Multiple Techniques for Intrusion Detection , 2006 .

[36]  Ravi Jain,et al.  D-SCIDS: Distributed soft computing intrusion detection system , 2007, J. Netw. Comput. Appl..

[37]  Zhongfu Wu,et al.  An Enhanced Swarm Intelligence Clustering-Based RBF Neural Network Detection Classifier , 2008, ICIC.

[38]  Sugata Sanyal,et al.  SCIDS: A Soft Computing Intrusion Detection System , 2004, IWDC.

[39]  Andrew H. Sung,et al.  Modeling intrusion detection systems using linear genetic programming approach , 2004 .

[40]  Sung-Bae Cho,et al.  Incorporating soft computing techniques into a probabilistic intrusion detection system , 2002, IEEE Trans. Syst. Man Cybern. Part C.

[41]  Lucas M. Venter,et al.  A comparison of Intrusion Detection systems , 2001, Comput. Secur..

[42]  Carlos Martín-Vide,et al.  Evolutionary Design of Intrusion Detection Programs , 2007, Int. J. Netw. Secur..

[43]  Steven L. Scott,et al.  A Bayesian paradigm for designing intrusion detection systems , 2004, Computational Statistics & Data Analysis.

[44]  Jacinth Salome,et al.  Fuzzy Data Mining and Genetic Algorithms Applied to Intrusion Detection , 2007 .

[45]  Marco Dorigo,et al.  Distributed Optimization by Ant Colonies , 1992 .

[46]  Pratit Santiprabhob Fuzzy Intrusion Detection System , 2002 .

[47]  Lotfi A. Zadeh,et al.  Roles of Soft Computing and Fuzzy Logic in the Conception, Design and Deployment of Information/Intelligent Systems , 1998 .

[48]  Gregorio Martínez Pérez,et al.  Intrusion detection using a linguistic hedged fuzzy-XCS classifier system , 2008, Soft Comput..

[49]  Salima Hassas,et al.  Combining Immune Systems and Social Insect Metaphors: A Paradigm for Distributed Intrusion Detection and Response System , 2003, MATA.

[50]  Mehdi R. Zargham,et al.  A self-organizing map and its modeling for discovering malignant network traffic , 2009, 2009 IEEE Symposium on Computational Intelligence in Cyber Security.

[51]  Ning Yang,et al.  Network Intrusion Detection by Using Cellular Neural Network with Tabu Search , 2008, 2008 Bio-inspired, Learning and Intelligent Systems for Security.

[52]  W. Pitts,et al.  A Logical Calculus of the Ideas Immanent in Nervous Activity (1943) , 2021, Ideas That Created the Future.

[53]  Marcus A. Maloof,et al.  elicit: A System for Detecting Insiders Who Violate Need-to-Know , 2007, RAID.

[54]  James Newsome,et al.  Paragraph: Thwarting Signature Learning by Training Maliciously , 2006, RAID.

[55]  John A. Copeland,et al.  Real-time anomaly detection using soft-computing techniques , 2001, Proceedings. IEEE SoutheastCon 2001 (Cat. No.01CH37208).

[56]  Glenn Shafer,et al.  A Mathematical Theory of Evidence , 2020, A Mathematical Theory of Evidence.

[57]  Andrew H. Sung,et al.  Hybrid multi-agent framework for detection of stealthy probes , 2007, Appl. Soft Comput..

[58]  Shahram Rahimi,et al.  A Model to Use Denied Internet Traffic to Indirectly Discover Internal Network Security Problems , 2008, 2008 IEEE International Performance, Computing and Communications Conference.

[59]  Zafar Sultan Multiple Simultaneous Threat Detection in UNIX Environment , 2009 .

[60]  Yuan Liu,et al.  Network Anomaly Detection Using RBF Neural Network with Hybrid QPSO , 2008, 2008 IEEE International Conference on Networking, Sensing and Control.

[61]  Philip K. Chan,et al.  Learning nonstationary models of normal network traffic for detecting novel attacks , 2002, KDD.

[62]  Tao Liu,et al.  Feature Optimization Based on Artificial Fish-Swarm Algorithm in Intrusion Detections , 2009, 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing.

[63]  Dipankar Dasgupta,et al.  Immunological Computation: Theory and Applications , 2008 .

[64]  Ajith Abraham,et al.  Designing Intrusion Detection Systems : Architectures , Challenges and Perspectives , 2005 .

[65]  Ajith Abraham,et al.  ANTIDS: Self Orga nized Ant-Based C lustering Model for Intrusion Det ection System , 2005, WSTST.

[66]  Xia Zun-bei A Survey of Intrusion Detection Techniques , 2004 .

[67]  Paul Helman,et al.  Foundations of Intrusion Detection. , 1992 .

[68]  Russell C. Eberhart,et al.  A new optimizer using particle swarm theory , 1995, MHS'95. Proceedings of the Sixth International Symposium on Micro Machine and Human Science.

[69]  Sugata Sanyal,et al.  Adaptive neuro-fuzzy intrusion detection systems , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[70]  A. Jøsang,et al.  Correlation of Intrusion Alarms with Subjective Logic , 2001 .

[71]  A. Nur Zincir-Heywood,et al.  Using self-organizing maps to build an attack map for forensic analysis , 2006, PST.

[72]  Yuehui Chen,et al.  Feature Selection and Intrusion Detection Using Hybrid Flexible Neural Tree , 2005, ISNN.

[73]  Lotfi A. Zadeh,et al.  Fuzzy logic, neural networks, and soft computing , 1993, CACM.

[74]  Xu Jing,et al.  A new intrusion detection method based on Fuzzy HMM , 2008, 2008 3rd IEEE Conference on Industrial Electronics and Applications.

[75]  Michael Schatz,et al.  Learning Program Behavior Profiles for Intrusion Detection , 1999, Workshop on Intrusion Detection and Network Monitoring.

[76]  Sokratis K. Katsikas,et al.  Intrusion Detection Using Evolutionary Neural Networks , 2008, 2008 Panhellenic Conference on Informatics.

[77]  Vipin Kumar,et al.  Chapter 2 INTRUSION DETECTION : A SURVEY , 2005 .

[78]  Richard Lippmann,et al.  Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation , 2000, Recent Advances in Intrusion Detection.

[79]  Ajith Abraham,et al.  Intrusion Detection Using Ensemble of Soft Computing Paradigms , 2003 .

[80]  T. Bayes An essay towards solving a problem in the doctrine of chances , 2003 .

[81]  E. Amoroso Intrusion Detection , 1999 .

[82]  Eugene H. Spafford,et al.  An Application of Pattern Matching in Intrusion Detection , 1994 .

[83]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[84]  Paul Helman,et al.  Foundations of intrusion detection (computer security) , 1992, [1992] Proceedings The Computer Security Foundations Workshop V.

[85]  Jun He,et al.  A hybrid artificial immune system and Self Organising Map for network intrusion detection , 2008, Inf. Sci..

[86]  AbrahamAjith,et al.  Modeling intrusion detection system using hybrid intelligent systems , 2007 .