A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering

Many researches have argued that Artificial Neural Networks (ANNs) can improve the performance of intrusion detection systems (IDS) when compared with traditional methods. However for ANN-based IDS, detection precision, especially for low-frequent attacks, and detection stability are still needed to be enhanced. In this paper, we propose a new approach, called FC-ANN, based on ANN and fuzzy clustering, to solve the problem and help IDS achieve higher detection rate, less false positive rate and stronger stability. The general procedure of FC-ANN is as follows: firstly fuzzy clustering technique is used to generate different training subsets. Subsequently, based on different training subsets, different ANN models are trained to formulate different base models. Finally, a meta-learner, fuzzy aggregation module, is employed to aggregate these results. Experimental results on the KDD CUP 1999 dataset show that our proposed new approach, FC-ANN, outperforms BPNN and other well-known methods such as decision tree, the naive Bayes in terms of detection precision and detection stability.

[1]  Ester Yen,et al.  Data mining-based intrusion detectors , 2009, Expert Syst. Appl..

[2]  Jim Alves-Foss,et al.  “ Low Cost ” Network Intrusion Detection , 2001 .

[3]  Bo Yang,et al.  Hybrid flexible neural‐tree‐based intrusion detection systems , 2007, Int. J. Intell. Syst..

[4]  Risto Miikkulainen,et al.  Intrusion Detection with Neural Networks , 1997, NIPS.

[5]  K. Tan,et al.  The application of neural networks to UNIX computer security , 1995, Proceedings of ICNN'95 - International Conference on Neural Networks.

[6]  Andrew H. Sung,et al.  Intrusion Detection Systems Using Adaptive Regression Splines , 2004, ICEIS.

[7]  James C. Bezdek,et al.  Fuzzy mathematics in pattern classification , 1973 .

[8]  Ingoo Han,et al.  The neural network models for IDS based on the asymmetric costs of false negative errors and false positive errors , 2003, Expert Syst. Appl..

[9]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[10]  S. Hyakin,et al.  Neural Networks: A Comprehensive Foundation , 1994 .

[11]  Ulf Lindqvist,et al.  Detecting computer and network misuse through the production-based expert system toolset (P-BEST) , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[12]  Sung-Bae Cho,et al.  Evolutionary neural networks for anomaly detection based on the behavior of a program , 2005, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[13]  Prasert Kanthamanon,et al.  Hybrid Neural Networks for Intrusion Detection System , 2002 .

[14]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[15]  Timo Horeis Intrusion Detection with Neural Networks – Combination of Self-Organizing Maps and Radial Basis Function Networks for Human Expert Integration , .

[16]  Jim Mellander,et al.  Intrusion Detection & Prevention , 2003 .

[17]  Ray Hunt,et al.  Intrusion detection techniques and approaches , 2002, Comput. Commun..

[18]  R. Yager,et al.  Approximate Clustering Via the Mountain Method , 1994, IEEE Trans. Syst. Man Cybern. Syst..

[19]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[20]  Stephen L. Chiu,et al.  Fuzzy Model Identification Based on Cluster Estimation , 1994, J. Intell. Fuzzy Syst..

[21]  Symeon Papavassiliou,et al.  Network intrusion and fault detection: a statistical anomaly approach , 2002, IEEE Commun. Mag..

[22]  Ian Witten,et al.  Data Mining , 2000 .

[23]  Stefan Axelsson,et al.  The base-rate fallacy and the difficulty of intrusion detection , 2000, TSEC.

[24]  Sushil Jajodia,et al.  Detecting Novel Network Intrusions Using Bayes Estimators , 2001, SDM.

[25]  Patrick van der Smagt,et al.  Introduction to neural networks , 1995, The Lancet.

[26]  Jaideep Srivastava,et al.  Data Mining for Network Intrusion Detection , 2002 .

[27]  M. Shyu,et al.  A Novel Anomaly Detection Scheme Based on Principal Component Classifier , 2003 .

[28]  Andrew H. Sung,et al.  Intrusion Detection Systems Using Adaptive Regression Splines , 2004, ICEIS.

[29]  Rachid Beghdad,et al.  Critical study of neural networks in detecting intrusions , 2008, Comput. Secur..

[30]  Lília de Sá Silva,et al.  Detecting attack signatures in the real network traffic with ANNIDA , 2008, Expert Syst. Appl..

[31]  M. Gordeev Intrusion Detection: Techniques and Approaches , 2003 .