A Multi-Dimensional approach towards Intrusion Detection System

In this paper, we suggest a multi-dimensional approach towards intrusion detection. Network and system usage parameters like source and destination IP addresses; source and destination ports; incoming and outgoing network traffic data rate and number of CPU cycles per request are divided into multiple dimensions. Rather than analyzing raw bytes of data corresponding to the values of the network parameters, a mature function is inferred during the training phase for each dimension. This mature function takes a dimension value as an input and returns a value that represents the level of abnormality in the system usage with respect to that dimension. This mature function is referred to as Individual Anomaly Indicator. Individual Anomaly Indicators recorded for each of the dimensions are then used to generate a Global Anomaly Indicator, a function with n variables (n is the number of dimensions) that provides the Global Anomaly Factor, an indicator of anomaly in the system usage based on all the dimensions considered together. The Global Anomaly Indicator inferred during the training phase is then used to detect anomaly in the network traffic during the detection phase. Network traffic data encountered during the detection phase is fed back to the system to improve the maturity of the Individual Anomaly Indicators and hence the Global Anomaly Indicator.

[1]  P. Matzinger The Danger Model: A Renewed Sense of Self , 2002, Science.

[2]  Sugata Sanyal,et al.  A Semi-distributed Reputation Based Intrusion Detection System for Mobile Adhoc Networks , 2010, ArXiv.

[3]  Sugata Sanyal,et al.  SCIDS: A Soft Computing Intrusion Detection System , 2004, IWDC.

[4]  Sugata Sanyal,et al.  Evolution Induced Secondary Immunity: An Artificial Immune System Based Intrusion Detection System , 2008, 2008 7th Computer Information Systems and Industrial Management Applications.

[5]  Dharma P. Agrawal,et al.  Jigsaw-based secure data transfer over computer networks , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[6]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[7]  Sugata Sanyal,et al.  A Novel Multipath Approach to Security in Mobile Ad Hoc Networks (MANETs) , 2011, ArXiv.

[8]  Jie Ma,et al.  An Anomalistic Electromagnetism Signal Detection Model Based on Artificial Immune System , 2010, 2010 International Conference on Communications and Intelligence Information Security.

[9]  Fernando Niño,et al.  Recent Advances in Artificial Immune Systems: Models and Applications , 2011, Appl. Soft Comput..

[10]  Sugata Sanyal,et al.  A distributed security scheme for ad hoc networks , 2004, CROS.

[11]  Ron Kohavi,et al.  Wrappers for Feature Subset Selection , 1997, Artif. Intell..

[12]  Veselina G. Jecheva,et al.  Some similarity coefficients and application of data mining techniques to the anomaly-based IDS , 2012, Telecommun. Syst..

[13]  Slobodan Ribarić,et al.  Introduction to Pattern Recognition , 1988 .

[14]  F. Cuppens,et al.  Efficient Intrusion Detection Using Principal Component Analysis , 2003 .

[15]  ดร.ชัยวิชิต เชียรชนะ,et al.  การวิเคราะห์พหุมิติ (MULTIDIMENSIONAL ANALYSIS) , 2009 .

[16]  Anil K. Jain,et al.  Introduction to Pattern Recognition , 2007 .

[17]  Ravi Jain,et al.  D-SCIDS: Distributed soft computing intrusion detection system , 2007, J. Netw. Comput. Appl..

[18]  Farnam Jahanian,et al.  Internet inter-domain traffic , 2010, SIGCOMM '10.

[19]  Lindsay I. Smith,et al.  A tutorial on Principal Components Analysis , 2002 .

[20]  Fabio A. González,et al.  An Intelligent Decision Support System for Intrusion Detection and Response , 2001, MMM-ACNS.

[21]  Uwe Aickelin,et al.  Danger Theory: The Link between AIS and IDS? , 2003, ICARIS.

[22]  Scott J. Tilden Architecture for Art , 2004 .

[23]  Xinhua Zhang,et al.  Empirical Risk Minimization , 2010, Encyclopedia of Machine Learning.

[24]  Shahram Rahimi,et al.  Soft computing in intrusion detection: the state of the art , 2010, J. Ambient Intell. Humaniz. Comput..

[25]  Kamalrulnizam Abu Bakar,et al.  Survey on Artificial Immune System as a Bio-inspired Technique for Anomaly Based Intrusion Detection Systems , 2010, 2010 International Conference on Intelligent Networking and Collaborative Systems.

[26]  Michaël Rusinowitch,et al.  Protocol analysis in intrusion detection using decision tree , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[27]  Thomas G. Dietterich Machine Learning for Sequential Data: A Review , 2002, SSPR/SPR.

[28]  Vegard Engen Machine learning for network based intrusion detection : an investigation into discrepancies in findings with the KDD cup '99 data set and multi-objective evolution of neural network classifier ensembles from imbalanced data , 2010 .

[29]  Johannes Fürnkranz,et al.  Decision Tree , 2010, Encyclopedia of Machine Learning and Data Mining.

[30]  Informatika UDP Flood Attack , 2010 .