Performance Analysis of Soft Computing Based Anomaly Detectors

Anomaly detectors have become a necessary component of the computer and information security framework. Some of the numerous drawbacks experienced by the current Anomaly detectors are large number of false positive and false negative alarms, difficulty in processing huge amount of traffic in real time, inadequacy in novel attack recognition and non-scalability. Consequently their efficacy in protecting against anomalies is limited. The use of soft computing techniques like Genetic algorithms, Neural networks and Fuzzy logic in implementing Anomaly detection is perused in this paper. Additionally, a few novel approaches for the detection of anomalies by identifying user actions and network traffic that might compromise a system's secure state, is also proposed. A potential solution to the problem has been contemplated, by comparing the performance of these systems based on various criteria. Characterization of the behavior of a single user (Host based) or a network (Network based) and recognition of anomalies through observation of deviation from normal behavior patterns are conducted to arrive at the solution. The implementations of Genetic algorithm based Anomaly detection system (GAAD), Neural network based Anomaly detection system (NNAD) and Fuzzy Logic based system (FLAD) are reported. Interesting conclusions are deduced from an exhaustive evaluation and comparison of the performance of these systems enabling an administrator to choose the best solution for a given scenario.

[1]  Malcolm I. Heywood,et al.  A Hierarchical SOM based Intrusion Detection System , 2008 .

[2]  William L. Fithen,et al.  State of the Practice of Intrusion Detection Technologies , 2000 .

[3]  Philip K. Chan,et al.  An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.

[4]  S. Bridges,et al.  Genetic Algorithm Optimization of Membership Functions for Mining Fuzzy Association Rules , 2000 .

[5]  Dong Seong Kim,et al.  Genetic algorithm to improve SVM based network intrusion detection system , 2005, 19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers).

[6]  Tansel Özyer,et al.  Intrusion detection by integrating boosting genetic fuzzy classifier and data mining criteria for rule pre-screening , 2007, J. Netw. Comput. Appl..

[7]  Bo Yang,et al.  Hybrid flexible neural‐tree‐based intrusion detection systems , 2007, Int. J. Intell. Syst..

[8]  Risto Miikkulainen,et al.  Intrusion Detection with Neural Networks , 1997, NIPS.

[9]  Cheng Zhang,et al.  Native API based Windows anomaly intrusion detection method using SVM , 2006, IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC'06).

[10]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[11]  D. Subbaram Naidu,et al.  Soft computing and intelligent systems design: theory, tools and applications, F. O. Karry and C. De Silva, Pearson, Addison‐Wesley, New York, NY, 2004 , 2006 .

[12]  Fakhreddine O. Karray,et al.  Soft Computing and Intelligent Systems Design, Theory, Tools and Applications , 2006, IEEE Transactions on Neural Networks.

[13]  Jonatan Gómez,et al.  Soft computing techniques for intrusion detection , 2004 .

[14]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[15]  Eugene H. Spafford,et al.  Applying Genetic Programming to Intrusion Detection , 1995 .

[16]  Susan M. Bridges,et al.  FUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED TO INTRUSION DETECTION , 2002 .

[17]  Fabio A. González,et al.  An immuno-fuzzy approach to anomaly detection , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..

[18]  Boleslaw K. Szymanski,et al.  NETWORK-BASED INTRUSION DETECTION USING NEURAL NETWORKS , 2002 .

[19]  Rayford B. Vaughn,et al.  An improved algorithm for fuzzy data mining for intrusion detection , 2002, 2002 Annual Meeting of the North American Fuzzy Information Processing Society Proceedings. NAFIPS-FLINT 2002 (Cat. No. 02TH8622).

[20]  Michael Schatz,et al.  Learning Program Behavior Profiles for Intrusion Detection , 1999, Workshop on Intrusion Detection and Network Monitoring.

[21]  David B. Fogel,et al.  Evolutionary computation - toward a new philosophy of machine intelligence (3. ed.) , 1995 .

[22]  Wei Lu,et al.  Detecting New Forms of Network Intrusion Using Genetic Programming , 2004, Comput. Intell..

[23]  Lotfi A. Zadeh,et al.  Outline of a New Approach to the Analysis of Complex Systems and Decision Processes , 1973, IEEE Trans. Syst. Man Cybern..

[24]  S. V. Raghavan,et al.  Intrusion detection through learning behavior model , 2001, Comput. Commun..

[25]  Chittur,et al.  Model Generation for an Intrusion Detection System Using Genetic Algorithms , 2001 .

[26]  David B. Fogel,et al.  Evolutionary Computation: Toward a New Philosophy of Machine Intelligence (IEEE Press Series on Computational Intelligence) , 2006 .

[27]  David B. Fogel,et al.  Evolutionary Computation: Towards a New Philosophy of Machine Intelligence , 1995 .

[28]  Sam Kwong,et al.  Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection , 2007, Pattern Recognition.

[29]  S. T. Sarasamma,et al.  Hierarchical Kohonenen net for anomaly detection in network security , 2005, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[30]  Thomas Bäck,et al.  Evolutionary computation: Toward a new philosophy of machine intelligence , 1997, Complex..

[31]  Marc Dacier,et al.  Intrusion detection , 1999, Comput. Networks.

[32]  Ravi Jain,et al.  Soft Computing Models for Network Intrusion Detection Systems , 2005, Classification and Clustering for Knowledge Discovery.

[33]  Rakesh Agarwal,et al.  Fast Algorithms for Mining Association Rules , 1994, VLDB 1994.