Network Intrusion Detection Using a Stochastic Resonance CFAR Technique

A novel constant false alarm rate (CFAR) intrusion detection method based on stochastic resonance (SR) is proposed in this paper. Using the SR technique improves the spectral power (SP) and the signal-to-noise ratio (SNR) of the network intrusion signal, hence enhancing the detectability of network attacks. The threshold and the detection probability of the proposed SR-CFAR method are derived theoretically. Computer simulations based on standard Defense Advanced Research Projects Agency (DARPA) network intrusion data show that this CFAR method outperforms the linear anomaly intrusion detection methods for various types of intrusions.

[1]  B. Kosko,et al.  Adaptive stochastic resonance , 1998, Proc. IEEE.

[2]  S. Kent,et al.  On the trail of intrusions into information systems , 2000 .

[3]  O. Oliaei Stochastic resonance in sigma-delta modulators , 2003 .

[4]  Kymie M. C. Tan,et al.  Determining the operational limits of an anomaly-based intrusion detector , 2003, IEEE J. Sel. Areas Commun..

[5]  Derek Abbott,et al.  A review of stochastic resonance: circuits and measurement , 2002, IEEE Trans. Instrum. Meas..

[6]  Deborah A. Frincke,et al.  Intrusion and Misuse Detection in Large-Scale Systems , 2002, IEEE Computer Graphics and Applications.

[7]  Robert K. Cunningham,et al.  Detecting and displaying novel computer attacks with Macroscope , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[8]  Gary P. Morriss,et al.  Statistical Mechanics of Nonequilibrium Liquids , 2008 .

[9]  Henry Leung,et al.  A novel CFAR intrusion detection method using chaotic stochastic resonance , 2004, 2004 IEEE International Symposium on Circuits and Systems (IEEE Cat. No.04CH37512).

[10]  Po-Rong Chang,et al.  Optimal Nonlinear Adaptive Prediction and Modeling of MPEG Video in ATM Networks Using Pipelined Recurrent Neural Networks , 1997, IEEE J. Sel. Areas Commun..

[11]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[12]  A. Dhara Enhancement of signal-to-noise ratio , 1997 .

[13]  Alexander B. Neiman,et al.  Nonlinear Dynamics of Chaotic and Stochastic Systems: Tutorial and Modern Developments , 2003 .

[14]  Bor-Sen Chen,et al.  Traffic modeling, prediction, and congestion control for high-speed networks: a fuzzy AR approach , 2000, IEEE Trans. Fuzzy Syst..

[15]  R. Srinivasan,et al.  Simulation of CFAR detection algorithms for arbitrary clutter distributions , 2000 .

[16]  Chris Herringshaw,et al.  Detecting Attacks on Networks , 1997, Computer.

[17]  K. Gerlach Spatially distributed target detection in non-Gaussian clutter , 1999 .

[18]  Steven A. Hofmeyr,et al.  Intrusion Detection via System Call Traces , 1997, IEEE Softw..

[19]  Yiguo Qiao,et al.  Anomaly intrusion detection method based on HMM , 2002 .

[20]  Dimitrios Hatzinakos,et al.  Network heavy traffic modeling using α-stable self-similar processes , 2001, IEEE Trans. Commun..

[21]  Qiang Chen,et al.  Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection , 2002, IEEE Trans. Computers.

[22]  John McHugh,et al.  Defending Yourself: The Role of Intrusion Detection Systems , 2000, IEEE Software.

[23]  Qiang Chen,et al.  Probabilistic techniques for intrusion detection based on computer audit data , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[24]  Susan C. Lee,et al.  Training a neural-network based intrusion detector to recognize novel attacks , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[25]  Pierre-Olivier Amblard,et al.  Stochastic resonance in discrete time nonlinear AR(1) models , 1999, IEEE Trans. Signal Process..

[26]  Shiuh-Pyng Shieh,et al.  On a Pattern-Oriented Model for Intrusion Detection , 1997, IEEE Trans. Knowl. Data Eng..

[27]  Giovanni Vigna,et al.  Intrusion detection: a brief history and overview , 2002 .