Neural Network and Artificial Immune Systems for Malware and Network Intrusion Detection

Neural network techniques and artificial immune systems (AIS) have been successfully applied to many problems in the area of anomaly activity detection and recognition. The existing solutions use mostly static approaches, which are based on collection viruses or intrusion signatures. Therefore the major problem of traditional techniques is detection and recognition of new viruses or attacks. This chapter discusses the use of neural networks and artificial immune systems for intrusion and virus detection. We studied the performance of different intelligent techniques, namely integration of neural networks and AIS for virus and intrusion detection as well as combination of various kinds of neural networks in modular neural system for intrusion detection. This approach has good potential to recognize novel viruses and attacks.

[1]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[2]  Erkki Oja,et al.  Principal components, minor components, and linear neural networks , 1992, Neural Networks.

[3]  S. Forrest,et al.  Immunology as Information Processing , 2001 .

[4]  Wei Zhang,et al.  A genetic clustering method for intrusion detection , 2004, Pattern Recognit..

[5]  T. Kohonen Self-organized formation of topographically correct feature maps , 1982 .

[6]  Stephanie Forrest,et al.  Coverage and Generalization in an Artificial Immune System , 2002, GECCO.

[7]  Jonathan Timmis,et al.  Artificial Immune Systems: A New Computational Intelligence Approach , 2003 .

[8]  Vladimir Golovko,et al.  Some Aspects of Neural Network Approach for Intrusion Detection , 2005 .

[9]  Yoav Freund,et al.  A Short Introduction to Boosting , 1999 .

[10]  N. K. Jerne,et al.  Clonal selection in a lymphocyte network. , 1974, Society of General Physiologists series.

[11]  Fabio Roli,et al.  Fusion of multiple classifiers for intrusion detection in computer networks , 2003, Pattern Recognit. Lett..

[12]  Teuvo Kohonen,et al.  Self-organized formation of topologically correct feature maps , 2004, Biological Cybernetics.

[13]  Hongxing He,et al.  Outlier Detection Using Replicator Neural Networks , 2002, DaWaK.

[14]  Fabio Roli,et al.  Selection of image classifiers , 2000 .

[15]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[16]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[17]  D. Dasgupta Artificial Immune Systems and Their Applications , 1998, Springer Berlin Heidelberg.

[18]  Harris Drucker,et al.  Improving Performance in Neural Networks Using a Boosting Algorithm , 1992, NIPS.

[19]  V. Golovko,et al.  Neural Networks for Artificial Immune Systems: LVQ for Detectors Construction , 2007, 2007 4th IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications.

[20]  Zheng Zhang,et al.  HIDE : a Hierarchical Network Intrusion Detection System Using Statistical Preprocessing and Neural Network Classification , 2001 .

[21]  C. Janeway How the immune system recognizes invaders. , 1993, Scientific American.

[22]  M. Shyu,et al.  A Novel Anomaly Detection Scheme Based on Principal Component Classifier , 2003 .

[23]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[24]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[25]  Sandeep Kumar,et al.  A Software Architecture to Support Misuse Intrusion Detection , 1995 .

[26]  Rogério de Lemos,et al.  Negative Selection: How to Generate Detectors , 2002 .

[27]  A.N. Zincir-Heywood,et al.  On the capability of an SOM based intrusion detection system , 2003, Proceedings of the International Joint Conference on Neural Networks, 2003..

[28]  Sushil Jajodia,et al.  Applications of Data Mining in Computer Security , 2002, Advances in Information Security.

[29]  Vladimir A. Golovko,et al.  Joint Conference on Neural Networks , Orlando , Florida , USA , August 12-17 , 2007 Dimensionality Reduction and Attack Recognition using Neural Network Approaches , 2007 .

[30]  Salvatore J. Stolfo,et al.  A Geometric Framework for Unsupervised Anomaly Detection , 2002, Applications of Data Mining in Computer Security.

[31]  Janusz Górski,et al.  Cyberspace security and defense : research issues , 2005 .

[32]  L. Segel,et al.  Design Principles for the Immune System and Other Distributed Autonomous Systems , 2001 .

[33]  V. Golovko,et al.  Neural Network Ensembles for Intrusion Detection , 2007, 2007 4th IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications.

[34]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[35]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..