Pattern Recognition for Intrusion Detection in Computer Networks

  • Giorgio Giacinto
  • Fabio Roli
Part of the Combinatorial Optimization book series (COOP, volume 13)


Nowadays an increasing number of commercial and public services are offered through the Internet, so that security is becoming a key issue. The so-called “attacks” on Internet service providers are carried out by exploiting both unknown weaknesses or bugs that are always contained in system and application software, and complex unforeseen interactions between software components and/or network protocols [1], [2]. The objective of computer attacks is to obtain unauthorized access to the information stored in computer systems and/or to cause a temporary unavailability of its services. The so-called “first line” of defence against attacks is made up of a number of access restriction policies that act as a coarse grain filter. Intrusion detection systems (IDSs) are the fine grain filter placed inside the protected network, that look for known or potential threats in network traffic and/or in audit data recorded by hosts [2].


False Alarm Rate Intrusion Detection Intrusion Detection System Attack Type Attack Detection 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    J. McHugh, A. Christie, and J. Allen, Defending Yourself: The Role of Intrusion Detection Systems, ( IEEE Software, Sept./Oct. 2000 ) pp. 42–51.Google Scholar
  2. [2]
    P.E. Proctor, The Practical Intrusion Detection Handbook, (Prentice Hall, 2001 ).Google Scholar
  3. [3]
    D.E. Denning, An Intrusion-Detection Model, (IEEE Trans. on Software Engineering, SE-13(2), 1987 ) pp. 222–232.Google Scholar
  4. [4]
    J. McHugh, Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory, (ACM Transactions on Information and System Security, 3 (4), 2000 ) pp. 262–294.Google Scholar
  5. [5]
    S. Northcutt, M. Cooper, M. Fearnow, K. Frederick, Intrusion Signatures and Analysis, ( New Riders, Indianapolis, 2001 ).Google Scholar
  6. [6]
    J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel, E. Storner, State of the Practice of Intrusion Detection Technologies, (Tech. Rep. CMU/SEI-99-TR-028, 2000 )Google Scholar
  7. [7]
    R. Duda, P. Hart, D.G. Stork, Pattern Classification, (John Wiley&Sons, 2001 )zbMATHGoogle Scholar
  8. [8]
    H. Debar, M. Becker, D. Siboni, A Neural Network Component for an Intrusion Detection System, (Proc. of the IEEE Symp. on Research in Security and Privacy, Oakland, CA, USA, 1992 ), pp. 240–250.Google Scholar
  9. [9]
    J. Ryan, M.J. Lin, R. Miikkulainen, Intrusion Detection with Neural Networks, (in: Advances in Neural Information Processing Systems 10, M. Jordan et al., Eds., Cambridge, MA: MIT Press, 1998 ) pp. 943–949.Google Scholar
  10. [10]
    J.M. Bonifacio et al., Neural Networks Applied in Intrusion Detection Systems, (Proc. of the IEEE World congress on Comp.Intell. (WCCI ‘88), 1998 ).Google Scholar
  11. [11]
    A.K. Ghosh and A. Schwartzbard, A Study in Using Neural Networks for Anomaly and Misuse Detection, (Proc. of the USENIX Security Symposium, August 23–26, 1999, Washington, USA).Google Scholar
  12. [12]
    J. Cannady, An Adaptive Neural Network Approach to Intrusion Detection and Response, (PhD Thesis, School of Comp. and Inf. Sci., Nova Southeastern University, 2000 ).Google Scholar
  13. [13]
    R.P. Lippmann and R.K. Cunningham, Improving Intrusion Detection Performance Using Keyword Selection and Neural Networks, (Computer Networks, 34, 2000 ) pp. 597–603.CrossRefGoogle Scholar
  14. [14]
    S.C. Lee, D.V. Heinbuch, Training a Neural-Network Based Intrusion Detector to Recognize Novel Attacks, (IEEE Trans. on Systems, Man, and Cybernetics, Part A, 31, 2001 ), pp. 294–299.CrossRefGoogle Scholar
  15. [15]
    J. Kittler, M. Hatef, R.P.W. Duin, J. Matas, On Combining Classifiers, (IEEE Trans. on Pattern Analysis and Machine Intelligence, 20 (3), 1998 ), pp. 226–229.CrossRefGoogle Scholar
  16. [16]
    J. Kittler and F. Roli (eds.), Multiple Classifier Systems, (LNCS 2096, Springer, 2001 ).zbMATHGoogle Scholar
  17. [17]
    C. Elkan, Results of the KDD’99 Classifier Learning, (ACM SIGKDD Explorations, 1, 2000 ), pp. 63–64.Google Scholar
  18. [18]
    W. Lee and S.J. Stolfo, A Framework for Constructing Features and Models for Intrusion Detection systems, (ACM Trans. on Information and System Security, 3 (4), 2000 ) pp. 227–261.Google Scholar
  19. [19]
    T. Bass, Intrusion Detection Systems and Multisensor Data Fusion, (Communications of the ACM, 43 (4), 2000 ), pp. 99–105.Google Scholar
  20. [20]
    S. Axelsson, The Base-Rate Fallacy and the Difficulty of Intrusion Detection, (ACM Trans. on Information and System Security, 3 (3), 2000 ), pp. 186–205.MathSciNetGoogle Scholar
  21. [21]
    L. Xu, A. Krzyzak and C.Y. Suen, Methods for Combining Multiple Classifiers and Their Applications to Handwriting Recognition, (IEEE Trans. Systems, Man and Cybernetics 22, 1992 ) pp. 418–435.CrossRefGoogle Scholar
  22. [22]
  23. [23]
  24. [24]
    F. Rolff, Multisensor Image Recognition by Neural Networks with Understandable Behaviour, (International Journal of Pattern Recognition and Artificial Intelligence, 10, 1996 ) pp. 887–917.Google Scholar

Copyright information

© Kluwer Academic Publishers 2003

Authors and Affiliations

  • Giorgio Giacinto
    • 1
  • Fabio Roli
    • 1
  1. 1.Department of Electrical and Electronic EngineeringUniversity of CagliariCagliariItaly

Personalised recommendations