A Hybrid Network Anomaly and Intrusion Detection Approach Based on Evolving Spiking Neural Network Classification

  • Konstantinos DemertzisEmail author
  • Lazaros Iliadis
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 441)


The evolution of network services is closely connected to the understanding and modeling of their corresponding traffic. The obtained conclusions are related to a wide range of applications, like the design of the transfer lines’ capacity, the scalar taxing of customers, the security violations and the spotting of errors and anomalies. Intrusion Detection Systems (IDS) monitor and analyze the events in traffic, to locate indications for potential intrusion and integrity violation attacks, resulting in the violation of trust and availability of information resources. They act in a complimentary mode with the existing security infrastructure, aiming in the early warning of the administrator, offering him details that will let him reach proper decisions and correction actions. This paper proposes a network-based online system, which uses minimum computational power to analyze only the basic characteristics of network flow, so as to spot the existence and the type of a potential network anomaly. It is a Hybrid Machine Learning Anomaly Detection System (HMLADS), which employs classification performed by Evolving Spiking Neural Networks (eSNN), in order to properly label a Potential Anomaly (PAN) in the net. On the other hand it uses a Multi-Layer Feed Forward (MLFF) ANN to classify the exact type of the intrusion.


Security Network intrusion and anomalies Machine learning Evolving spiking neural networks Multi-layer neural network 


  1. 1.
    Dahlia, A., Zainaddin, A., Hanapi, Z.M.: Hybrid of fuzzy clustering neural network over NSL dataset for intrusion detection system. J. Comput. Sci. 9(3), 391–403 (2013)CrossRefGoogle Scholar
  2. 2.
    Delorme, A., Perrinet, L., Thorpe, S.J.: Networks of integrate-and-fire neurons using rank order coding B: spike timing dependant plasticity and emergence of orientation selectivity. Neurocomputing 38–40(1–4), 539–545 (2000)Google Scholar
  3. 3.
    Denning, E.D.: An Intrusion-Detection model. IEEE Trans. Softw. Eng. 13, 222–232 (1987). doi: 10.1109/TSE.1987.232894 CrossRefGoogle Scholar
  4. 4.
    Garcıa, P., Verdejo, J., Fernandez, G., Vazquez, E.: Anomaly-based network intrusion detection: techniques, systems & challenges. Comput. Secur. 28, 18–28 (2009). ElsevierCrossRefGoogle Scholar
  5. 5.
    George, H.J.: Estimating continuous distributions in Bayesian classifiers. In: Proceedings of the UAI’ 95, pp. 338–345. Morgan Kaufmann Publishers Inc., San Francisco (1995)Google Scholar
  6. 6.
    Heaton, J.: Introduction to Neural Networks with Java (2008). ISBN 097732060XGoogle Scholar
  7. 7.
    Jakir, H., Rahman, A., Sayeed, S., Samsuddin, K., Rokhani, F.: A modified hybrid fuzzy clustering algorithm for data partitions. Aust. J. Basic Appl. Sci. 5, 674–681 (2011)Google Scholar
  8. 8.
    Kasabov, N.: Evolving Connectionist Systems: The Knowledge Engineering Approach. Springer, New York (2006)Google Scholar
  9. 9.
    Günes, K.H., Heywood, A.N.Z., Heywood, M.I.: Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Intrusion Detection Datasets, Natural Sciences and Engineering Research Council of Canada (1999)Google Scholar
  10. 10.
    Kohavi, R.: A study of cross-validation and bootstrap for accuracy estimation and model selection. In: 14th International Joint Conference on Artificial Intelligence, vol. 2, no. 12, pp. 1137–1143 (1995)Google Scholar
  11. 11.
    Βharti, K., Shweta, J., Sanyam, S.: Fuzzy K-mean clustering via random forest for intrusion detection system. Int. J. Comput. Sci. Eng. 02(06), 2197–2200 (2010)Google Scholar
  12. 12.
    Mehdi, B., Mohammad, B.: An overview to software architecture in intrusion detection system. Int. J. Soft Comput. Softw. Eng. (2012). doi: 10.7321/jscse.v1.n1.1 Google Scholar
  13. 13.
    Muna, M., Jawhar, T., Mehrotra, M.: Design network intrusion system using hybrid fuzzy neural network. Int. J. Comput. Sci. Secur. 4(3), 285–294 (2009)Google Scholar
  14. 14.
    Mehdi, M., Zulkernine, M.: A neural network based system for intrusion detection and classification of attacks. In: IEEE International Conference on Advances in Intelligent Systems - Theory and Applications (2004)Google Scholar
  15. 15.
    Mukhopadhyay, I.: Implementation of Kalman filter in intrusion detection system. In: Proceeding of International Symposium on Communications and IT, Vientiane (2008)Google Scholar
  16. 16.
    Novikov, D., Yampolskiy, R.V., Reznik, L.: Anomaly detection based intrusion detection. In: Proceedings of the Third International Conference on IT: New Generations, 10–12 April. IEEE (2006)Google Scholar
  17. 17.
    Puketza, N., Zhang, K., Chung, M., Mukherjee, B., Olsson, R.A.: A methodology for testing intrusion detection system. IEEE Trans. Softw. Eng. 22, 719–729 (1996)CrossRefGoogle Scholar
  18. 18.
    Han, S.-J., Cho, S.-B.: Evolutionary neural networks for anomaly detection based on the behavior of a program. IEEE Trans. Syst. Man Cybern. 36, 559–570 (2005)CrossRefGoogle Scholar
  19. 19.
    Schliebs, S., Defoin-Platel, M., Kasabov, N.: Integrated feature and parameter optimization for an evolving spiking neural network. In: 15th International Conference, ICONIP 2008 (2009)Google Scholar
  20. 20.
    Stolfo, S.J., Wei, F., Wenke, L., Prodromidis, A., Chan, P.K.: Cost-based modeling and evaluation for data mining with application to fraud and intrusion detection: results from the JAM project. In: DISCEX ‘00 (2000)Google Scholar
  21. 21.
    Suguna, J., Selvi, A.M.: Ensemble fuzzy clustering for mixed numeric and categorical data. Int. J. Comput. Appli. 2012(42), 19–23 (2012). doi: 10.5120/5673-7705 Google Scholar
  22. 22.
    Tartakovskya, A.G., Rozovskii, B.L., Blazek, R.B., Hongjoong, K.: A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods. IEEE 54(9), 3372–3382 (2006)Google Scholar
  23. 23.
    Zhou, T.-J.: The research of intrusion detection based on genetic neural network. IEEE Xplore Press, Hong Kong, pp. 276–281 (2008). doi: 10.1109/ICWAPR.2008.4635789
  24. 24.
    Thorpe, S.J., Delorme, A., van Rullen, R.: Spike-based strategies for rapid processing. Neural Networks 14(6–7), 715–725 (2001)CrossRefGoogle Scholar
  25. 25.
    Thorpe, S.J., Gautrais, J.: Rank order coding. In: CNS ’97, pp. 113–118 (1998)Google Scholar
  26. 26.
    Vapnik, V.: The Nature of Statistical Learning Theory, 2nd edn, p. 188. Springer, New York (1995). ISBN 10:0387945598zbMATHCrossRefGoogle Scholar
  27. 27.
    Wei, L., Ghorbani, A.A.: Network anomaly detection based on wavelet analysis. EURASIP 2009, 1–16 (2009). (Article No. 4, Hindawi Publishing Corp., New York)Google Scholar
  28. 28.
    Wysoski, S.G., Benuskova, L., Kasabov, N.: Adaptive learning procedure for a network of spiking neurons and visual pattern recognition. In: Blanc-Talon, J., Philips, W., Popescu, D., Scheunders, P. (eds.) ACIVS 2006. LNCS, vol. 4179, pp. 1133–1142. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.Department of Forestry and Management of the Environment and Natural ResourcesDemocritus University of ThraceN. OrestiadaGreece

Personalised recommendations