Advertisement

A Comparison of Neural Projection Techniques Applied to Intrusion Detection Systems

  • Álvaro Herrero
  • Emilio Corchado
  • Paolo Gastaldo
  • Rodolfo Zunino
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4507)

Abstract

This paper reviews one nonlinear and two linear projection architectures, in the context of a comparative study, which are used as either alternative or complementary tools in the identification and analysis of anomalous situations by Intrusion Detection Systems (IDSs). Three neural projection models are empirically compared, using real traffic data sets in an IDS framework. The specific multivariate data analysis techniques that drive these models are able to identify different factors or components by studying higher order statistics - variance and kurtosis - in order to display the most interesting projections or dimensions. Our research describes how a network manager is able to diagnose anomalous behaviour in data traffic through visual projection of network traffic. We also emphasize the importance of the time-dependent variable in the application of these projection methods.

Keywords

Unsupervised Learning Neural Networks Exploratory Projection Pursuit Auto-Associative Back-Propagation Principal Component Analysis Computer Network Security Visualization Intrusion Detection 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Friedman, J.H., Tukey, J.W.: A Projection Pursuit Algorithm for Exploratory Data-Analysis. IEEE Transactions on Computers 23(9), 881–890 (1974)zbMATHCrossRefGoogle Scholar
  2. 2.
    Pearson, K.: On Lines and Planes of Closest Fit to Systems of Points in Space. Philosophical Magazine 2(6), 559–572 (1901)Google Scholar
  3. 3.
    Hotelling, H.: Analysis of a Complex of Statistical Variables Into Principal Components. Journal of Education Psychology 24, 417–444 (1933)CrossRefGoogle Scholar
  4. 4.
    Corchado, E., MacDonald, D., Fyfe, C.: Maximum and Minimum Likelihood Hebbian Learning for Exploratory Projection Pursuit. Data Mining and Knowledge Discovery 8(3), 203–225 (2004)CrossRefMathSciNetGoogle Scholar
  5. 5.
    Zanero, S.: Analyzing TCP Traffic Patterns Using Self Organizing Maps. In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol. 3617, pp. 83–90. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Sarasamma, S.T., Zhu, Q.M.A., Huff, J.: Hierarchical Kohonenen Net for Anomaly Detection in Network Security. IEEE Transactions on Systems Man and Cybernetics 35(2), 302–312 (2005)CrossRefGoogle Scholar
  7. 7.
    Carpinteiro, O.A.S., Netto, R.S., Lima, I., de Souza, A.C.Z., Moreira, E.M., Pinheiro, C.A.M.: A Neural Model in Intrusion Detection Systems. In: Kollias, S., Stafylopatis, A., Duch, W., Oja, E. (eds.) ICANN 2006. LNCS, vol. 4132, pp. 856–862. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Zhang, C.L., Jiang, J., Kamel, M.: Intrusion Detection Using Hierarchical Neural Networks. Pattern Recognition Letters 26(6), 779–791 (2005)CrossRefGoogle Scholar
  9. 9.
    Debar, H., Becker, M., Siboni, D.: A Neural Network Component for an Intrusion Detection System. In: Proc. of the 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 240–250 (1992)Google Scholar
  10. 10.
    Ryan, J., Lin, M.J., Miikkulainen, R.: Intrusion Detection with Neural Networks. In: Advances in Neural Information Processing Systems (NIPS’97), vol. 10, pp. 943–949. The MIT Press, Cambridge (1998)Google Scholar
  11. 11.
    Fyfe, C.: PCA Properties of Interneurons: from Neurobiology to Real World Computing. In: Proc. of the Int. Conf. on Artificial Neural Networks, ICANN 1993, pp. 183–188. Springer, Heidelberg (1993)Google Scholar
  12. 12.
    Oja, E.: A Simplified Neuron Model as a Principal Component Analyzer. Journal of Mathematical Biology 15(3), 267–273 (1982)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Fyfe, C., Corchado, E.: Maximum Likelihood Hebbian Rules. In: Proc. of the 10th European Symposium on Artificial Neural Networks (ESANN 2002), pp. 143–148 (2002)Google Scholar
  14. 14.
    Corchado, E., Fyfe, C.: Connectionist Techniques for the Identification and Suppression of Interfering Underlying Factors. Int. Journal of Pattern Recognition and Artificial Intelligence 17(8), 1447–1466 (2003)CrossRefGoogle Scholar
  15. 15.
    Corchado, E., Han, Y., Fyfe, C.: Structuring Global Responses of Local Filters Using Lateral Connections. Journal of Experimental & Theoretical Artificial Intelligence 15(4), 473–487 (2003)zbMATHCrossRefGoogle Scholar
  16. 16.
    Seung, H.S., Socci, N.D., Lee, D.: The Rectified Gaussian Distribution. Advances in Neural Information Processing Systems 10, 350–356 (1998)Google Scholar
  17. 17.
    Kramer, M.A.: Nonlinear Principal Component Analysis Using Autoassociative Neural Networks. Aiche Journal 37(2), 233–243 (1991)CrossRefGoogle Scholar
  18. 18.
    Rumelhart, D.E., McClelland, J.L.: Parallel Distributed Processing. MIT Press, Cambridge (1986)Google Scholar
  19. 19.
    Hornik, K., Stinchcombe, M., White, H.: Multilayer Feedforward Networks Are Universal Approximators. Neural Networks 2(5), 359–366 (1989)CrossRefGoogle Scholar
  20. 20.
    Cybenko, G.: Approximations by Superpositions of Sigmoidal Functions. Mathematics of Control, Signal and Systems 2(4), 303–314 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Herrero, Á., Corchado, E.S., Sáiz, J.M.: MOVICAB-IDS: Visual Analysis of Network Traffic Data Streams for Intrusion Detection. In: Corchado, E.S., Yin, H., Botti, V., Fyfe, C. (eds.) IDEAL 2006. LNCS, vol. 4224, pp. 1424–1433. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Corchado, E.S., Herrero, Á., Sáiz, J.M.: Detecting Compounded Anomalous SNMP Situations Using Cooperative Unsupervised Pattern Recognition. In: Duch, W., Kacprzyk, J., Oja, E., Zadrożny, S. (eds.) ICANN 2005. LNCS, vol. 3697, pp. 905–910. Springer, Heidelberg (2005)Google Scholar
  23. 23.
    Cisco Secure Consulting. Vulnerability Statistics Report (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Álvaro Herrero
    • 1
  • Emilio Corchado
    • 1
  • Paolo Gastaldo
    • 2
  • Rodolfo Zunino
    • 2
  1. 1.Civil Engineering Department, University of Burgos, C/ Francisco de Vitoria s/n, 09006, BurgosSpain
  2. 2.Department of Biophysical and Electronic Engineering (DIBE), Genoa University, Via Opera Pia 11a, 16145 GenoaItaly

Personalised recommendations