IDS Based on Bio-inspired Models

  • Paolo Gastaldo
  • Francesco Picasso
  • Rodolfo Zunino
  • Álvaro Herrero
  • Emilio Corchado
  • José Manuel Sáiz
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4693)


Unsupervised projection approaches can support Intrusion Detection Systems for computer network security. The involved technologies assist a network manager in detecting anomalies and potential threats by an intuitive display of the progression of network traffic. Projection methods operate as smart compression tools and map raw, high-dimensional traffic data into 2-D or 3-D spaces for subsequent graphical display. The paper compares three projection methods, namely, Cooperative Maximum Likelihood Hebbian Learning, Auto-Associative Back-Propagation networks and Principal Component Analysis. Empirical tests on anomalous situations related to the Simple Network Management Protocol (SNMP) confirm the validity of the projection-based approach. One of these anomalous situations (the SNMP community search) is faced by these projection models for the first time. This work also highlights the importance of the time-information dependence in the identification of anomalous situations in the case of the applied methods.


Unsupervised Learning Projection Methods Auto-Associative Back-Propagation Computer Network Security Intrusion Detection Visualization 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Laskov, P., Dussel, P., Schafer, C., Rieck, K.: Learning Intrusion Detection: Supervised or Unsupervised? In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol. 3617, pp. 50–57. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Hertz, J.A., Krogh, A., Palmer, R.G.: Introduction to the Theory of Neural Computation. Addison-Wesley, Redwood City, CA (1991)Google Scholar
  3. 3.
    Friedman, J.H., Tukey, J.W.: A Projection Pursuit Algorithm for Exploratory Data-Analysis. IEEE Transactions on Computers 23(9), 881–890 (1974)CrossRefzbMATHGoogle Scholar
  4. 4.
    Corchado, E., Herrero, A., Sáiz, J.M.: Detecting Compounded Anomalous SNMP Situations Using Cooperative Unsupervised Pattern Recognition. In: Duch, W., Kacprzyk, J., Oja, E., Zadrożny, S. (eds.) ICANN 2005. LNCS, vol. 3697, pp. 905–910. Springer, Heidelberg (2005)Google Scholar
  5. 5.
    Zheng, J., Hu, M.: An Anomaly Intrusion Detection System Based on Vector Quantization. IEICE - Trans. Inf. Syst. E89-D(1), 201–210 (2006)CrossRefGoogle Scholar
  6. 6.
    Corchado, E., Fyfe, C.: Connectionist Techniques for the Identification and Suppression of Interfering Underlying Factors. Int. J. Patt. Recogn. Artif. Intell. 17(8), 1447–1466 (2003)CrossRefGoogle Scholar
  7. 7.
    Kramer, M.A.: Nonlinear Principal Component Analysis Using Autoassociative Neural Networks. AIChE Journal 37(2), 233–243 (1991)CrossRefGoogle Scholar
  8. 8.
    Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 162–182. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Sabhnani, M., Serpen, G.: Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context. In: 2003 Int. Conference on Machine Learning, Models, Technologies and Applications, pp. 623–630 (2003)Google Scholar
  10. 10.
    Lee, W., Xiang, D.: Information-theoretic Measures for Anomaly Detection. In: Proc. IEEE Symposium on Security and Privacy (S&P 2001), pp. 130–143. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  11. 11.
    Lee, W., Stolfo, S.J., Mok, K.W.: Mining in a Data-Flow Environment: Experience in Network Intrusion Detection. In: Proc. 5th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, ACM Press, San Diego, California (1999)Google Scholar
  12. 12.
    Lee, W., Stolfo, S.J., Mok, K.W.: Adaptive Intrusion Detection: A Data Mining Approach. Artificial Intelligence Review 14(6), 533–567 (2000)CrossRefzbMATHGoogle Scholar
  13. 13.
    Corchado, E., MacDonald, D., Fyfe, C.: Maximum and Minimum Likelihood Hebbian Learning for Exploratory Projection Pursuit. Data Mining and Knowledge Discovery 8(3), 203–225 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Seung, H.S., Socci, N.D., Lee, D.: The Rectified Gaussian Distribution. Advances in Neural Information Processing Systems 10, 350–356 (1998)Google Scholar
  15. 15.
    Rumelhart, D.E., McClelland, J.L.: Parallel Distributed Processing. MIT Press, MA (1986)Google Scholar
  16. 16.
    Cisco Secure Consulting: Vulnerability Statistics Report (2000)Google Scholar
  17. 17.
    Herrero, A., Corchado, E., Gastaldo, P., Zunino, R.: A Comparison of Neural Projection Techniques Applied to Intrusion Detection Systems. In: Sandoval, F., Prieto, A., Cabestany, J., Graña, M. (eds.) IWANN’2007. LNCS, vol. 4507, pp. 1138–1146. Springer, Heidelberg (2007)Google Scholar
  18. 18.
    Herrero, A., Corchado, E., Sáiz, J.M.: MOVICAB-IDS: Visual Analysis of Network Traffic Data Streams for Intrusion Detection. In: Corchado, E., Yin, H., Botti, V., Fyfe, C. (eds.) IDEAL 2006. LNCS, vol. 4224, pp. 1424–1433. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Paolo Gastaldo
    • 1
  • Francesco Picasso
    • 1
  • Rodolfo Zunino
    • 1
  • Álvaro Herrero
    • 2
  • Emilio Corchado
    • 2
  • José Manuel Sáiz
    • 2
  1. 1.Dept. of Biophysical and Electronic Engineering (DIBE), Genoa University, Via Opera Pia 11a, 16145 GenoaItaly
  2. 2.Department of Civil Engineering, University of Burgos, C/ Francisco de Vitoria s/n, 09006 BurgosSpain

Personalised recommendations