Advertisement

Traffic Data Preparation for a Hybrid Network IDS

  • Álvaro Herrero
  • Emilio Corchado
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5271)

Abstract

An increasing effort has being devoted to researching on the field of Intrusion Detection Systems (IDS’s). A wide variety of artificial intelligence techniques and paradigms have been applied to this challenging task in order to identify anomalous situations taking place within a computer network. Among these techniques is the neural network approach whose models (or most of them) have some difficulties in processing traffic data “on the fly”. The present work addresses this weakness, emphasizing the importance of an appropriate segmentation of raw traffic data for a successful network intrusion detection relying on unsupervised neural models. In this paper, the presented neural model is embedded in a hybrid artificial intelligence IDS which integrates the case based reasoning and multiagent paradigms.

Keywords

Computer Network Security Network Intrusion Detection Artificial Neural Networks Unsupervised Learning Projection Methods Artificial Intelligence Hybrid Artificial Intelligence Systems 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Technical Report, Washington, PA, James P. Anderson Co. (1980)Google Scholar
  2. 2.
    Herrero, Á., Corchado, E., Pellicer, M., Abraham, A.: Hybrid Multi Agent-Neural Network Intrusion Detection with Mobile Visualization. In: Innovations in Hybrid Intelligent Systems. Advances in Soft Computing, vol. 44, pp. 320–328. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Spafford, E.H., Zamboni, D.: Intrusion Detection Using Autonomous Agents. Computer Networks: The Int. Journal of Computer and Telecommunications Networking 34(4), 547–570 (2000)Google Scholar
  4. 4.
    Hegazy, I.M., Al-Arif, T., Fayed, Z.T., Faheem, H.M.: A Multi-agent Based System for Intrusion Detection. IEEE Potentials 22(4), 28–31 (2003)CrossRefGoogle Scholar
  5. 5.
    Dasgupta, D., Gonzalez, F., Yallapu, K., Gomez, J., Yarramsettii, R.: CIDS: An agent-based intrusion detection system. Computers & Security 24(5), 387–398 (2005)CrossRefGoogle Scholar
  6. 6.
    Wang, H.Q., Wang, Z.Q., Zhao, Q., Wang, G.F., Zheng, R.J., Liu, D.X.: Mobile Agents for Network Intrusion Resistance. In: Shen, H.T., Li, J., Li, M., Ni, J., Wang, W. (eds.) APWeb Workshops 2006. LNCS, vol. 3842, pp. 965–970. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Deeter, K., Singh, K., Wilson, S., Filipozzi, L., Vuong, S.: APHIDS: A Mobile Agent-Based Programmable Hybrid Intrusion Detection System. In: Karmouch, A., Korba, L., Madeira, E.R.M. (eds.) MATA 2004. LNCS, vol. 3284, pp. 244–253. Springer, Heidelberg (2004)Google Scholar
  8. 8.
    Laskov, P., Dussel, P., Schafer, C., Rieck, K.: Learning Intrusion Detection: Supervised or Unsupervised? In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol. 3617, pp. 50–57. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Liao, Y.H., Vemuri, V.R.: Use of K-Nearest Neighbor Classifier for Intrusion Detection. Computers & Security 21(5), 439–448 (2002)CrossRefGoogle Scholar
  10. 10.
    Sarasamma, S.T., Zhu, Q.M.A., Huff, J.: Hierarchical Kohonenen Net for Anomaly Detection in Network Security. IEEE Transactions on Systems Man and Cybernetics, Part B 35(2), 302–312 (2005)CrossRefGoogle Scholar
  11. 11.
    Zanero, S., Savaresi, S.: Unsupervised Learning Techniques for an Intrusion Detection System. In: Proc. of the ACM Symposium on Applied Computing, pp. 412–419 (2004)Google Scholar
  12. 12.
    Corchado, E., Herrero, A., Sáiz, J.M.: Detecting Compounded Anomalous SNMP Situations Using Cooperative Unsupervised Pattern Recognition. In: Duch, W., Kacprzyk, J., Oja, E., Zadrożny, S. (eds.) ICANN 2005. LNCS, vol. 3697, pp. 905–910. Springer, Heidelberg (2005)Google Scholar
  13. 13.
    Sindhu, S.S.S., Ramasubramanian, P., Kannan, A.: Intelligent Multi-agent Based Genetic Fuzzy Ensemble Network Intrusion Detection. In: Pal, N.R., Kasabov, N., Mudi, R.K., Pal, S., Parui, S.K. (eds.) ICONIP 2004. LNCS, vol. 3316, pp. 983–988. Springer, Heidelberg (2004)Google Scholar
  14. 14.
    Middlemiss, M., Dick, G.: Feature Selection of Intrusion Detection Data Using a Hybrid Genetic Algorithm/KNN Approach. In: Design and application of hybrid intelligent systems, pp. 519–527. IOS Press, Amsterdam (2003)Google Scholar
  15. 15.
    Kholfi, S., Habib, M., Aljahdali, S.: Best Hybrid Classifiers for Intrusion Detection. Journal of Computational Methods in Science and Engineering 6(2), 299–307 (2006)Google Scholar
  16. 16.
    Babu, S., Subramanian, L., Widom, J.: A Data Stream Management System for Network Traffic Management. In: Proc. of Workshop on Network-Related Data Management (NRDM 2001) (2001)Google Scholar
  17. 17.
    Dreger, H., Feldmann, A., Paxson, V., Sommer, R.: Operational Experiences with High-volume Network Intrusion Detection. In: Proc. of the 11th ACM Conf. on Computer and Communications Security, pp. 2–11. ACM Press, New York (2004)CrossRefGoogle Scholar
  18. 18.
    Hall, M., Wiley, K.: Capacity Verification for High Speed Network Intrusion Detection Systems. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 239–251. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  19. 19.
    Lee, W., Stolfo, S.J., Mok, K.W.: Mining in a Data-Flow Environment: Experience in Network Intrusion Detection. In: Proceedings of the Fifth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM Press, San Diego (1999)Google Scholar
  20. 20.
    Elkan, M.: Results of the KDD 1999 Classifier Learning Contest (1999), http://www-cse.ucsd.edu/users/elkan/clresults.html
  21. 21.
    Wooldridge, M., Jennings, N.R.: Agent theories, architectures, and languages: A survey. Intelligent Agents (1995)Google Scholar
  22. 22.
    Corchado, E., MacDonald, D., Fyfe, C.: Maximum and Minimum Likelihood Hebbian Learning for Exploratory Projection Pursuit. Data Mining and Knowledge Discovery 8(3), 203–225 (2004)CrossRefMathSciNetGoogle Scholar
  23. 23.
    Corchado, E., Fyfe, C.: Connectionist Techniques for the Identification and Suppression of Interfering Underlying Factors. Int. Journal of Pattern Recognition and Artificial Intelligence 17(8), 1447–1466 (2003)CrossRefGoogle Scholar
  24. 24.
    Aamodt, A., Plaza, E.: Case-Based Reasoning - Foundational Issues, Methodological Variations, and System Approaches. AI Communications 7(1), 39–59 (1994)Google Scholar
  25. 25.
    Carrascosa, C., Bajo, J., Julián, V., Corchado, J.M., Botti, V.: Hybrid Multi-agent Architecture as a Real-Time Problem-Solving Model. Expert Systems with Applications: An International Journal 34(1), 2–17 (2008)CrossRefGoogle Scholar
  26. 26.
    Bratman, M.E.: Intentions, Plans and Practical Reason. Harvard University Press, Cambridge (1987)Google Scholar
  27. 27.
    Fyfe, C., Corchado, E.: Maximum Likelihood Hebbian Rules. In: Proc. of the 10th European Symposium on Artificial Neural Networks (ESANN 2002), pp. 143–148 (2002)Google Scholar
  28. 28.
    Corchado, E., Han, Y., Fyfe, C.: Structuring Global Responses of Local Filters Using Lateral Connections. Journal of Experimental & Theoretical Artificial Intelligence 15(4), 473–487 (2003)zbMATHCrossRefGoogle Scholar
  29. 29.
    Seung, H.S., Socci, N.D., Lee, D.: The Rectified Gaussian Distribution. Advances in Neural Information Processing Systems 10, 350–356 (1998)Google Scholar
  30. 30.
    Case, J., Fedor, M.S., Schoffstall, M.L., Davin, C.: Simple Network Management Protocol (SNMP). RFC-1157 (1990)Google Scholar
  31. 31.
    Cisco Secure Consulting. Vulnerability Statistics Report (2000)Google Scholar
  32. 32.
    Myerson, J.M.: Identifying Enterprise Network Vulnerabilities. Int. Journal of Network Management 12(3), 135–144 (2002)CrossRefGoogle Scholar
  33. 33.
    Stephen, L.: The Spinning Cube of Potential Doom. Commun. ACM 47(6), 25–26 (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Álvaro Herrero
    • 1
  • Emilio Corchado
    • 1
  1. 1.Department of Civil EngineeringUniversity of BurgosBurgosSpain

Personalised recommendations