Agents and Neural Networks for Intrusion Detection

  • Álvaro Herrero
  • Emilio Corchado
Part of the Advances in Soft Computing book series (AINSC, volume 53)


Up to now, several Artificial Intelligence (AI) techniques and paradigms have been successfully applied to the field of Intrusion Detection in Computer Networks. Most of them were proposed to work in isolation. On the contrary, the new approach of hybrid artificial intelligent systems, which is based on the combination of AI techniques and paradigms, is probing to successfully address complex problems. In keeping with this idea, we propose a hybrid use of three widely probed paradigms of computational intelligence, namely Multi-Agent Systems, Case Based Reasoning and Neural Networks for Intrusion Detection. Some neural models based on different statistics (such as the distance, the variance, the kurtosis or the skewness) have been tested to detect anomalies in packet-based network traffic. The projection method of Curvilinear Component Analysis has been applied for the first time in this study to perform packet-based intrusion detection. The proposed framework has been probed through anomalous situations related to the Simple Network Management Protocol and normal traffic.


Multiagent Systems Case Based Reasoning Artificial Neural Networks Unsupervised Learning Projection Methods Computer Network Security Intrusion Detection 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chuvakin, A.: Monitoring IDS. Information Security Journal: A Global Perspective 12(6), 12–16 (2004)CrossRefGoogle Scholar
  2. 2.
    Wooldridge, M., Jennings, N.R.: Agent theories, architectures, and languages: A survey. Intelligent Agents (1995)Google Scholar
  3. 3.
    Spafford, E.H., Zamboni, D.: Intrusion Detection Using Autonomous Agents. Computer Networks: The Int. Journal of Computer and Telecommunications Networking 34(4), 547–570 (2000)Google Scholar
  4. 4.
    Hegazy, I.M., Al-Arif, T., Fayed, Z.T., Faheem, H.M.: A Multi-agent Based System for Intrusion Detection. IEEE Potentials 22(4), 28–31 (2003)CrossRefGoogle Scholar
  5. 5.
    Dasgupta, D., Gonzalez, F., Yallapu, K., Gomez, J., Yarramsettii, R.: CIDS: An agent-based intrusion detection system. Computers & Security 24(5), 387–398 (2005)CrossRefGoogle Scholar
  6. 6.
    Wang, H.Q., Wang, Z.Q., Zhao, Q., Wang, G.F., Zheng, R.J., Liu, D.X.: Mobile Agents for Network Intrusion Resistance. In: Shen, H.T., Li, J., Li, M., Ni, J., Wang, W. (eds.) APWeb Workshops 2006. LNCS, vol. 3842, pp. 965–970. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Deeter, K., Singh, K., Wilson, S., Filipozzi, L., Vuong, S.: APHIDS: A Mobile Agent-Based Programmable Hybrid Intrusion Detection System. In: Karmouch, A., Korba, L., Madeira, E.R.M. (eds.) MATA 2004. LNCS, vol. 3284, pp. 244–253. Springer, Heidelberg (2004)Google Scholar
  8. 8.
    Laskov, P., Dussel, P., Schafer, C., Rieck, K.: Learning Intrusion Detection: Supervised or Unsupervised? In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol. 3617, pp. 50–57. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Liao, Y.H., Vemuri, V.R.: Use of K-Nearest Neighbor Classifier for Intrusion Detection. Computers & Security 21(5), 439–448 (2002)CrossRefGoogle Scholar
  10. 10.
    Sarasamma, S.T., Zhu, Q.M.A., Huff, J.: Hierarchical Kohonenen Net for Anomaly Detection in Network Security. IEEE Transactions on Systems Man and Cybernetics, Part B 35(2), 302–312 (2005)CrossRefGoogle Scholar
  11. 11.
    Corchado, E., Herrero, A., Sáiz, J.M.: Detecting Compounded Anomalous SNMP Situations Using Cooperative Unsupervised Pattern Recognition. In: Duch, W., Kacprzyk, J., Oja, E., Zadrożny, S. (eds.) ICANN 2005. LNCS, vol. 3697, pp. 905–910. Springer, Heidelberg (2005)Google Scholar
  12. 12.
    Middlemiss, M., Dick, G.: Feature Selection of Intrusion Detection Data Using a Hybrid Genetic Algorithm/KNN Approach. In: Design and Application of Hybrid Intelligent Systems, pp. 519–527. IOS Press, Amsterdam (2003)Google Scholar
  13. 13.
    Kholfi, S., Habib, M., Aljahdali, S.: Best Hybrid Classifiers for Intrusion Detection. Journal of Computational Methods in Science and Engineering 6(2), 299–307 (2006)Google Scholar
  14. 14.
    Herrero, Á., Corchado, E., Pellicer, M., Abraham, A.: Hybrid Multi Agent-Neural Network Intrusion Detection with Mobile Visualization. In: Innovations in Hybrid Intelligent Systems. Advances in Soft Computing, vol. 44, pp. 320–328. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Corchado, J.M., Laza, R.: Constructing Deliberative Agents with Case-Based Reasoning Technology. International Journal of Intelligent Systems 18(12), 1227–1241 (2003)CrossRefGoogle Scholar
  16. 16.
    Pellicer, M.A., Corchado, J.M.: Development of CBR-BDI Agents. International Journal of Computer Science and Applications 2(1), 25–32 (2005)Google Scholar
  17. 17.
    Aamodt, A., Plaza, E.: Case-Based Reasoning - Foundational Issues, Methodological Variations, and System Approaches. AI Communications 7(1), 39–59 (1994)Google Scholar
  18. 18.
    Bratman, M.E.: Intentions, Plans and Practical Reason. Harvard University Press, Cambridge (1987)Google Scholar
  19. 19.
    Zambonelli, F., Jennings, N.R., Wooldridge, M.: Developing Multiagent Systems: the Gaia Methodology. ACM Transactions on Software Engineering and Methodology 12(3), 317–370 (2003)CrossRefGoogle Scholar
  20. 20.
    Pearson, K.: On Lines and Planes of Closest Fit to Systems of Points in Space. Philosophical Magazine 2(6), 559–572 (1901)Google Scholar
  21. 21.
    Demartines, P., Herault, J.: Curvilinear Component Analysis: A Self-Organizing Neural Network for Nonlinear Mapping of Data Sets. IEEE Transactions on Neural Networks 8(1), 148–154 (1997)CrossRefGoogle Scholar
  22. 22.
    Corchado, E., MacDonald, D., Fyfe, C.: Maximum and Minimum Likelihood Hebbian Learning for Exploratory Projection Pursuit. Data Mining and Knowledge Discovery 8(3), 203–225 (2004)CrossRefMathSciNetGoogle Scholar
  23. 23.
    Corchado, E., Fyfe, C.: Connectionist Techniques for the Identification and Suppression of Interfering Underlying Factors. Int. Journal of Pattern Recognition and Artificial Intelligence 17(8), 1447–1466 (2003)CrossRefGoogle Scholar
  24. 24.
    Oja, E.: A Simplified Neuron Model as a Principal Component Analyzer. Journal of Mathematical Biology 15(3), 267–273 (1982)zbMATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Sanger, D.: Contribution Analysis: a Technique for Assigning Responsibilities to Hidden Units in Connectionist Networks. Connection Science 1(2), 115–138 (1989)CrossRefGoogle Scholar
  26. 26.
    Fyfe, C.: A Neural Network for PCA and Beyond. Neural Processing Letters 6(1-2), 33–41 (1997)CrossRefGoogle Scholar
  27. 27.
    Kohonen, T.: The Self-Organizing Map. Proceedings of the IEEE 78(9), 1464–1480 (1990)CrossRefGoogle Scholar
  28. 28.
    Friedman, J.H., Tukey, J.W.: A Projection Pursuit Algorithm for Exploratory Data-Analysis. IEEE Transactions on Computers 23(9), 881–890 (1974)zbMATHCrossRefGoogle Scholar
  29. 29.
    Seung, H.S., Socci, N.D., Lee, D.: The Rectified Gaussian Distribution. Advances in Neural Information Processing Systems 10, 350–356 (1998)Google Scholar
  30. 30.
    Cisco Secure Consulting. Vulnerability Statistics Report (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Álvaro Herrero
    • 1
  • Emilio Corchado
    • 1
  1. 1.Department of Civil EngineeringUniversity of BurgosBurgosSpain

Personalised recommendations