Intrusion Detection and Classification of Attacks in High-Level Network Protocols Using Recurrent Neural Networks

  • Vicente Alarcon-Aquino
  • Carlos A. Oropeza-Clavel
  • Jorge Rodriguez-Asomoza
  • Oleg Starostenko
  • Roberto Rosas-Romero
Conference paper


This paper presents an application-based model for classifying and identifying attacks in a communications network and therefore guarantees its safety from HTTP protocol-based malicious commands. The proposed model is based on a recurrent neural network architecture and it is therefore suitable to work online and for analyzing non-linear patterns in real time to self-adjust to changes in its input environment. Three different neural network-based systems have been modelled and simulated for comparison purposes in terms of overall performance: a Feed-forward Neural Network, an Elman Network, and a Recurrent Neural Network. Simulation results show that the latter possesses a greater capacity than either of the others for the correct identification and classification of HTTP attacks, and it also reaches a result at a great speed, its somewhat taxing computing requirements notwithstanding.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    R. P. Lippmann, An Introduction to Computing with Neural Nets, in Neural Networks: Theoretical Foundations and Analysis, Edited by Clifford Lau, IEEE Press, 1992.Google Scholar
  2. [2]
    C. Lau, Artificial Neural Networks: Paradigms, Applications, and Hardware Implementations. IEEE Press, New Jersey. 1992. pp. 64- 90Google Scholar
  3. [3]
    B. Widrow, 30 Years of Adaptative Neural Networks:Perceptron, Madaline, and Backpropagation. Proc. IEEE, Vol. 78. 1990.Google Scholar
  4. [4]
    J. A. Anderson, An Introduction to Neural Networks. MIT Press, Cambridge, Massachusetts. 1997. pp. 12 - 52Google Scholar
  5. [5]
    S. Haykin, Neural Networks. Prentice Hall, 1998. pp. 274 - 298Google Scholar
  6. [6]
    V. Alarcon-Aquino, J.A. Mejía Sánchez, R. Rosas-Romero, J.F. Ramírez-Cruz., Detecting and Classifying Attacks in Computer Networks Using Feed-forward and Elman Neural Networks. Proceedings of the 1st European Conference on Computer Network Defense, EC2ND 2005, Wales, Uk. Springer Verlag 2005.Google Scholar
  7. [7]
    V. Alarcon-Aquino, J. A. Barria, Multi-resolution FIR Neural-Network-Based Learning Algorithm Applied to Network Traffic Prediction, IEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Review, Vol. 36, Issue No. 2, March 2006. pp. 208-220CrossRefGoogle Scholar
  8. [8]
    E. Torres, Sistema Inmunológico para la Detección de Intrusos a Nivel de Protocolo HTTP. Pontificia Universidad Javeriana, Bogotá, Colombia 2003.Google Scholar
  9. [9]
    Digital Security of the Future S21SEC URL
  10. [10]
    P. Inella, The Evolution of Intrusion Detection Systems, Tetrad Digital Integrity, LLC. EE.UU., 2001. pp. 1 - 15Google Scholar
  11. [11]
    M. Embrechts, MetaNeural tmHands-on. Rensselaer Polytechnic Institute, Troy NY. 1993. pp. 1- 5, 8 - 13Google Scholar
  12. [12]
    J. Willams, D. Zipser, Gradient-Based Learning Algorithm for Recurrent Connectionist Networks. La Jolla, CA Press. California, 1990. pp 1-5Google Scholar
  13. [13]
    M. Mak, K. Ku, Y. Lu, On the improvement of the Real-Time Recurrent Learning Algorithm for Recurrent Neural Networks, Department of Electronic Engineering, Hong Kong Polytechnic University, Hong Kong, 1998. pp. 1- 4Google Scholar
  14. [14]
    M. Mak, Application of A Fast Real Time Recurrent Learning Algorithm to Text-to-Phoneme Conversion, Department. of Electronic Engineering, Hong Kong Polytechnic University, Hong Kong, 1995. pp. 1- 5Google Scholar
  15. [15]
    A. Bivens, C. Palagiri, R. Smith, B. Szymanski, and M. Embrechts, Network-Based Intrusion Detection Using Neural Networks, Intelligent Engineering Systems through Artificial Neural Networks, Proc. Of ANNIE-2002, vol. 12, ASME Press, New York, 2002 pp. 579-584.Google Scholar
  16. [16]
    C. Manikopoulos, C. and S. Papavassiliou, Network Intrusion and Fault Detection: A Statistical Anomaly Approach, IEEE Communications Magazine, October 2002, pp. 76-82.Google Scholar
  17. [17]
    J. P. Planquart, Application of Neural Networks to Intrusion Detection, SANS Institute, July 2001.Google Scholar
  18. [18]
    W. Lisheng, X. Zongben, Sufficient and Neural Networks, IEEE Transactions on Circuits and Systems I, Vol. 5, Issue 6, June 2006.Google Scholar
  19. [19]
    V. Alarcon-Aquino, J. A. Barria, Anomaly Detection in Communication Networks Using Wavelets, IEE-Proceedings-Communications, Vol.148, No.6; Dec. 2001; p.355-362Google Scholar

Copyright information

© Springer Science+Business Media B.V. 2010

Authors and Affiliations

  • Vicente Alarcon-Aquino
    • 1
  • Carlos A. Oropeza-Clavel
    • 1
  • Jorge Rodriguez-Asomoza
    • 1
  • Oleg Starostenko
    • 1
  • Roberto Rosas-Romero
    • 1
  1. 1.Department of Computing, Electronics, and Mechatronics, Communication and Signal Processing Research GroupUniversidad de las Américas PueblaPueblaMexico

Personalised recommendations