Abstract
Intrusion Detection is an essential and critical component of network security systems. The key ideas are to discover useful patterns or features that describe user behavior on a system, and use the set of relevant features to build classifiers that can recognize anomalies and known intrusions, hopefully in real time. In this paper, a hybrid neural network technique is proposed, which consists of the self-organizing map (SOM) and the radial basis function (RBF) network, aiming at optimizing the performance of the recognition and classification of novel attacks for intrusion detection. The optimal network architecture of the RBF network is determined automatically by the improved SOM algorithm. The intrusion feature vectors are extracted from a benchmark dataset (the KDD-99) designed by DARPA. The experimental results demonstrate that the proposed approach performance especially in terms of both efficient and accuracy.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Hofmann, A., Schmitz, C., Sick, B.: Rule extraction from neural networks for intrusion detection in computer networks. In: IEEE International Conference on Systems, Man and Cybernetics, October 5-8, vol. 2 (2003)
Denning, E.D.: An intrusion detection model. In: Proceedings of the IEEE Symposium on Security and Privacy, S&P 1986, pp. 118–133 (1986)
Cannady, J.: Artificial neural networks for misuse detection. In: Proceedings of the 1998 National Information Systems Security Conference (NISSC 1998), Arlington, VA, October 5-8, pp. 443–456 (1998)
Ghosh, A.K., Schwartzbard, A.: A study in using neural networks for anomaly and misuse detection. In: Proceedings of USENIX Security Symposium (1999)
Lippmann, R.P., Cunningham, R.K.: Improving intrusion detection performance using keyword selection and neural networks. Computer Networks (Amsterdam, Netherlands:1999) 34(4), 597–603 (1999)
Pan, Z.-S., Chen, S.-C., Hu, G.-B., Zhang, D.-Q.: Hybrid neural network and C4.5 for misuse detection. In: 2003 International Conference on Machine Learning and Cybernetics, November 2-5, vol. 4 (2003)
Cannady, J.: Applying CMAC-based online learning to intrusion detection. In: Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks, IJCNN 2000, July 24-27, vol. 5 (2000)
Rapaka, A., Novokhodko, A., Wunsch, D.: Intrusion detection using radial basis function network on sequences of system calls. In: Proceedings of the International Joint Conference on Neural Networks, vol. 3 (2003)
Xiong, Q., Hirasawa, K., Hu, J., Murata, J.: Growing RBF structures using self-organizing maps. In: Proceedings of 9th IEEE International Workshop on Robot and Human Interactive Communication, RO-MAN 2000, September 27-29, pp. 107–111 (2000)
Ambwani, T.: Multi class support vector machine implementation to intrusion detection. In: Proceedings of the International Joint Conference on Neural Networks, July 20-24, vol. 3 (2003)
Kohonen, T.: Self-Organizing Maps. Springer, Berlin (1997)
Fritzke, B.: Growing cell structure: A self-organizing network for supervised and un-supervised learning. Neural Networks 7, 1441–1460 (1994)
Wu, S., Chow, T.W.S.: Induction machine fault detection using SOM-based RBF neural networks. IEEE Transactions on Industrial Electronics 51(1), 183–194 (2004)
Hettich, S., Bay, S.D.: The UCI KDD archive. Department of Information and Computer Science. University of California, Irvine (1999), http://kdd.ics.uci.edu
Lee, S.C., Heinbuch, D.V.: Training a neural-network based intrusion detector to recognize novel attacks. IEEE Transactions on Systems, Man and Cybernetics, Part A 31(4), 294–299 (2001)
Ramadas, M., Ostermann, S., Tjaden, B.: Detecting anomalous network traffic with self-organizing maps. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 36–54. Springer, Heidelberg (2003)
Guan, Y., Ghorbani, A.A., Belacel, N.: Y-means: A clustering method for intrusion detection. In: Proceeding IEEE Canadian Conference on Electrical and Computer Engineering, pp. 1083–1086 (2003)
Lei, J.Z., Ghorbani, A.: Network intrusion detection using an improved competitive learning neural network. In: Proceedings Second Annual Conference on Communication Networks and Services Research, May 19-21, pp. 190–197 (2004)
Sung, A.H., Mukkamala, S.: Identifying important features for intrusion detection using support vector machines and neural networks. In: Proceedings 2003 Symposium on Applications and the Internet, , Janaury 27-31 (2003)
Liu, Z., Florez, G., Bridges, S.M.: A comparison of input representations in neural networks: a case study in intrusion detection. In: Proceedings of the 2002 International Joint Conference on Neural Networks, IJCNN 2002, May 12-17, vol. 2, pp. 1708–1713 (2002)
Liu, Z., Bridges, S.M., Vaughn, R.B.: Classification of anomalous traces of privileged and parallel programs by neural networks. In: The 12th IEEE International Conference on Fuzzy Systems, FUZZ 2003, May 25-28, vol. 2, pp. 1225–1230 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pan, W., Li, W. (2005). A Hybrid Neural Network Approach to the Classification of Novel Attacks for Intrusion Detection. In: Pan, Y., Chen, D., Guo, M., Cao, J., Dongarra, J. (eds) Parallel and Distributed Processing and Applications. ISPA 2005. Lecture Notes in Computer Science, vol 3758. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11576235_58
Download citation
DOI: https://doi.org/10.1007/11576235_58
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29769-7
Online ISBN: 978-3-540-32100-2
eBook Packages: Computer ScienceComputer Science (R0)