Applying Artificial Intelligence Methods to Network Attack Detection

  • Alexander Branitskiy
  • Igor KotenkoEmail author
Part of the Intelligent Systems Reference Library book series (ISRL, volume 151)


This chapter reveals the methods of artificial intelligence and their application for detecting network attacks. Particular attention is paid to the representation of models based on neural, fuzzy, and evolutionary computations. The main object is a binary classifier, which is designed to match each input object to one of two sets of classes. Various schemes for combining binary classifiers are considered, which allows building models trained on different subsamples. Several optimizing techniques are proposed, both in terms of parallelization (for increasing the speed of training) and usage of aggregating compositions (for enhancing the classification accuracy). Principal component analysis is also considered, which is aimed at reducing the dimensionality of the analyzed attack feature vectors. A sliding window method was developed and adopted to decrease the number of false positives. Finally, the model efficiency indicators obtained during the experiments using the multifold cross-validation are provided.


Detect Network Attacks Aggregate Composition Neuro-fuzzy Network Incorrect Classification Rate Normal Behavior Patterns 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This research was supported by the Russian Science Foundation under grant number 18-11-00302.


  1. 1.
    Branitskiy A, Kotenko I (2016) Analysis and classification of methods for network attack detection. In: SPIIRAS Proceedings, vol 45(2), pp 207–244. (in Russian)CrossRefGoogle Scholar
  2. 2.
    Branitskiy A, Kotenko I (2015) Network attack detection based on combination of neural, immune and neuro-fuzzy classifiers. In: Plessl C, Baz DE, Cong G, Cardoso JMP, Veiga L, Rauber T (eds) Proceedings of the 18th IEEE International Conference on Computational Science and Engineering, IEEE Computer Society, Los Alamitos, CA, USA, pp 152–159.
  3. 3.
    Branitskiy A, Kotenko I (2017) Hybridization of computational intelligence methods for attack detection in computer networks. J Comput Sci 23:145–156. Scholar
  4. 4.
    Branitskiy A, Kotenko I (2017) Network anomaly detection based on an ensemble of adaptive binary classifiers. Computer Network Security. In: Rak J, Bay J, Kotenko I, Popyack L, Skormin V, Szczypiorski K (eds) Computer network security, pp 143–157. Springer, Cham. Scholar
  5. 5.
    Abraham A, Thomas J (2006) Distributed intrusion detection systems: a computational intelligence approach. In: Abbass HA, Essam D (eds) Applications of information systems to homeland security and defense. Idea Group, Hershey, PA, USA, pp 107–137.
  6. 6.
    Peddabachigari S, Abraham A, Grosan C, Thomas J (2007) Modeling intrusion detection system using hybrid intelligent systems. J Netw Comput Appl 30(1):114–132. Scholar
  7. 7.
    Mukkamala S, Sung AH, Abraham A (2003) Intrusion detection using ensemble of soft computing paradigms. In: Abraham A, Franke K, Köppen M (eds) Intelligent systems design and applications. Springer, Heidelberg, pp 239–248. Scholar
  8. 8.
    Mukkamala S, Sung AH, Abraham A (2005) Intrusion detection using an ensemble of intelligent paradigms. J Netw Comput Appl 28(2):167–182. Scholar
  9. 9.
    Toosi AN, Kahani M (2007) A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers. Comput Commun 30(10):2201–2212. Scholar
  10. 10.
    Amini M, Rezaeenour J, Hadavandi E (2014) Effective intrusion detection with a neural network ensemble using fuzzy clustering and stacking combination method. J Comput Sec 1(4):293–305Google Scholar
  11. 11.
    Wang G, Hao J, Ma J, Huang L (2010) A new approach to intrusion detection using artificial neural networks and fuzzy clustering. Expert Syst Appl 37(9):6225–6232. Scholar
  12. 12.
    Chandrasekhar AM, Raghuveer K (2013) Intrusion detection technique by using k-means, fuzzy neural network and SVM classifiers. In: Proceedings of the 2013 International Conference on Computer Communication and Informatics. Curran Associates, Red Hook, NY, USA.
  13. 13.
    Saied A, Overill RE, Radzik T (2016) Detection of known and unknown DDoS attacks using artificial neural networks. Neurocomputing 172:385–393. Scholar
  14. 14.
    Agarwal B, Mittal N (2012) Hybrid approach for detection of anomaly network traffic using data mining techniques. Proc Tech 6:996–1003. Scholar
  15. 15.
    He H-T, Luo X-N, Liu B-L (2005) Detecting anomalous network traffic with combined fuzzy-based approaches. In: Huang D-S, Zhang X-P, Huang G-B (eds) Advances in intelligent computing. Springer, Heidelberg, pp. 433–442. Scholar
  16. 16.
    Kolmogorov AN (1957) On the representation of continuous functions of several variables as superpositions of continuous functions of one variable and addition. In: Tikhomirov VM (ed) Selected works of A. N. Kolmogorov, pp. 383–387. Scholar
  17. 17.
    Cybenko G (1989) Approximation by superpositions of a sigmoidal function. Math Control Signal 2(4):303–314. Scholar
  18. 18.
    Hornik K, Stinchcombe M, White H (1989) Multilayer feedforward networks are universal approximators. Neural Netw 2(5):359–366. Scholar
  19. 19.
    Funahashi K-I (1989) On the approximate realization of continuous mappings by neural networks. Neural Netw 2(3):183–192. Scholar
  20. 20.
    Haykin SS (2011) Neural networks and learning machines, 3rd edn. Pearson, Upper Saddle River, NJ, USAGoogle Scholar
  21. 21.
    Riedmiller M, Braun H (1993) A direct adaptive method for faster backpropagation learning: the RPROP algorithm. In: Proceedings of IEEE International Conference on Neural Networks, vol 1. IEEE, New York, pp 586–591.
  22. 22.
    Fahlman SE (1988) Faster-learning variations on back-propagation: an empirical study. In: Proceedings of the 1988 connectionist models summer school. Morgan Kaufmann, San Francisco, pp 38–51Google Scholar
  23. 23.
    Levenberg K (1944) A method for the solution of certain non-linear problems in least squares. Q Appl Math 2(2):164–168. Scholar
  24. 24.
    Marquardt DW (1963) An algorithm for least-squares estimation of nonlinear parameters. J Soc Ind Appl Math 11(2):431–441. Scholar
  25. 25.
    Jordan ML (1986) Attractor dynamics and parallelism in a connectionist sequential machine. In: Proceedings of the eighth annual conference of the cognitive science society. Lawrence Erlbaum Associates, Hillsdale, NJ, USA, pp 531–546Google Scholar
  26. 26.
    Takagi T, Sugeno M (1985) Fuzzy identification of systems and its applications to modeling and control. IEEE T Syst Man Cyb SMC-15(1):116–132. Scholar
  27. 27.
    Jang J-SR (1993) ANFIS: adaptive-network-based fuzzy inference system. IEEE T Syst Man Cyb 23(3):665–685. Scholar
  28. 28.
    Strang G (2016) Introduction to linear algebra, 5th edn. Cambridge Press, Wellesley, MA, USAzbMATHGoogle Scholar
  29. 29.
    Vapnik V (1995) The nature of statistical learning theory. Springer-Verlag, New York. Scholar
  30. 30.
    Hsu CW, Lin CJ (2002) A comparison of methods for multiclass support vector machines. IEEE T Neural Networ 13(2):415–425. Scholar
  31. 31.
    Drucker H, Burges CJC, Kaufman L, Smola A, Vapnik V (1997) Support vector regression machines. Advances in neural information processing systems 9. MIT Press, Cambridge, MA, USA, pp 155–161Google Scholar
  32. 32.
    Müller KR, Smola AJ, Rätsch G, Schölkopf B, Kohlmorgen J, Vapnik V (1997) Predicting time series with support vector machines. In: Gerstner W, Germond A, Hasler M, Nicoud J-D (eds) Artificial neural networks – ICANN’97, pp 999–1004. Scholar
  33. 33.
    Kuhn HW, Tucker AW (1951) Nonlinear programming. In: Neyman J (ed) Proceedings of 2nd Berkeley Symposium on Mathematical Statistics and Probabilistics. University of California Press, Berkeley, CA, USA, pp 481–492Google Scholar
  34. 34.
    Platt J (1998) Sequential minimal optimization: a fast algorithm for training support vector machines (1998).
  35. 35.
    Shawe-Taylor J, Cristianini N (2004) Kernel methods for pattern analysis. Cambridge University Press, New YorkCrossRefGoogle Scholar
  36. 36.
    Jolliffe IT (2011) Principal component analysis. In: Lovric M (ed) International encyclopedia of statistical science. Springer, Heidelberg. Scholar
  37. 37.
    Fix E, Hodges J (1951) Discriminatory analysis. Nonparametric discrimination: consistency properties. Technical Report 4, USAF School of Aviation Medicine, Randolph Field, TX, USAGoogle Scholar
  38. 38.
    McHugh J (2000) Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln laboratory. ACM T Inform Syst Se 3(4):262–294. Scholar
  39. 39.
    Mahoney MV, Chan PK (2003) An analysis of the 1999 DARPA/Lincoln Laboratory evaluation data for network anomaly detection. In: Vigna G, Kruegel C, Jonsson E (eds) Recent advances in intrusion detection. Springer, Heidelberg, pp 220–237. Scholar
  40. 40.
    Refaeilzadeh P, Tang L, Liu H (2009) Cross-validation. In: Liu L, Özsu MT (eds) Encyclopedia of database systems. Springer, Boston, MA, USA. Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.St. Petersburg Institute for Informatics and Automation of the Russian Academy of SciencesSt. PetersburgRussia

Personalised recommendations