Intelligent Network-Based Intrusion Detection System (iNIDS)

Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 176)

Abstract

Networks are regarded as one of the biggest advancements in the field of computer science. But they enable outsiders to “intrude” into our information. Intrusions can be in the form of simple eavesdropping, or gaining access to the host itself. Here, intruders are identified using two main methods – signature analysis and anomaly analysis. The proposed method is such that the signature analysis is strengthened by anomaly analysis, which in turn uses some level of intelligence based on the traffic parameters, obtained and processed using neural networks. The initial intelligence is obtained using the KDDCUP99 dataset, which trains a neural network. The neural network will take care of further detections, and it strengthens itself during the run itself. The result obtained suggests that even with minimal initial intelligence, iNIDS can reach accuracy levels of over 70%, and by increasing the initial set a little more, it reaches accuracy levels exceeding 80%.

Keywords

Intrusion detection neural networks intelligence anomaly analysis signature analysis KDDCUP99 JpCap 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Wang, Z., Wang, X.: NetFlow Based Intrusion Detection System. In: International Conference on MultiMedia and Information Technology, MMIT 2008, December 30-31, pp. 825–828 (2008)Google Scholar
  2. 2.
    Denning, D.E.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering SE-13(2), 222–232 (1987)CrossRefGoogle Scholar
  3. 3.
    The JavaTM Tutorials, http://download.oracle.com/javase/tutorial/ (accessed August 20, 2011)
  4. 4.
    Garuba, M., Liu, C., Fraites, D.: Intrusion Techniques: Comparative Study of Network Intrusion Detection Systems. In: Fifth International Conference on Information Technology: New Generations, ITNG 2008, April 7-9, pp. 592–598 (2008)Google Scholar
  5. 5.
    Shun, J., Malki, H.A.: Network Intrusion Detection System Using Neural Networks. In: Fourth International Conference on Natural Computation, ICNC 2008, October 18-20, vol. 5, pp. 242–246 (2008)Google Scholar
  6. 6.
    Wang, Y., Huang, G.X., Peng, D.G.: Model of Network Intrusion Detection System based on BP Algorithm. In: 2006 1st IEEE Conference on Industrial Electronics and Applications, May 24-26, pp. 1–4 (2006)Google Scholar
  7. 7.
    Liu, B., Lin, C., Ruan, D., Peng, X.: Netfiow Based Flow Analysis and Monitor. In: International Conference on Communication Technology, ICCT 2006, November 27-30, pp. 1–4 (2006)Google Scholar
  8. 8.
    Ahmad, I., Abdullah, A.B., Alghamdi, A.S.: Remote to Local attack detection using supervised neural network. In: 2010 International Conference for Internet Technology and Secured Transactions (ICITST), November 8-11, pp. 1–6 (2010)Google Scholar
  9. 9.
    Stolfo, S.J., Fan, W., Lee, W., Prodromidis, A., Chan, P.K.: Cost-based modeling for fraud and intrusion detection: results from the JAM project. In: Proceedings of DARPA Information Survivability Conference and Exposition, DISCEX 2000, vol. 2, pp. 130–144 (2000)Google Scholar
  10. 10.
    Zihao, S., Hui, W.: Network Data Packet Capture and Protocol Analysis on Jpcap-Based. In: 2009 International Conference on Information Management, Innovation Management and Industrial Engineering, December 26-27, vol. 3, pp. 329–332 (2009)Google Scholar
  11. 11.
    Al-Shaer, E.: Managing firewall and network-edge security policies. In: IEEE/IFIP Network Operations and Management Symposium, NOMS 2004, April 23-23, vol. 1, p. 926 (2004)Google Scholar
  12. 12.
    Yang, Y., Mi, J.: Design and implementation of distributed intrusion detection system based on honeypot. In: 2010 2nd International Conference on Computer Engineering and Technology (ICCET), April 16-18, vol. 6, pp. V6-260–V6-263 (2010)Google Scholar
  13. 13.
    Ahmad, I., Ansari, M.A., Mohsin, S.: Performance Comparison between Backpropagation Algorithms Applied to Intrusion Detection in Computer Network Systems. In: 9th WSEAS International Conference on Neural Networks, May 2-4, pp. 47–52 (2008)Google Scholar
  14. 14.
    KDD Cup 1999 Data (1999), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (accessed August 13, 2011)
  15. 15.
    Lee, S.M., Kim, D.S., Park, J.S.: A Hybrid Approach for Real-Time Network Intrusion Detection Systems. In: 2007 International Conference on Computational Intelligence and Security, December 15-19, pp. 712–715 (2007)Google Scholar
  16. 16.
    Abdel-Azim, M., Abdel-Fatah, A.I., Awad, M.: Performance analysis of artificial neural network intrusion detection systems. In: International Conference on Electrical and Electronics Engineering, ELECO 2009, November 5-8, pp. II-385–II-389 (2009)Google Scholar
  17. 17.
    Yu, X.: A new model of intelligent hybrid network intrusion detection system. In: 2010 International Conference on Bioinformatics and Biomedical Technology (ICBBT), April 16-18, pp. 386–389 (2010)Google Scholar
  18. 18.
  19. 19.
    Network-Based IDS (NIDS) overview | IDStutorial, http://idstutorial.com/network-based-ids.php (accessed August 13, 2011)
  20. 20.
    Wu, T.M.: Intrusion Detection Systems, September 25 (2009), http://iac.dtic.mil/iatac/download/intrusion_detection.pdf (accessed August 12, 2011)
  21. 21.
    SANS institute, Host- vs. Network-Based Intrusion Detection Systems (2005), www.giac.org, http://www.giac.org/paper/gsec/1377/host-vs-network-based-intrusion-detection-systems/102574 (accessed August 12, 2011)
  22. 22.
    Zhang, W., Yang, Q., Geng, Y.: A Survey of Anomaly Detection Methods in Networks. In: International Symposium on Computer Network and Multimedia Technology, CNMT 2009, January 18-20, pp. 1–3 (2009)Google Scholar
  23. 23.
    Gill, K., Yang, S.-H.: A scheme for preventing denial of service attacks on wireless sensor networks. In: 35th Annual Conference of IEEE Industrial Electronics, IECON 2009, November 3-5, pp. 2603–2609 (2009)Google Scholar
  24. 24.
    Chang, R.K.C.: Defending against flooding-based distributed denialof-service attacks: a tutorial. IEEE Communications Magazine 40(10), 42–51 (2002)CrossRefGoogle Scholar
  25. 25.
    IntelliGuard I.T. - Eliminate DDoS and Flash crowd problems, http://www.intelliguardit.net/library_attackscenarios.html (accessed August 19, 2011)
  26. 26.
    Wang, H., Zhang, D., Shin, K.G.: Detecting SYN flooding attacks. In: Proceedings of the Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies, p.1530 (June 2002)Google Scholar
  27. 27.
    ASA/PIX 7.x and Later: Mitigating the Network Attacks - Cisco Systems, http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml (accessed August 19, 2011)
  28. 28.
    Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 39–53 (2004)Google Scholar
  29. 29.
    Ahmad, I., Abdullah, A.B., Alghamdi, A.S.: Applying neural network to U2R attacks. In: 2010 IEEE Symposium on Industrial Electronics & Applications (ISIEA), October 3-5, pp. 295–299 (2010)Google Scholar
  30. 30.
    Ahmad, I., Abdullah, A.B., Alghamdi, A.S.: Application of artificial neural network in detection of probing attacks. In: IEEE Symposium on Industrial Electronics & Applications, ISIEA 2009, October 4-6, vol. 2, pp. 557–562 (2009)Google Scholar
  31. 31.
    MIT Lincoln Laboratory: Communication Systems and Cyber Security: Cyber Systems and Technology: DARPA Intrusion Detection Evaluation, http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/index.html (accessed August 14, 2011)
  32. 32.
    Bolon-Canedo, V., Sanchez-Maroo, N., Alonso-Betanzos, A.: A combination of discretization and filter methods for improving classification performance in KDD Cup 99 dataset. In: International Joint Conference on Neural Networks, IJCNN 2009, June 14-19, pp. 359–366 (2009)Google Scholar
  33. 33.
    Index of /acwaldap/gureKddcup, http://www.sc.ehu.es/acwaldap/gureKddcup/README.pdf (accessed August 14, 2011)
  34. 34.
    Jpcap - a Java library for capturing and sending network packets, http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html (accessed August 14, 2011)
  35. 35.
    Artificial Neural Networks/Neural Network Basics - Wikibooks, open books for an open world, http://en.wikibooks.org/wiki/Artificial_Neural_Networks/Neural_Network_Basics (accessed August 14, 2011)
  36. 36.
  37. 37.
    Neural Networks: Tutorials: Paras Chopra, http://paraschopra.com/tutorials/nn/index.php (accessed August 14, 2011)
  38. 38.
    Basic Concepts for Neural Networks, http://www.cheshireeng.com/Neuralyst/nnbg.html (accessed August 14, 2011)

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  1. 1.Department of Computer ScienceRajagiri School of Engineering & TechnologyCochinIndia

Personalised recommendations