Skip to main content

Advertisement

SpringerLink
Log in

A genetic-algorithm based neural network short-term forecasting framework for database intrusion prediction system

  • Published:
Soft Computing Aims and scope Submit manuscript

Abstract

Information systems are one of the most rapidly changing and vulnerable systems, where security is a major issue. The number of security-breaking attempts originated inside the organizations are increasing steadily. Attacks made in this way, usually done by ``authorized'' users of the system, cannot be immediately traced. As the idea of filtering the traffic at the entrance door, by using firewalls and the like, is not completely successful, the use of intrusion detection systems should be considered to increase the defense capacity of an information system. This paper presents a framework for a statistical anomaly prediction system using a neuro-genetic forecasting model, which predicts unauthorized invasions of user, based on previous observations and takes further action before intrusion occurs. In this paper, we propose an evolutionary time-series model for short-term database intrusion forecasting using genetic algorithm owing to its global search capability. The experimental results show that the combination strategy(neuro-genetic) can quicken the learning speed of the network and improve the predicting precision compared to the traditional artificial neural network. This paper also focuses on detecting significant changes of transaction intensity for intrusion prediction. The experimental study is performed using real time data provided by a major Corporate Bank. Furthermore, a comparative evaluation of the proposed neuro-genetic model with the traditional feed-forward network trained by the back-propagation with momentum and adaptive learning rate using sum square error on a prediction data set has been presented and a better prediction accuracy has been observed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Adam N, Atluri V, Bertino E, Ferrari E (2002) A content-based authorization model for digital libraries. IEEE Trans Know Data Eng 14(2):269–315

    Google Scholar 

  2. Vijayalakshmi Atluri and Avigdor Gal (2002) An authorization model for temporal and derived data:securing information portals. ACM Trans Inf Syst Sec 5(1):62–94

    Google Scholar 

  3. Baum EB, Haussler D (1988) What size net gives valid generalization?. Neural Comput 1:151–160

    Google Scholar 

  4. Chandramouli R (2001) A framework for multiple authorization types in a healthcare application system. In: 17th annual computer security applications conference(ACSAC'01), December 10–14, New Orleans, Lousiana, pp 137–149

  5. Chung CY, Gertz M, Levitt K (1999) Misuse detection in database systems through user profiling. In: Web proceedings of the 2nd international workshop on the recent advances in intrusion detection(RAID'99), West Lafayette, Indiana

  6. Christina Yip Chung, Michael Gertz, Karl Levitt (1999) DEMIDS: A misuse detection system for database systems. In: The third annual IFIP TC-11 WG 11.5 working conference on integrity and internal control in information systems, Kluwer, Dordrecht, pp 159–178

  7. Frank HF, Leung HK, Lam SH, Ling, Peter KS Tam (2003) Tuning of the structure and parameters of a neural network using an improved genetic algorithm. IEEE Trans Neural Netw 14(1):79–88

  8. Gal A, Atluri V (2000) An authorization model for temporal data. In: Proceedings of the Seventh ACM Conference on Computer and Communication Security, Athens, Greece, pp 144–153

  9. Java Genetic Algorithms Package http://www.genetic-programming.org, Mar 2004

  10. Domingo A, Gundin, Celiano Garcia, Eduardo Gomez, Yannis A (2002) Dimitriadis, guillermo vega. Short-term load forecasting for industrial customers using fasart and fasback neuro-fuzzy systems. In: Proceedings of the 14th IEEE power systems computation Conference, Sevilla, Spain, June 24–28, pp 221–227

  11. Ioannis G Damousis, Minas C Alexiadis, John B Theocharis, Petros S Dokopoulos (2004) A fuzzy model for wind speed prediction and power generation in wind parks using spatial correlation. IEEE Trans Energy Conversion 19(2):352–361

  12. Java Programming Language http://www.java.sun.com, Mar 2005

  13. Jonatan Gomez, Dipankar Dasgupta (2001) Evolving fuzzy classifiers for intrusion detection. Proceedings of the 2002 IEEE workshop on information assurance, United States Military Academy, West Point, NY

  14. Jonatan Gomez, Dipankar Dasgupta, Olfa Nasraoui, Fabio Gonzalez (2002) Complete expression trees for evolving fuzzy classifiers systems with genetic algorithms and application to network intrusion detection. In: Proc of NAFIPS-FLINT Joint Conference, pp 469–474, New Orleans, LA

  15. Ling SH, Leung FHF, Lam HK, Lee YS, Tam PKS (2003) A novel GA-based neural network for short-term load forecasting. IEEE Trans Industrial Electronics 50(4):793–799

    Google Scholar 

  16. Ling SH, Leung FHF, Lam HK, Tam PKS (2002) Short-term daily load forecasting in an intelligent home with GA-based neural network. In: Proc 2002 Int Joint Conf Neural Networks (IJCNN 2002), World Congress on Computational Intelligence (WCCI 2002), Honolulu, Hawaii, May 12–17, pp 997–1001

  17. Lam HK, Ling SH, Leung FHF, Tam PKS (2001) Tuning of the structure and parameters of neural network using an improved genetic algorithm. In: Proc 27th Annual Conf of the IEEE Industrial Electronics Society (IECON 01), Denver, Colorado, 29 Nov 2, pp 25–30

  18. Michael CC, Anup Ghosh (2002) Simple, state-based approaches to program-based anomaly detection. ACM Trans Inf Syst Security 5(3):203–237

  19. Nong Ye, Syed Masum Emran, Qiang Chen, Sean Vilbert (2002) Multivariate statistical analysis of audit trails for host-based intrusion detection. In: IEEE Trans Computers 51(7):810–820

  20. Nong Ye, Sean Vilbert, Qiang Chen (2003) Computer intrusion detection through EWMA for autocorrelated and uncorrelated data. In: IEEE Trans Reliability 52(1):73–82

  21. Nong Ye, Qiang Chen, Connie M Borror (2004) EWMA Forecast of normal system activity for computer intrusion detection. IEEE Trans Reliability 53(4):557–566

  22. NIST/SEMATECH e-Handbook of statistical methods. http://www.itl.nist.gov/div898/handbook/eda/section3/qqplot.htm, Mar 2005

  23. http://download-west.oracle.com/docs

  24. Peng Liu (2001) DAIS: A real-time data attack isolation system for commercial database applications. In Proceedings of the 17th Annual Computer Security Applications Conference. IEEE Comput Soc pp 219–229

  25. Pikoulas J, Buchanan WJ, Manion M, Triantafyllopoulos K (2002) An intelligent agent intrusion system. In Proceedings of the 9th IEEE International Conference and Workshop on the Engineering of Computer Based Systems – ECBS. IEEE Comput Soc, Luden, Sweden, pp 94–102

  26. Pikoulas J, Buchanan WJ, Mannion M, Triantafyllopoulos K (2001) An agent-based Bayesian forecasting model for enhanced network security. In: Proceedings of the eighth annual IEEE international conference and workshop on the engineering of computer based systems-ECBS, IEEE Comput Soc, Los Alamitos, 17–20, pp 247–254

  27. Ramaswamy Chandramouli (2000) Application of XML tools for enterprise-wide RBAC implementation tasks. Proceedings of the fifth ACM workshop on Role-based access control, Berlin, Germany, July 26–27, 2000, pp 11–18

  28. Ramasubramanian P, Kannan A (2004) Intelligent multi-agent based back-propagation neural network forecasting model for database statistical anomaly prevention system proceedings of the international conference on IEEE ICISIP 2004 held on January 4–7, Chennai, India, p 108–p113

  29. Ramasubramanian P, Kannan A (2004) Intelligent multi-agent based database hybrid intrusion prevention system. In Proceedings of the Advances in Databases and Information Systems: 8th East European Conference (ADBIS 2004) held on September 22–25, Budapest, Hungary, Springer-Verlag, Lecture Notes in Artificial Intelligence, Vol 3255, pp 393–408

  30. Silvana Castano, Maria Grazia Fugini, Giancario Martella, Pierangela Samarati (1995) Database Security. Addison-Wesley

  31. Sin Yeung Lee, Wai Lup Low, Pei Yuen Wong (2002) Learning fingerprints for a database intrusion detection system. In Proceedings of the 7th European Symposium on Research in Computer Security, Zurich, Switzerland, pp 264–280

  32. Srinivas Mukkamala, Guadalupe Janoski, Andrew Sung (2002) Intrusion detection using neural networks and support vector machines. In Proceedings of IEEE IJCNN, pp 1702–1707

  33. Tatyana Ryutov, Clifford Neuman, Dongho Kim, Li Zhou (2003) Integrated access control and intrusion detection for web servers. IEEE Trans Parallel and Distributed Systems 14(9):841–850

  34. Triantafyllopoulos K, Pikoulas J (2002) Multivariate Bayesian regression applied to the problem of network security. J Forecasting 21:579–594

    Google Scholar 

  35. Java neural network simulator, Department of Computer Architecture, Wilhelm-Schickard-Institute For Computer Science, University Of Tübingen, http://www-ra.informatik.uni-tuebingen.de/downloads/JavaNNS

  36. Tysen Leckie, Alec Yasinsac (2004) Metadata for anomaly-based security protocol attack deduction. IEEE Trans Know and Data Engineering 16(9):1157–1168

    Google Scholar 

  37. Wai Lup Low, Joseph Lee, Peter Teoh (2002) DIDAFIT: Detecting intrusions in databases through fingerprinting transactions. In Proceedings of the 4th International Conference on Enterprise Information Systems, Ciudad Real, Spain, April 2–6, pp 121–128

  38. Wenke Lee, Salvatore J Stolfo (2000) A framework for constructing features and models for intrusion detection systems. ACM Trans Inf Syst Security 3(4):227–261

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Anna University, Chennai, 600 025, India

    P. Ramasubramanian & A. Kannan

Authors
  1. P. Ramasubramanian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. A. Kannan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to P. Ramasubramanian.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ramasubramanian, P., Kannan, A. A genetic-algorithm based neural network short-term forecasting framework for database intrusion prediction system. Soft Comput 10, 699–714 (2006). https://doi.org/10.1007/s00500-005-0513-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00500-005-0513-9

Keywords

Search

Navigation