Abstract
Nowadays, companies are implementing security tools such as Intrusion Detection Systems (IDS) and Security Information and Event Management systems (SIEM) to deal with sophisticated computer attacks. These attacks evolve each year in terms of sophistication and complexity in order to steal or alter sensitive information. Machine learning techniques are used in order to provide pattern recognition and adaptation to IDS and SIEM systems. In this paper, we have proposed a model based on neural networks and support vector machines to analyze and identify network intrusions. We studied the impact of some important parameters in neural networks on the classification accuracy. We evaluated and compared 37 different feed-forward neural networks according to these parameters and choose the best training algorithm for our model using NSL-KDD dataset. Our results suggest that the choice of the appropriate performance function and training algorithm may be critical to achieve higher classification accuracy.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Verizonent: 2018 Data Breach Investigations Report (p. 8) (2018). https://www.verizonenterprise.com
Mathews, L.: ThyssenKrupp Attackers Stole Trade Secrets In Massive Hack (2016). http://www.forbes.com/sites/leemathews/2016/12/08/thyssenkrupp-attackers-stole-trade-secrets-in-massive-hack/LeeMathews,Lee. Accessed 12 Oct 2016
Schwartz, M.J.: Lockheed Martin Suffers Massive Cyberattack (2011). http://www.darkreading.com/risk-management/lockheed-martin-suffers-massive-cyberattack/d/d-id/1098013. Accessed 2 Mar 2017
Markoff, J.: SecurID Company Suffers a Breach of Data Security (2011). http://www.nytimes.com/2011/03/18/technology/18secure.html. Accessed 2 Mar 2017
Gogoi, P., Bhattacharyya, D.K., Borah, B., Kalita, J.K.: MLH-IDS: a multi-level hybrid intrusion detection method. Comput. J. 57(4), 602–623 (2013). https://doi.org/10.1093/comjnl/bxt044
Orhanou, G., Lakbabi, A., Moukafih, N., El Hajji, S. (n.d.): Network access control and collaborative security against APT and AET. In: Security and Privacy in Smart Sensor Networks, pp. 201–230. IGI Global. https://doi.org/10.4018/978-1-5225-5736-4.ch010
Hall, D.L., Llinas, J.: An introduction to multisensor data fusion. Proc. IEEE 85(1), 6–23 (1997). https://doi.org/10.1109/5.554205
Tan, P.N., Steinbach, M., Kumar, V.: Introduction to Data Mining. Pearson Addison Wesley, Boston (2005)
Zhang, C., Jiang, J., Kamel, M.: Intrusion detection using hierarchical neural networks. Pattern Recognit. Lett. 26(6), 779–791 (2005). https://doi.org/10.1016/j.patrec.2004.09.045
Yamaguchi, F., Lindner, F., Rieck, K.: Vulnerability extrapolation: assisted discovery of vulnerabilities using machine learning. In: Proceedings of the 5th USENIX Conference on Offensive Technologies (2011)
Livshits, B., Zimmermann, T.: DynaMine. ACM SIGSOFT Softw. Eng. Notes 30(5), 296 (2005). https://doi.org/10.1145/1095430.1081754
Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639–668 (2011)
Kotler, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. J. Mach. Learn. Res. 7, 2721–2744 (2006)
Anderson, J.P.: Computer security threat monitoring and surveillance, vol. 17. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania (1980)
Chiba, Z., Abghour, N., Moussaid, K., El Omri, A., Rida, M.: A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection. Comput. Secur. 75, 36–58 (2018). https://doi.org/10.1016/j.cose.2018.01.023
Sen, R., Chattopadhyay, M., Sen, N.: An efficient approach to develop an intrusion detection system based on multi layer backpropagation neural network algorithm. In: Proceedings of the 2015 ACM SIGMIS Conference on Computers and People Research - SIGMIS-CPR 2015. ACM Press (2015). https://doi.org/10.1145/2751957.2751979
Kuang, F., Xu, W., Zhang, S., Wang, Y., Liu, K.: A novel approach of KPCA and SVM for intrusion detection. J. Comput. Inf. Syst. 8(8), 3237–3244 (2012)
Devaraju, S., Ramakrishnan, S.: Performance analysis of intrusion detection system using various neural network classifiers. In: 2011 International Conference on Recent Trends in Information Technology (ICRTIT). IEEE (2011). https://doi.org/10.1109/icrtit.2011.5972289
Ussath, M., Jaeger, D., Cheng, F., Meinel, C.: Identifying suspicious user behavior with neural networks. In: 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud). IEEE (2017). https://doi.org/10.1109/cscloud.2017.10
Suarez-Tangil, G., Palomar, E., Ribagorda, A., Sanz, I.: Providing SIEM systems with self-adaptation. Inf. Fusion 21, 145–158 (2015). https://doi.org/10.1016/j.inffus.2013.04.009
Rayan, J., Meng-Jang, L., Risto, M.: Intrusion Detection with Neural Networks. AAAI Technical Report WS-97-07 (1997)
Sharma, B., Venugopalan, K.: Comparison of neural network training functions for hematoma classification in brain CT images. IOSR J. Comput. Eng. (IOSR-JCE) 16(1), 31–35 (2014)
Hesam, K., Sharareh, R.N., Reza, S.: Comparison of neural network training algorithms for classification of heart diseases. IAES Int. J. Artif. Intell. (IJ-AI) 7(4), 185–189 (2018)
Kumari, V.V., Varma, P.R.K.: A semi-supervised intrusion detection system using active learning SVM and fuzzy c-means clustering. In: 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC). IEEE (2017). https://doi.org/10.1109/i-smac.2017.8058397
Al-Yaseen, W.L., Othman, Z.A., Nazri, M.Z.A.: Intrusion detection system based on modified K-means and multi-level support vector machines. In: Berry, M.W., Mohamed, A.H., Wah, Y.B. (eds.) SCDS 2015. CCIS, vol. 545, pp. 265–274. Springer, Singapore (2015). https://doi.org/10.1007/978-981-287-936-3_25
Baceand, R., Mell, P.: NIST Special Publication on Intrusion Detection Systems (2011). www.dtic.mil/dtic/tr/fulltext/u2/a393326.pdf. Accessed Mar 10 2018
Intrusion Detection and Correlation: Advances in Information Security. Kluwer Academic Publishers (2005). https://doi.org/10.1007/b101493
Moukafih, N., Sabir, S., Lakbabi, A., Orhanou, G.: SIEM selection criteria for an efficient contextual security. In: 2017 International Symposium on Networks, Computers and Communications (ISNCC). IEEE (2017). https://doi.org/10.1109/isncc.2017.8072035
Miller, D.: Security Information and Event Management (SIEM) Implementation. McGraw-Hill, New York (2011)
Russell, S., Norvig, P., Davis, E.: Artificial Intelligence: A Modern Approach. Prentice Hall, Upper Saddle River (2010)
Ali, S., Smith, K.A.: On learning algorithm selection for classification. Appl. Soft Comput. 6(2), 119–138 (2006). https://doi.org/10.1016/j.asoc.2004.12.002
Sutton, R.S.: Two problems with backpropagation and other steepest-descent learning procedures for networks. In: Proceedings of the Eighth Annual Conference of the Cognitive Science Society. Erlbaum, Hillsdale, NJ (1986)
Riedmiller, M., Braun, H.: A direct adaptive method for faster backpropagation learning: the RPROP algorithm. In: IEEE International Conference on Neural Networks. IEEE (1993) https://doi.org/10.1109/icnn.1993.298623
Shewchuk, J.R.: An introduction to the conjugate gradient method without the agonizing pain. School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 (1994)
Møller, M.F.: A scaled conjugate gradient algorithm for fast supervised learning. Neural Netw. 6(4), 525–533 (1993). https://doi.org/10.1016/s0893-6080(05)80056-5
Fletcher, R.: Function minimization by conjugate gradients. Comput. J. 7(2), 149–154 (1964). https://doi.org/10.1093/comjnl/7.2.1494
Pham, D.T., Sagiroglu, S.: Training multilayered perceptrons for pattern recognition: a comparative study of four training algorithms. Int. J. Mach. Tools Manuf. 41(3), 419–430 (2001). https://doi.org/10.1016/s0890-6955(00)00073-0
KDD CUP 99 dataset. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 23 Oct 2018
NSL-KDD dataset available. https://github.com/defcom17/NSL_KDD. Accessed 23 Oct 2018
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. IEEE (2009). https://doi.org/10.1109/cisda.2009.5356528
Ji, H., Kim, D., Shin, D., Shin, D.: A study on comparison of KDD CUP 99 and NSL-KDD using artificial neural network. In: Park, J.J., Loia, V., Yi, G., Sung, Y. (eds.) CUTE/CSA -2017. LNEE, vol. 474, pp. 452–457. Springer, Singapore (2018). https://doi.org/10.1007/978-981-10-7605-3_74
Ingre, B., Yadav, A.: Performance analysis of NSL-KDD dataset using ANN. In: 2015 International Conference on Signal Processing and Communication Engineering Systems. IEEE (2015). https://doi.org/10.1109/spaces.2015.7058223
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
El Hajji, S., Moukafih, N., Orhanou, G. (2019). Analysis of Neural Network Training and Cost Functions Impact on the Accuracy of IDS and SIEM Systems. In: Carlet, C., Guilley, S., Nitaj, A., Souidi, E. (eds) Codes, Cryptology and Information Security. C2SI 2019. Lecture Notes in Computer Science(), vol 11445. Springer, Cham. https://doi.org/10.1007/978-3-030-16458-4_25
Download citation
DOI: https://doi.org/10.1007/978-3-030-16458-4_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-16457-7
Online ISBN: 978-3-030-16458-4
eBook Packages: Computer ScienceComputer Science (R0)