More Web Proxy on the site http://driver.im/

Article

Network intrusion prevention by using hierarchical self-organizing maps and probability-based labeling

Authors:

Antonio F. Díaz,

Alberto PrietoAuthors Info & Claims

IWANN'11: Proceedings of the 11th international conference on Artificial neural networks conference on Advances in computational intelligence - Volume Part I

Pages 232 - 239

Published: 08 June 2011 Publication History

Abstract

Nowadays, the growth of the computer networks and the expansion of the Internet have made the security to be a critical issue. In fact, many proposals for Intrusion Detection/Prevention Systems (IDS/IPS) have been proposed. These proposals try to avoid that corrupt or anomalous traffic reaches the user application or the operating system. Nevertheless, most of the IDS/IPS proposals only distinguish between normal traffic and anomalous traffic that can be suspected to be a potential attack. In this paper, we present a IDS/IPS approach based on Growing Hierarchical Self-Organizing Maps (GHSOM) which can not only differentiate between normal and anomalous traffic but also identify different known attacks. The proposed system has been trained and tested using the well-known DARPA/NSL-KDD datasets and the results obtained are promising since we can detect over 99,4% of the normal traffic and over 99,2 % of attacker traffic. Moreover, the system can be trained on-line by using the probability labeling method presented on this paper.

References

[1]

Ghosh, J., Wanken, J., Charron, F.: Detecting anomalous and unknown intrusions against programs. In: Proceedings of the Annual Computer Security Applications Conference (1998)

Digital Library

[2]

Hoffman, A., Schimitz, C., Sick, B.: Intrussion Detection in Computer networks with Neural and Fuzzy classifiers. In: Kaynak, O., Alpaydin, E., Oja, E., Xu, L. (eds.) ICANN 2003 and ICONIP 2003. LNCS, vol. 2714, Springer, Heidelberg (2003)

[3]

Lichodzijewski, P., Zincir-Heywood, N., Heywood, M.: Host Based Intrusion Detection Using Self-Organizing Maps. In: Proceedings of the IEEE International Joint Conference on Neural Networks (2002)

[4]

Zhang, C., Jiang, J., Kamel, M.: Intrusion Detection using hierarchical neural networks. Pattern Recognition Letters 26, 779-791 (2005)

Digital Library

[5]

Kohonen, T.: Self-Organizing Maps, 3rd edn. Springer, Heidelberg (2001)

Digital Library

[6]

Fisch, D., Hofmann, A., Sick, B.: On the versatility of radial basis function neural networks: A case study in the field of intrusion detection. Inf. Sci. 180(12), 2421-2439 (2010)

Digital Library

[7]

Rauber, A., Merkl, D., Dittenbach, M.: The Growing Hierarchical Self-Organizing Map: Explorarory Analysis of High-Dimensional Data. IEEE Transactions on Neural Network 13(6) (2002)

Digital Library

[8]

Oh, H., Doh, I., Chae, K.: Attack Classification based on data mining technique and its application for reliable medical sensor communication. International Journal Of Science and Applications 6(3), 20-32 (2009)

[9]

The NSL-KDD dataset, http://iscx.ca/NSL-KDD/

[10]

Lakhina, S., Joseph, S., Verma, B.: Feature Reduction using Principal Component Analysis for Effective Anomaly-Based Intrusion Detection on NSL-KDD. International Journal on Engineering Science and Technology 2(6), 1790-1799 (2010)

[11]

Datti, R., Verma, B.: Feature Reduction for Intrusion Detection Using Linear Discriminant Analysis. International Journal on Engineering Science and Technology 2(4), 1072-1078 (2010)

[12]

Zargar, G.R., Kabiri, P.: Selection of Effective Network Parameters in Attacks for Intrussion Detection. In: IEEE International Conference on Data Mining (2010)

Digital Library

[13]

Mukkamala, S., Sung, A.H.: Feature Ranking and Selection for Intrusion Detection Systems Using Support Vector Machines. In: Proceedings of the Second Digital Forensic Research Workshop (2002)

[14]

Palomo, E.J., Domínguez, E., Luque, R.M., Muñoz, J.: Network security using growing hierarchical self-organizing maps. In: Kolehmainen, M., Toivanen, P., Beliczynski, B. (eds.) ICANNGA 2009. LNCS, vol. 5495, pp. 130-139. Springer, Heidelberg (2009)

Digital Library

[15]

Datti, R., Verma, B.: Feature Reduction for Intrusion Detection Using Linear Discriminant Analysis. International Journal on Engineering Science and Technology 2(4), 1072-1078 (2010)

[16]

Zargar, G.R., Kabiri, P.: Selection of Effective Network Parameters in Attacks for Intrussion Detection. In: IEEE International Conference on Data Mining (2010)

Digital Library

[17]

Mukkamala, S., Sung, A.H.: Feature Ranking and Selection for Intrusion Detection Systems Using Support Vector Machines. In: Proceedings of the Second Digital Forensic Research Workshop (2002)

[18]

Palomo, E.J., Domínguez, E., Luque, R.M., Muñoz, J.: Network Security Using Growing Hierarchical Self-Organizing Maps. In: Kolehmainen, M., Toivanen, P., Beliczynski, B. (eds.) ICANNGA 2009. LNCS, vol. 5495, pp. 130-139. Springer, Heidelberg (2009)

Digital Library

Network intrusion prevention by using hierarchical self-organizing maps and probability-based labeling
1. Computing methodologies
  1. Machine learning
    1. Learning paradigms
      1. Supervised learning
    2. Machine learning approaches

Recommendations

Intelligent IDS: Venus Fly-Trap Optimization with Honeypot Approach for Intrusion Detection and Prevention
Abstract
Intrusion Detection Systems and Intrusion Prevention Systems are used to detect and prevent attacks/malware from entering the network/system. Honeypot is a type of Intrusion Detection System which is used to find the intruder, study the intruder ...
Overview of intrusion detection and intrusion prevention
InfoSecCD '08: Proceedings of the 5th annual conference on Information security curriculum development

This report provides an overview of IPS systems. In the first section a comparison of IDS and IPS is made, where an IPS system is defined as an integration of IDS and a firewall. The second section describes what is needed to set up an IPS system. In ...
Dismantling intrusion prevention systems
SIGCOMM '12: Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication

This paper introduces a serious security problem that people believe has been fixed, but which is still very much existing and evolving, namely evasions. We describe how protocols can still be misused to fool network security devices, such as intrusion ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

IWANN'11: Proceedings of the 11th international conference on Artificial neural networks conference on Advances in computational intelligence - Volume Part I

June 2011

561 pages

ISBN:9783642215001

Editors:
Joan Cabestany
Departament d'Enginyeria Electrònica, Universitat Politècnica de Catalunya, Barcelona, Spain
,
Ignacio Rojas
Department of Computer Architecture and Computer Technology, University of Granada, Granada, Spain
,
Gonzalo Joya
Universidad de Mÿlaga, Departamento Tecnologia Electrónica, Mÿlaga, Spain

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 08 June 2011

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

View Options

View options

Media

Figures

Other

Tables

View Table of Contents