More Web Proxy on the site http://driver.im/

article

A hybrid artificial immune system and Self Organising Map for network intrusion detection

Authors:

Simon T. Powers,

Jun HeAuthors Info & Claims

Information Sciences—Informatics and Computer Science, Intelligent Systems, Applications: An International Journal, Volume 178, Issue 15

Pages 3024 - 3042

https://doi.org/10.1016/j.ins.2007.11.028

Published: 01 August 2008 Publication History

Abstract

Network intrusion detection is the problem of detecting unauthorised use of, or access to, computer systems over a network. Two broad approaches exist to tackle this problem: anomaly detection and misuse detection. An anomaly detection system is trained only on examples of normal connections, and thus has the potential to detect novel attacks. However, many anomaly detection systems simply report the anomalous activity, rather than analysing it further in order to report higher-level information that is of more use to a security officer. On the other hand, misuse detection systems recognise known attack patterns, thereby allowing them to provide more detailed information about an intrusion. However, such systems cannot detect novel attacks. A hybrid system is presented in this paper with the aim of combining the advantages of both approaches. Specifically, anomalous network connections are initially detected using an artificial immune system. Connections that are flagged as anomalous are then categorised using a Kohonen Self Organising Map, allowing higher-level information, in the form of cluster membership, to be extracted. Experimental results on the KDD 1999 Cup dataset show a low false positive rate and a detection and classification rate for Denial-of-Service and User-to-Root attacks that is higher than those in a sample of other works.

References

[1]

Balthrop, J., Forrest, S. and Glickman, M., Revisiting LISYS: parameters and normal behavior. In: Proceedings of the 2002 Congress on Evolutionary Computation (CEC'02), vol. 2. IEEE Press.

Digital Library

[2]

T. Bass, Multisensor data fusion for next generation distributed intrusion detection systems, in: Proceedings of the 1999 IRIS National Symposium on Sensor and Data Fusion, 1999.

[3]

Bass, T., Intrusion detection systems and multisensor data fusion. Communications of the ACM. v43 i4. 99-105.

Digital Library

[4]

Bentley, P.J. and Wakefield, J.P., Finding acceptable solutions in the Pareto-optimal range using multiobjective genetic algorithms. In: Chawdhry, P.K., Roy, R., Pant, R.K. (Eds.), Soft Computing in Engineering Design and Manufacturing, Springer.

[5]

J. Cannady, Artificial neural networks for misuse detection, in: Proceedings of the 1998 National Information Systems Security Conference (NISSC'98), 1998.

[6]

B. Caswell, M. Roesch, The SNORT network intrusion detection system, http://www.snort.org, 2006.

[7]

de Castro, L.N. and Timmis, J., Artificial Immune Systems: A New Computational Intelligence Approach. 2002. Springer.

Digital Library

[8]

DeLooze, L.L., Classification of computer attacks using a self-organizing map. In: Proceedings of the Fifth Annual IEEE SMC Information Assurance Workshop, IEEE Press.

[9]

DeLooze, L.L., Attack characterization and intrusion detection using an ensemble of self-organizing maps. In: Proceedings of the 2006 IEEE Information Assurance Workshop, IEEE Press.

[10]

Denning, D., An intrusion detection model. IEEE Transactions on Software Engineering. v13 i2. 222-232.

Digital Library

[11]

Depren, O., Topallar, M., Anarim, E. and Ciliz, M.K., An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Systems with Applications. v29 i4. 713-722.

Digital Library

[12]

Forrest, S., Hofmeyr, S.A., Somayaji, A. and Longstaff, T.A., A sense of self for Unix processes. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, IEEE Press.

Digital Library

[13]

Forrest, S., Perelson, A., Allen, L. and Cherukuri, R., Self-nonself discrimination in a computer. In: Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, IEEE Press.

Digital Library

[14]

González, F. and Dasgupta, D., An immunity-based technique to characterize intrusions in computer networks. IEEE Transactions on Evolutionary Computation. v6 i3. 281-291.

Digital Library

[15]

González, F. and Dasgupta, D., An immunogenetic technique to detect anomalies in network traffic. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), Morgan Kaufman.

Digital Library

[16]

González, F. and Dasgupta, D., Anomaly detection using real-valued negative selection. Genetic Programming and Evolvable Machines. v4 i4. 383-403.

Digital Library

[17]

Haag, C.R., Lamont, G.B., Williams, P.D. and Peterson, G.L., An artificial immune system-inspired multiobjective evolutionary algorithm with application to the detection of distributed computer network intrusions. In: Lecture Notes in Computer Science, vol. 4628. Springer.

Digital Library

[18]

Haykin, S., Neural Networks: A Comprehensive Foundation. 1999. Prentice-Hall.

Digital Library

[19]

Hofmeyr, S.A. and Forrest, S., Immunity by design: an Artificial Immune System. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO'99), vol. 2. Morgan Kaufman.

[20]

Kayacik, H.G., Zincir-Heywood, A.N. and Heywood, M.I., On the capability of an SOM based intrusion detection system. In: Proceedings of the 2003 International Joint Conference on Neural Networks, vol. 3. IEEE Press.

[21]

Kim, J. and Bentley, P.J., Evaluating negative selection in an Artificial Immune System for network intrusion detection. In: Proceedings of the 2001 Genetic and Evolutionary Computation Conference (GECCO'01), Morgan Kaufmann.

[22]

Kim, J., Bentley, P.J., Aickelin, U., Greensmith, J., Tedesco, G. and Twycross, J., Immune system approaches to intrusion detection - a review. Natural Computing. v6 i4. 413-466.

Digital Library

[23]

Kohonen, T., Self-organized formation of topologically correct feature maps. Biological Cybernetics. v43. 59-69.

[24]

Kohonen, T., Improved versions of learning vector quantization. In: Proceedings of the IEEE International Joint Conference on Neural Networks, vol. 1. IEEE Press.

[25]

Li, J., Zhang, G.-Y. and Gu, G.-C., The research and implementation of intelligent intrusion detection system based on artificial neural network. In: Proceedings of 2004 International Conference on Machine Learning and Cybernetics, vol. 5. IEEE Press.

[26]

Mahfoud, S.W., Crowding and preselection revisited. In: Proceedings of the Second Conference on Parallel Problem Solving from Nature, North-Holland.

[27]

MIT Lincoln Labs, 1999 DARPA intrusion detection evaluation, available at: http://www.ll.mit.edu/IST/ideval/.

[28]

Mukherjee, B., Heberlein, L.T. and Levitt, K.N., Network intrusion detection. IEEE Network. v8 i3. 26-41.

Digital Library

[29]

Mukkamala, S., Janoski, G. and Sung, A., Intrusion detection using neural networks and support vector machines. In: Proceedings of the 2002 International Joint Conference on Neural Networks (IJCNN'02), vol. 2. IEEE Press.

[30]

B. Pfahringer, Winning entry of the kdd'99 classifier learning contest, results available at: http://www.acm.org/sigs/sigkdd/kddcup/, 1999.

[31]

S.T. Powers, J. He, Evolving discrete-valued anomaly detectors for a network intrusion detection system using negative selection, in: X.Z. Wang, R.F. Li (Eds.), Proceedings of the 2006 UK Workshop on Computational Intelligence (UKCI 2006), University of Leeds, 2006.

[32]

Shon, T. and Moon, J., A hybrid machine learning approach to network anomaly detection. Information Sciences. v177 i18. 3799-3821.

Digital Library

[33]

Shyu, M.-L., Chen, S.-C., Sarinnapakorn, K. and Chang, L., A novel anomaly detection scheme based on principal component classifier. In: Proceedings of the IEEE Foundations and New Directions of Data Mining Workshop, IEEE Press.

[34]

Song, D., Heywood, M.I. and Zincir-Heywood, A.N., A linear genetic programming approach to intrusion detection. In: Proceedings of the 2003 Genetic and Evolutionary Computation Conference (GECCO 2003), Springer.

Digital Library

[35]

The Software Engineering Institute at Carnegie Mellon University, Cert/cc statistics 1988-2006, http://www.cert.org/stats/, 2006.

[36]

The UCI KDD Archive, KDD Cup 1999 data, available at: http://kdd.ics.uci.edu//databases/kddcup99/kddcup99.html.

Cited By

Liu B(2023)RETRACTED ARTICLE: Hybrid extreme learning machine-based approach for IDS in smart Ad Hoc networksEURASIP Journal on Wireless Communications and Networking10.1186/s13638-023-02297-62023:1Online publication date: 28-Aug-2023
https://dl.acm.org/doi/10.1186/s13638-023-02297-6
Kumar NKumar U(2022)Diverse Analysis of Data Mining and Machine Learning Algorithms to Secure Computer NetworkWireless Personal Communications: An International Journal10.1007/s11277-021-09393-0124:2(1033-1059)Online publication date: 1-May-2022
https://dl.acm.org/doi/10.1007/s11277-021-09393-0
Veeramreddy JVaddella R(2016)Anomaly-based network intrusion detection through assessing feature association impact scaleInternational Journal of Information and Computer Security10.1504/IJICS.2016.0791858:3(241-257)Online publication date: 1-Jan-2016
https://dl.acm.org/doi/10.1504/IJICS.2016.079185
Show More Cited By

Index Terms

A hybrid artificial immune system and Self Organising Map for network intrusion detection

Recommendations

An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks

In this paper, we propose a novel Intrusion Detection System (IDS) architecture utilizing both anomaly and misuse detection approaches. This hybrid Intrusion Detection System architecture consists of an anomaly detection module, a misuse detection ...
A two-level hybrid approach for intrusion detection

To exploit the strengths of misuse detection and anomaly detection, an intensive focus on intrusion detection combines the two. From a novel perspective, in this paper, we proposed a hybrid approach toward achieving a high detection rate with a low ...
A Novel Outlier Detection Scheme for Network Intrusion Detection Systems
ISA '08: Proceedings of the 2008 International Conference on Information Security and Assurance (isa 2008)

Network intrusion detection system serves as a second line of defense to intrusion prevention. Anomaly detection approach is important in order to detect new attacks. This paper adopted connectivity-based outlier detection scheme from statistical field ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Information Sciences: an International Journal

Information Sciences: an International Journal Volume 178, Issue 15

August, 2008

178 pages

ISSN:0020-0255

Issue’s Table of Contents

Copyright © Elsevier Inc. © 2007.

Publisher

Elsevier Science Inc.

United States

Publication History

Published: 01 August 2008

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Liu B(2023)RETRACTED ARTICLE: Hybrid extreme learning machine-based approach for IDS in smart Ad Hoc networksEURASIP Journal on Wireless Communications and Networking10.1186/s13638-023-02297-62023:1Online publication date: 28-Aug-2023
https://dl.acm.org/doi/10.1186/s13638-023-02297-6
Kumar NKumar U(2022)Diverse Analysis of Data Mining and Machine Learning Algorithms to Secure Computer NetworkWireless Personal Communications: An International Journal10.1007/s11277-021-09393-0124:2(1033-1059)Online publication date: 1-May-2022
https://dl.acm.org/doi/10.1007/s11277-021-09393-0
Veeramreddy JVaddella R(2016)Anomaly-based network intrusion detection through assessing feature association impact scaleInternational Journal of Information and Computer Security10.1504/IJICS.2016.0791858:3(241-257)Online publication date: 1-Jan-2016
https://dl.acm.org/doi/10.1504/IJICS.2016.079185
Guo CPing YLiu NLuo S(2016)A two-level hybrid approach for intrusion detectionNeurocomputing10.1016/j.neucom.2016.06.021214:C(391-400)Online publication date: 19-Nov-2016
https://dl.acm.org/doi/10.1016/j.neucom.2016.06.021
Saurabh PVerma B(2016)An efficient proactive artificial immune system based anomaly detection and prevention systemExpert Systems with Applications: An International Journal10.1016/j.eswa.2016.03.04260:C(311-320)Online publication date: 30-Oct-2016
https://dl.acm.org/doi/10.1016/j.eswa.2016.03.042
Abdollahpour SRezaeian J(2015)Minimizing makespan for flow shop scheduling problem with intermediate buffers by using hybrid approach of artificial immune systemApplied Soft Computing10.1016/j.asoc.2014.11.02228:C(44-56)Online publication date: 1-Mar-2015
https://dl.acm.org/doi/10.1016/j.asoc.2014.11.022
Panda MAbraham APatra M(2015)Hybrid intelligent systems for detecting network intrusionsSecurity and Communication Networks10.1002/sec.5928:16(2741-2749)Online publication date: 10-Nov-2015
https://dl.acm.org/doi/10.1002/sec.592
Chikhi SRamdane C(2014)A New Negative Selection Algorithm for Adaptive Network Intrusion Detection SystemInternational Journal of Information Security and Privacy10.4018/IJISP.20141001018:4(1-25)Online publication date: 1-Oct-2014
https://dl.acm.org/doi/10.4018/IJISP.2014100101
PinzóN CDe Paz JHerrero ÁCorchado EBajo JCorchado J(2013)idMAS-SQLInformation Sciences: an International Journal10.1016/j.ins.2011.06.020231(15-31)Online publication date: 1-May-2013
https://dl.acm.org/doi/10.1016/j.ins.2011.06.020
Xu QWang SZhang C(2012)Structural design of the danger model immune algorithmInformation Sciences: an International Journal10.1016/j.ins.2012.04.011205(20-37)Online publication date: 1-Nov-2012
https://dl.acm.org/doi/10.1016/j.ins.2012.04.011
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents