Development an Anomaly Network Intrusion Detection System Using Neural Network
محتوى المقالة الرئيسي
الملخص
Most intrusion detection systems are signature based that work similar to anti-virus but they are unable to detect the zero-day attacks. The importance of the anomaly based IDS has raised because of its ability to deal with the unknown attacks. However smart attacks are appeared to compromise the detection ability of the anomaly based IDS. By considering these weak points the proposed
system is developed to overcome them. The proposed system is a development to the well-known payload anomaly detector (PAYL). By
combining two stages with the PAYL detector, it gives good detection ability and acceptable ratio of false positive. The proposed system improve the models recognition ability in the PAYL detector, for a filtered unencrypted HTTP subset traffic of DARPA 1999 data set, from 55.234% in the PAYL system alone to 99.94% in the proposed system; due to the existence of the neural network self-organizing map (SOM). In addition SOM decreases the ratio of false positive from 44.676% in the PAYL system alone to 5.176% in the proposed system. The proposed system provides 80% detection ability of smart worms that are meant to invade the PAYL detector in the PAYL system alone, due to the existence of the randomization stage in the proposed system.
تفاصيل المقالة
القسم
كيفية الاقتباس
المراجع
Ching-Hao Mao, En-Si Liu, Kuo-Ping Wu and Hahn-Ming Lee: “Web Mimicry Attack Detection Using HTTP Token Causal Correlation”, International Journal of Innovative Computing Information and Control (IJICIC), Volume 7, 2010.
Damiano Bolzoni: “Revisiting Anomaly-based Network Intrusion Detection Systems”, Ph.D. Thesis, University of Twente, 2009.
Damiano Bolzoni, Sandro Etalle, Pieter Hartel and Emmanuele Zambon: “POSEIDON: a 2-tier Anomaly-based Network Intrusion Detection System”, Fourth IEEE International Workshop, 10 pp. - 156, 2006.
Ke Wang, Salvatore J. Stolfo: “Anomalous Payload-based Network Intrusion Detection”, Recent advances in intrusion detection: 7th
international symposium, Sophia-Antipolis, France, September 15-17, volume 3224, pp. 203-222, 2004.
KeWang: ” Network Payload-based Anomaly Detection and Content-based Alert Correlation”, Ph.D. Thesis, School of Arts and Sciences, Columbia University, 2006. “Self-Organizing Feature Map toolbox”, Mat Lab Help.
Stefano Zanero: “Analyzing TCP Traffic Patterns Using Self Organizing Maps”, 13th International Conference on Image Analysis and
Processing (ICIAP), Cagliari (Italy), September 6-8, volume 3617 of LNCS, pp. 83-90, 2005.
P. Garcı´a-Teodoro, J. Dı´az-Verdejo, G. Macia´-Ferna´ndez and E. Va´zquez: “Anomalybased network intrusion detection: Techniques,
systems and challenges”, Computers Security, Volume 28, pp. 18-28, 2009.
William Stallings: “Cryptography and Network Security Principles and Practices”, Prentice Hall, 2005.