Intrusion detection systems (IDSs) are designed to distinguish normal and intrusive activities. A critical part of the IDS design depends on the selection of informative features and the appropriate machine learning technique. In this paper, we investigated the problem of IDS from these two perspectives and constructed a misuse based neurotree classiffier capable of detecting anomalies in networks. The major implications of this paper are a) Employing weighted sum genetic feature extraction process which provides better discrimination ability for detecting anomalies in network trafic; b) Realizing the system as a rule-based model using an ensemble efficient machine learning technique, neurotree which possesses better comprehensibility and generalization ability; c) Utilizing an activation function which is targeted at minimizing the error rates in the learning algorithm. An extensive experimental evaluation on a database containing normal and anomaly trafic patterns shows that the proposed scheme with the selected features and the chosen classiffier is a state-of-the-art IDS that outperforms previous IDS methods.
This paper presents a neural network (NN) approach to detect intrusions. Previous works used many KDD records to train NNs for detecting intrusions. That is why; our objective here is to show that in case of the KDD data sets, we can obtain good results by training some NNs with a small data subset. To prove that, this study compares the attacks detection and classification by using two training sets: a set of only 260 records and a set of 65536 records. The testing set is composed of 65536 records randomly chosen from the KDD testing set. Our study focused on two classification types of records: a single class (normal or attack), and a multi class where the category of the attack is detected by the NN. Four different types of NNs were tested: Multi-Layer Perceptron (MLP), Modular, Jordan/Elman and Principal Component Analysis (PCA) NN. Two NN structures were used: the first one contains only one hidden layer and the second contains ten hidden layers. Our simulations show that the small data subset (260 records) can be trained to detect and classify attacks more efficiently than the second data subset.
The purpose of this study is to analyze the performances of some neural networks (NNs) when all the KDD data set is used to train them, in order to classify and detect attacks. Five different types of NNs were tested: Multi-Layer Perceptron (MLP), Self Organization Feature Map (SOFM), Radial Basis Function/Generalized Regression/Probabilistic (RBF/GR/P), Jordan/Elman, and Recurrent NNs. The experiment study is done on the Knowledge Discovery and Data mining (KDD) data sets. We consider two levels of attack granularities depending on whether dealing with four main categories, or only focusing on the normal/attack connection types. Our simulations show that our results are competitive with some other artificial intelligence or data mining intrusion detection systems.