Advertisement

Analysis of Neural Network Training and Cost Functions Impact on the Accuracy of IDS and SIEM Systems

  • Said El HajjiEmail author
  • Nabil Moukafih
  • Ghizlane Orhanou
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11445)

Abstract

Nowadays, companies are implementing security tools such as Intrusion Detection Systems (IDS) and Security Information and Event Management systems (SIEM) to deal with sophisticated computer attacks. These attacks evolve each year in terms of sophistication and complexity in order to steal or alter sensitive information. Machine learning techniques are used in order to provide pattern recognition and adaptation to IDS and SIEM systems. In this paper, we have proposed a model based on neural networks and support vector machines to analyze and identify network intrusions. We studied the impact of some important parameters in neural networks on the classification accuracy. We evaluated and compared 37 different feed-forward neural networks according to these parameters and choose the best training algorithm for our model using NSL-KDD dataset. Our results suggest that the choice of the appropriate performance function and training algorithm may be critical to achieve higher classification accuracy.

Keywords

Neural networks Classification Intrustion detection SIEM SVM 

References

  1. 1.
    Verizonent: 2018 Data Breach Investigations Report (p. 8) (2018). https://www.verizonenterprise.com
  2. 2.
    Mathews, L.: ThyssenKrupp Attackers Stole Trade Secrets In Massive Hack (2016). http://www.forbes.com/sites/leemathews/2016/12/08/thyssenkrupp-attackers-stole-trade-secrets-in-massive-hack/LeeMathews,Lee. Accessed 12 Oct 2016
  3. 3.
    Schwartz, M.J.: Lockheed Martin Suffers Massive Cyberattack (2011). http://www.darkreading.com/risk-management/lockheed-martin-suffers-massive-cyberattack/d/d-id/1098013. Accessed 2 Mar 2017
  4. 4.
    Markoff, J.: SecurID Company Suffers a Breach of Data Security (2011). http://www.nytimes.com/2011/03/18/technology/18secure.html. Accessed 2 Mar 2017
  5. 5.
    Gogoi, P., Bhattacharyya, D.K., Borah, B., Kalita, J.K.: MLH-IDS: a multi-level hybrid intrusion detection method. Comput. J. 57(4), 602–623 (2013).  https://doi.org/10.1093/comjnl/bxt044CrossRefGoogle Scholar
  6. 6.
    Orhanou, G., Lakbabi, A., Moukafih, N., El Hajji, S. (n.d.): Network access control and collaborative security against APT and AET. In: Security and Privacy in Smart Sensor Networks, pp. 201–230. IGI Global.  https://doi.org/10.4018/978-1-5225-5736-4.ch010
  7. 7.
    Hall, D.L., Llinas, J.: An introduction to multisensor data fusion. Proc. IEEE 85(1), 6–23 (1997).  https://doi.org/10.1109/5.554205CrossRefGoogle Scholar
  8. 8.
    Tan, P.N., Steinbach, M., Kumar, V.: Introduction to Data Mining. Pearson Addison Wesley, Boston (2005)Google Scholar
  9. 9.
    Zhang, C., Jiang, J., Kamel, M.: Intrusion detection using hierarchical neural networks. Pattern Recognit. Lett. 26(6), 779–791 (2005).  https://doi.org/10.1016/j.patrec.2004.09.045CrossRefGoogle Scholar
  10. 10.
    Yamaguchi, F., Lindner, F., Rieck, K.: Vulnerability extrapolation: assisted discovery of vulnerabilities using machine learning. In: Proceedings of the 5th USENIX Conference on Offensive Technologies (2011)Google Scholar
  11. 11.
    Livshits, B., Zimmermann, T.: DynaMine. ACM SIGSOFT Softw. Eng. Notes 30(5), 296 (2005).  https://doi.org/10.1145/1095430.1081754CrossRefGoogle Scholar
  12. 12.
    Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639–668 (2011)CrossRefGoogle Scholar
  13. 13.
    Kotler, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. J. Mach. Learn. Res. 7, 2721–2744 (2006)MathSciNetzbMATHGoogle Scholar
  14. 14.
    Anderson, J.P.: Computer security threat monitoring and surveillance, vol. 17. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania (1980)Google Scholar
  15. 15.
    Chiba, Z., Abghour, N., Moussaid, K., El Omri, A., Rida, M.: A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection. Comput. Secur. 75, 36–58 (2018).  https://doi.org/10.1016/j.cose.2018.01.023CrossRefGoogle Scholar
  16. 16.
    Sen, R., Chattopadhyay, M., Sen, N.: An efficient approach to develop an intrusion detection system based on multi layer backpropagation neural network algorithm. In: Proceedings of the 2015 ACM SIGMIS Conference on Computers and People Research - SIGMIS-CPR 2015. ACM Press (2015).  https://doi.org/10.1145/2751957.2751979
  17. 17.
    Kuang, F., Xu, W., Zhang, S., Wang, Y., Liu, K.: A novel approach of KPCA and SVM for intrusion detection. J. Comput. Inf. Syst. 8(8), 3237–3244 (2012)Google Scholar
  18. 18.
    Devaraju, S., Ramakrishnan, S.: Performance analysis of intrusion detection system using various neural network classifiers. In: 2011 International Conference on Recent Trends in Information Technology (ICRTIT). IEEE (2011).  https://doi.org/10.1109/icrtit.2011.5972289
  19. 19.
    Ussath, M., Jaeger, D., Cheng, F., Meinel, C.: Identifying suspicious user behavior with neural networks. In: 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud). IEEE (2017).  https://doi.org/10.1109/cscloud.2017.10
  20. 20.
    Suarez-Tangil, G., Palomar, E., Ribagorda, A., Sanz, I.: Providing SIEM systems with self-adaptation. Inf. Fusion 21, 145–158 (2015).  https://doi.org/10.1016/j.inffus.2013.04.009CrossRefGoogle Scholar
  21. 21.
    Rayan, J., Meng-Jang, L., Risto, M.: Intrusion Detection with Neural Networks. AAAI Technical Report WS-97-07 (1997)Google Scholar
  22. 22.
    Sharma, B., Venugopalan, K.: Comparison of neural network training functions for hematoma classification in brain CT images. IOSR J. Comput. Eng. (IOSR-JCE) 16(1), 31–35 (2014)CrossRefGoogle Scholar
  23. 23.
    Hesam, K., Sharareh, R.N., Reza, S.: Comparison of neural network training algorithms for classification of heart diseases. IAES Int. J. Artif. Intell. (IJ-AI) 7(4), 185–189 (2018)Google Scholar
  24. 24.
    Kumari, V.V., Varma, P.R.K.: A semi-supervised intrusion detection system using active learning SVM and fuzzy c-means clustering. In: 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC). IEEE (2017).  https://doi.org/10.1109/i-smac.2017.8058397
  25. 25.
    Al-Yaseen, W.L., Othman, Z.A., Nazri, M.Z.A.: Intrusion detection system based on modified K-means and multi-level support vector machines. In: Berry, M.W., Mohamed, A.H., Wah, Y.B. (eds.) SCDS 2015. CCIS, vol. 545, pp. 265–274. Springer, Singapore (2015).  https://doi.org/10.1007/978-981-287-936-3_25CrossRefGoogle Scholar
  26. 26.
    Baceand, R., Mell, P.: NIST Special Publication on Intrusion Detection Systems (2011). www.dtic.mil/dtic/tr/fulltext/u2/a393326.pdf. Accessed Mar 10 2018
  27. 27.
    Intrusion Detection and Correlation: Advances in Information Security. Kluwer Academic Publishers (2005).  https://doi.org/10.1007/b101493
  28. 28.
    Moukafih, N., Sabir, S., Lakbabi, A., Orhanou, G.: SIEM selection criteria for an efficient contextual security. In: 2017 International Symposium on Networks, Computers and Communications (ISNCC). IEEE (2017).  https://doi.org/10.1109/isncc.2017.8072035
  29. 29.
    Miller, D.: Security Information and Event Management (SIEM) Implementation. McGraw-Hill, New York (2011)Google Scholar
  30. 30.
    Russell, S., Norvig, P., Davis, E.: Artificial Intelligence: A Modern Approach. Prentice Hall, Upper Saddle River (2010)zbMATHGoogle Scholar
  31. 31.
    Ali, S., Smith, K.A.: On learning algorithm selection for classification. Appl. Soft Comput. 6(2), 119–138 (2006).  https://doi.org/10.1016/j.asoc.2004.12.002CrossRefGoogle Scholar
  32. 32.
    Sutton, R.S.: Two problems with backpropagation and other steepest-descent learning procedures for networks. In: Proceedings of the Eighth Annual Conference of the Cognitive Science Society. Erlbaum, Hillsdale, NJ (1986)Google Scholar
  33. 33.
    Riedmiller, M., Braun, H.: A direct adaptive method for faster backpropagation learning: the RPROP algorithm. In: IEEE International Conference on Neural Networks. IEEE (1993)  https://doi.org/10.1109/icnn.1993.298623
  34. 34.
    Shewchuk, J.R.: An introduction to the conjugate gradient method without the agonizing pain. School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 (1994)Google Scholar
  35. 35.
    Møller, M.F.: A scaled conjugate gradient algorithm for fast supervised learning. Neural Netw. 6(4), 525–533 (1993).  https://doi.org/10.1016/s0893-6080(05)80056-5
  36. 36.
    Fletcher, R.: Function minimization by conjugate gradients. Comput. J. 7(2), 149–154 (1964).  https://doi.org/10.1093/comjnl/7.2.1494MathSciNetCrossRefzbMATHGoogle Scholar
  37. 37.
    Pham, D.T., Sagiroglu, S.: Training multilayered perceptrons for pattern recognition: a comparative study of four training algorithms. Int. J. Mach. Tools Manuf. 41(3), 419–430 (2001).  https://doi.org/10.1016/s0890-6955(00)00073-0CrossRefGoogle Scholar
  38. 38.
    KDD CUP 99 dataset. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 23 Oct 2018
  39. 39.
    NSL-KDD dataset available. https://github.com/defcom17/NSL_KDD. Accessed 23 Oct 2018
  40. 40.
    Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. IEEE (2009).  https://doi.org/10.1109/cisda.2009.5356528
  41. 41.
    Ji, H., Kim, D., Shin, D., Shin, D.: A study on comparison of KDD CUP 99 and NSL-KDD using artificial neural network. In: Park, J.J., Loia, V., Yi, G., Sung, Y. (eds.) CUTE/CSA -2017. LNEE, vol. 474, pp. 452–457. Springer, Singapore (2018).  https://doi.org/10.1007/978-981-10-7605-3_74CrossRefGoogle Scholar
  42. 42.
    Ingre, B., Yadav, A.: Performance analysis of NSL-KDD dataset using ANN. In: 2015 International Conference on Signal Processing and Communication Engineering Systems. IEEE (2015).  https://doi.org/10.1109/spaces.2015.7058223

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Said El Hajji
    • 1
    Email author
  • Nabil Moukafih
    • 1
  • Ghizlane Orhanou
    • 1
  1. 1.Laboratory of Mathematics, Computing and Applications - Information Security, Faculty of SciencesMohammed V University in RabatRabatMorocco

Personalised recommendations