Skip to main content
SpringerLink
Log in

Intrusion Detection in Computer Networks with Neural and Fuzzy Classifiers

  • Conference paper
  • First Online:
Artificial Neural Networks and Neural Information Processing — ICANN/ICONIP 2003 (ICANN 2003, ICONIP 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2714))

Abstract

With the rapidly increasing impact of the Internet, the development of appropriate intrusion detection systems (IDS) gains more and more importance. This article presents a performance comparison of four neural and fuzzy paradigms (multilayer perceptrons, radial basis function networks, NEFCLASS systems, and classifying fuzzy-k-means) applied to misuse detection on the basis of TCP and IP header information. As an example, four different attacks (Nmap, Portsweep, Dict, Back) will be detected utilising evaluation data provided by the Defense Advanced Research Projects Agency (DARPA). The best overall classification results (99.42%) can be achieved with radial basis function networks, which model hyperspherical clusters in the feature space.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Axelsson, S.: Intrusion detection systems: A survey and taxonomy. Tech. Rep. 99–15, Department of Computer Engineering, Chalmers University of Technology, Göteborg (2000)

    Google Scholar 

  2. Anderson, J.P.: Computer security threat monitoring and surveillance. Tech. Rep., James P. Anderson Co., Fort Washington (1980)

    Google Scholar 

  3. Lunt, T.F.: A survey of intrusion detection techniques. Computers and Security 12 (1993) 405–418

    Article  Google Scholar 

  4. Wespi, A., Vigna, G., Deri, L., eds.: Recent Advances in Intrusion Detection. LNCS 2516. Springer Verlag, Berlin, Heidelberg, New York (2002) (Proc. of the 5th Int. Symp. RAID 2002, Zurich).

    MATH  Google Scholar 

  5. Northcutt, S., Novak, J.: Network Intrusion Detection. 3 edn. New Riders, Indianapolis (2002)

    Google Scholar 

  6. Durst, R., Champion, T., Witten, B., Miller, E., Spagnuolo, L.: Testing and evaluating computer intrusion detection systems. Comm. of the ACM 42 (1999) 53–61

    Article  Google Scholar 

  7. Lippmann, R.P., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA off-line intrusion detection evaluation. Computer Networks 34 (2000) 579–595

    Article  Google Scholar 

  8. Lippmann, R.P., Fried, D.J., Graf, I., Haines, J.W., Kendall, K.R., McClung, D., Weber, D., Webster, S.E., Wyschogrod, D., Cunningham, R.K., Zissman, M.A.: Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. In: Proc. of the 2000 DARPA Information Survivability Conf. and Exposition (DISCEX), Hilton Head. Vol. 2., IEEE Press (1999) 12–26

    Article  Google Scholar 

  9. Axelsson, S.: Research in intrusion detection systems: A survey. Tech. Rep. 98–17, Department of Computer Engineering, Chalmers University of Technology, Göteborg (1999) (revised version).

    Google Scholar 

  10. Liu, Z., Florez, G., Bridges, S.: A comparison of input representations in neural networks: a case study in intrusion detection. In: Proc. of the Int. Joint Conf. on Neural Networks (IJCNN 2002), Honolulu. Vol. 2. (2002) 1708–1713

    Google Scholar 

  11. Lee, S., Heinbuch, D.: Training a neural-network based intrusion detector to recognize novel attacks. IEEE Tr. on Systems, Man and Cybernetics, Part A 31 (2001) 294–299

    Article  Google Scholar 

  12. Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: Proc. of the Int. Joint Conf. on Neural Networks (IJCNN 2002), Honolulu. Vol. 2. (2002) 1702–1707

    Article  Google Scholar 

  13. Wang, L., Yu, G., Wang, G., Wang, D.: Method of evolutionary neural network-based intrusion detection. In Zhong, Y., Cui, S., Wang, Y., eds.: Int. Conf. on Info-tech and Info-net (ICII 2001), Beijing. Vol. 5. (2001) 13–18

    Google Scholar 

  14. Debar, H., Dorizzi, B.: An application of a recurrent network to an intrusion detection. In: Proc. of the Int. Joint Conf. on Neural Networks (IJCNN 1992), Baltimore. Vol. 2. (1992) 478–483

    Article  Google Scholar 

  15. Cannady, J.: Applying CMAC-based online learning to intrusion detection. In: Proc. of the IEEE-INNS-ENNS Int. Joint Conf. on Neural Networks (IJCNN 2000), Como. Vol. 5. (2000) 405–410

    Article  Google Scholar 

  16. Cannady, J., Garcia, R.C.: The application of fuzzy ARTMAP in the detection of computer network attacks. In Dorffner, G., Bischof, H., Hornik, K., eds.: Artificial Neural Networks — ICANN 2001 (Proc. of the 11th Int. Conf. on Artificial Neural Networks), Vienna. (Number 2130 in Lecture Notes in Computer Science, Springer Verlag, Berlin, Heidelberg, New York) (2001) 225–230

    Google Scholar 

  17. Hoglund, A., Hatonen, K., Sorvari, A.: A computer host-based user anomaly detection system using the self-organizing map. In: Proc. of the IEEE-INNS-ENNS Int. Joint Conf. on Neural Networks (IJCNN 2000), Como. Vol. 5. (2000) 411–416

    Article  Google Scholar 

  18. Rhodes, B.C., Mahaffey, J.A., Cannady, J.D.: Multiple self-organizing maps for intrusion detection. In: Proc. of the 23rd National Information Systems Security Conf. (NISSC 2000), Baltimore. (2000)

    Google Scholar 

  19. Dasgupta, D., Brian, H.: Mobile security agents for network traffic analysis. In: Proc. of DARPA Information Survivability Conference & Exposition II (DISCEX’ 01), Anaheim. Vol. 2. (2001) 332–340

    Article  Google Scholar 

  20. Kendall, K.: A database of computer attacks for the evaluation of intrusion detection systems. Master’s thesis, MIT, Department of Electrical Engineering and Computer Science (1999)

    Google Scholar 

  21. Haykin, S.: Neural Networks — A Comprehensive Foundation. Macmillan College Publishing Company, New York (1994)

    MATH  Google Scholar 

  22. Bishop, C.M.: Neural Networks for Pattern Recognition. Clarendon Press, Oxford (1995)

    Google Scholar 

  23. Nauck, D., Kruse, R.: Nefclass — a neuro-fuzzy approach for the classification of data. In George, K.M., Carrol, J.H., Deaton, E., Oppenheim, D., Hightower, J., eds.: Applied Computing, ACM Press (1995) 461–465 (Proc. of the 1995 ACM Symp. on Applied Computing, Nashville).

    Google Scholar 

  24. Bezdek, J.C.: Pattern Recognition with Fuzzy Objective Algorithms. Plenum Press, New York (1981)

    MATH  Google Scholar 

  25. Dunn, J.C.: A fuzzy relative of the ISODATA process and its use in detecting compact, well separated clusters. Journal on Cybernetics 3 (1973) 32–57

    Article  MATH  MathSciNet  Google Scholar 

  26. Schmitz, C.: Regelbasierte Klassifikation von Angriffen in Rechnernetzen mit lernenden Verfahren. Master’s thesis, University of Passau (2002)

    Google Scholar 

  27. Jin, Y., von Seelen, W., Sendhoff, B.: Extracting interpretable fuzzy rules from RBF neural networks. Internal Rep. 2000-02, Institut für Neuroinformatik (INF), Ruhr-Universität Bochum (2000)

    Google Scholar 

  28. Hofmann, A.: Einsatz von Soft-Computing-Verfahren zur Erkennung von Angriffen auf Rechnernetze. Master’s thesis, University of Passau (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Chair of Computer Architectures (Prof. Dr.-Ing. W. Grass), University of Passau, Germany, 94030, Passau

    Alexander Hofmann, Carsten Schmitz & Bernhard Sick

Authors
  1. Alexander Hofmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Carsten Schmitz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bernhard Sick
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Bogazici University, Bebek, 34342, Istanbul, Turkey

    Okyay Kaynak  & Ethem Alpaydin  & 

  2. Laboratory of Computer and Information Science, Helsinki University of Technology, P.O.B. 5400, 02015, Finland

    Erkki Oja

  3. Department of Computer Science and Engineering, The Chinese University of Hong Kong, Shatin, Hong Kong

    Lei Xu

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hofmann, A., Schmitz, C., Sick, B. (2003). Intrusion Detection in Computer Networks with Neural and Fuzzy Classifiers. In: Kaynak, O., Alpaydin, E., Oja, E., Xu, L. (eds) Artificial Neural Networks and Neural Information Processing — ICANN/ICONIP 2003. ICANN ICONIP 2003 2003. Lecture Notes in Computer Science, vol 2714. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44989-2_38

Download citation

  • DOI: https://doi.org/10.1007/3-540-44989-2_38

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-40408-8

  • Online ISBN: 978-3-540-44989-8

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation