Abstract
With the rapidly increasing impact of the Internet, the development of appropriate intrusion detection systems (IDS) gains more and more importance. This article presents a performance comparison of four neural and fuzzy paradigms (multilayer perceptrons, radial basis function networks, NEFCLASS systems, and classifying fuzzy-k-means) applied to misuse detection on the basis of TCP and IP header information. As an example, four different attacks (Nmap, Portsweep, Dict, Back) will be detected utilising evaluation data provided by the Defense Advanced Research Projects Agency (DARPA). The best overall classification results (99.42%) can be achieved with radial basis function networks, which model hyperspherical clusters in the feature space.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Axelsson, S.: Intrusion detection systems: A survey and taxonomy. Tech. Rep. 99–15, Department of Computer Engineering, Chalmers University of Technology, Göteborg (2000)
Anderson, J.P.: Computer security threat monitoring and surveillance. Tech. Rep., James P. Anderson Co., Fort Washington (1980)
Lunt, T.F.: A survey of intrusion detection techniques. Computers and Security 12 (1993) 405–418
Wespi, A., Vigna, G., Deri, L., eds.: Recent Advances in Intrusion Detection. LNCS 2516. Springer Verlag, Berlin, Heidelberg, New York (2002) (Proc. of the 5th Int. Symp. RAID 2002, Zurich).
Northcutt, S., Novak, J.: Network Intrusion Detection. 3 edn. New Riders, Indianapolis (2002)
Durst, R., Champion, T., Witten, B., Miller, E., Spagnuolo, L.: Testing and evaluating computer intrusion detection systems. Comm. of the ACM 42 (1999) 53–61
Lippmann, R.P., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA off-line intrusion detection evaluation. Computer Networks 34 (2000) 579–595
Lippmann, R.P., Fried, D.J., Graf, I., Haines, J.W., Kendall, K.R., McClung, D., Weber, D., Webster, S.E., Wyschogrod, D., Cunningham, R.K., Zissman, M.A.: Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. In: Proc. of the 2000 DARPA Information Survivability Conf. and Exposition (DISCEX), Hilton Head. Vol. 2., IEEE Press (1999) 12–26
Axelsson, S.: Research in intrusion detection systems: A survey. Tech. Rep. 98–17, Department of Computer Engineering, Chalmers University of Technology, Göteborg (1999) (revised version).
Liu, Z., Florez, G., Bridges, S.: A comparison of input representations in neural networks: a case study in intrusion detection. In: Proc. of the Int. Joint Conf. on Neural Networks (IJCNN 2002), Honolulu. Vol. 2. (2002) 1708–1713
Lee, S., Heinbuch, D.: Training a neural-network based intrusion detector to recognize novel attacks. IEEE Tr. on Systems, Man and Cybernetics, Part A 31 (2001) 294–299
Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: Proc. of the Int. Joint Conf. on Neural Networks (IJCNN 2002), Honolulu. Vol. 2. (2002) 1702–1707
Wang, L., Yu, G., Wang, G., Wang, D.: Method of evolutionary neural network-based intrusion detection. In Zhong, Y., Cui, S., Wang, Y., eds.: Int. Conf. on Info-tech and Info-net (ICII 2001), Beijing. Vol. 5. (2001) 13–18
Debar, H., Dorizzi, B.: An application of a recurrent network to an intrusion detection. In: Proc. of the Int. Joint Conf. on Neural Networks (IJCNN 1992), Baltimore. Vol. 2. (1992) 478–483
Cannady, J.: Applying CMAC-based online learning to intrusion detection. In: Proc. of the IEEE-INNS-ENNS Int. Joint Conf. on Neural Networks (IJCNN 2000), Como. Vol. 5. (2000) 405–410
Cannady, J., Garcia, R.C.: The application of fuzzy ARTMAP in the detection of computer network attacks. In Dorffner, G., Bischof, H., Hornik, K., eds.: Artificial Neural Networks — ICANN 2001 (Proc. of the 11th Int. Conf. on Artificial Neural Networks), Vienna. (Number 2130 in Lecture Notes in Computer Science, Springer Verlag, Berlin, Heidelberg, New York) (2001) 225–230
Hoglund, A., Hatonen, K., Sorvari, A.: A computer host-based user anomaly detection system using the self-organizing map. In: Proc. of the IEEE-INNS-ENNS Int. Joint Conf. on Neural Networks (IJCNN 2000), Como. Vol. 5. (2000) 411–416
Rhodes, B.C., Mahaffey, J.A., Cannady, J.D.: Multiple self-organizing maps for intrusion detection. In: Proc. of the 23rd National Information Systems Security Conf. (NISSC 2000), Baltimore. (2000)
Dasgupta, D., Brian, H.: Mobile security agents for network traffic analysis. In: Proc. of DARPA Information Survivability Conference & Exposition II (DISCEX’ 01), Anaheim. Vol. 2. (2001) 332–340
Kendall, K.: A database of computer attacks for the evaluation of intrusion detection systems. Master’s thesis, MIT, Department of Electrical Engineering and Computer Science (1999)
Haykin, S.: Neural Networks — A Comprehensive Foundation. Macmillan College Publishing Company, New York (1994)
Bishop, C.M.: Neural Networks for Pattern Recognition. Clarendon Press, Oxford (1995)
Nauck, D., Kruse, R.: Nefclass — a neuro-fuzzy approach for the classification of data. In George, K.M., Carrol, J.H., Deaton, E., Oppenheim, D., Hightower, J., eds.: Applied Computing, ACM Press (1995) 461–465 (Proc. of the 1995 ACM Symp. on Applied Computing, Nashville).
Bezdek, J.C.: Pattern Recognition with Fuzzy Objective Algorithms. Plenum Press, New York (1981)
Dunn, J.C.: A fuzzy relative of the ISODATA process and its use in detecting compact, well separated clusters. Journal on Cybernetics 3 (1973) 32–57
Schmitz, C.: Regelbasierte Klassifikation von Angriffen in Rechnernetzen mit lernenden Verfahren. Master’s thesis, University of Passau (2002)
Jin, Y., von Seelen, W., Sendhoff, B.: Extracting interpretable fuzzy rules from RBF neural networks. Internal Rep. 2000-02, Institut für Neuroinformatik (INF), Ruhr-Universität Bochum (2000)
Hofmann, A.: Einsatz von Soft-Computing-Verfahren zur Erkennung von Angriffen auf Rechnernetze. Master’s thesis, University of Passau (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hofmann, A., Schmitz, C., Sick, B. (2003). Intrusion Detection in Computer Networks with Neural and Fuzzy Classifiers. In: Kaynak, O., Alpaydin, E., Oja, E., Xu, L. (eds) Artificial Neural Networks and Neural Information Processing — ICANN/ICONIP 2003. ICANN ICONIP 2003 2003. Lecture Notes in Computer Science, vol 2714. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44989-2_38
Download citation
DOI: https://doi.org/10.1007/3-540-44989-2_38
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40408-8
Online ISBN: 978-3-540-44989-8
eBook Packages: Springer Book Archive