Abstract
This chapter reveals the methods of artificial intelligence and their application for detecting network attacks. Particular attention is paid to the representation of models based on neural, fuzzy, and evolutionary computations. The main object is a binary classifier, which is designed to match each input object to one of two sets of classes. Various schemes for combining binary classifiers are considered, which allows building models trained on different subsamples. Several optimizing techniques are proposed, both in terms of parallelization (for increasing the speed of training) and usage of aggregating compositions (for enhancing the classification accuracy). Principal component analysis is also considered, which is aimed at reducing the dimensionality of the analyzed attack feature vectors. A sliding window method was developed and adopted to decrease the number of false positives. Finally, the model efficiency indicators obtained during the experiments using the multifold cross-validation are provided.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A hidden layer is a layer hidden between the input and output layers, whose output is the input of another layer. Neural networks with more than one hidden layer are called deep neural networks, in which machine learning is called deep learning.
- 2.
The first hidden layer is intended to perform sequential operations of linear and nonlinear transformations.
- 3.
Backpropagation is a method for calculating a gradient needed in weight calculations.
- 4.
In machine learning, a feature space is a vector space associated with feature vectors, i.e., n-dimensional vectors of numerical features that represent objects.
- 5.
Transmission Control Protocol.
- 6.
User Datagram Protocol.
- 7.
Internet Control Message Protocol.
- 8.
Internet Protocol.
- 9.
For the sake of simplicity, some features related to the training of classifiers F and \(F^{(1)},\ldots ,F^{(P)}\) on various subsamples are omitted here.
- 10.
References
Branitskiy A, Kotenko I (2016) Analysis and classification of methods for network attack detection. In: SPIIRAS Proceedings, vol 45(2), pp 207–244. https://doi.org/10.15622/sp.45.13 (in Russian)
Branitskiy A, Kotenko I (2015) Network attack detection based on combination of neural, immune and neuro-fuzzy classifiers. In: Plessl C, Baz DE, Cong G, Cardoso JMP, Veiga L, Rauber T (eds) Proceedings of the 18th IEEE International Conference on Computational Science and Engineering, IEEE Computer Society, Los Alamitos, CA, USA, pp 152–159. https://doi.org/10.1109/CSE.2015.26
Branitskiy A, Kotenko I (2017) Hybridization of computational intelligence methods for attack detection in computer networks. J Comput Sci 23:145–156. https://doi.org/10.1016/j.jocs.2016.07.010
Branitskiy A, Kotenko I (2017) Network anomaly detection based on an ensemble of adaptive binary classifiers. Computer Network Security. In: Rak J, Bay J, Kotenko I, Popyack L, Skormin V, Szczypiorski K (eds) Computer network security, pp 143–157. Springer, Cham. https://doi.org/10.1007/978-3-319-65127-9_12
Abraham A, Thomas J (2006) Distributed intrusion detection systems: a computational intelligence approach. In: Abbass HA, Essam D (eds) Applications of information systems to homeland security and defense. Idea Group, Hershey, PA, USA, pp 107–137. https://doi.org/10.4018/978-1-59140-640-2.ch005
Peddabachigari S, Abraham A, Grosan C, Thomas J (2007) Modeling intrusion detection system using hybrid intelligent systems. J Netw Comput Appl 30(1):114–132. https://doi.org/10.1016/j.jnca.2005.06.003
Mukkamala S, Sung AH, Abraham A (2003) Intrusion detection using ensemble of soft computing paradigms. In: Abraham A, Franke K, Köppen M (eds) Intelligent systems design and applications. Springer, Heidelberg, pp 239–248. https://doi.org/10.1007/978-3-540-44999-7_23
Mukkamala S, Sung AH, Abraham A (2005) Intrusion detection using an ensemble of intelligent paradigms. J Netw Comput Appl 28(2):167–182. https://doi.org/10.1016/j.jnca.2004.01.003
Toosi AN, Kahani M (2007) A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers. Comput Commun 30(10):2201–2212. https://doi.org/10.1016/j.comcom.2007.05.002
Amini M, Rezaeenour J, Hadavandi E (2014) Effective intrusion detection with a neural network ensemble using fuzzy clustering and stacking combination method. J Comput Sec 1(4):293–305
Wang G, Hao J, Ma J, Huang L (2010) A new approach to intrusion detection using artificial neural networks and fuzzy clustering. Expert Syst Appl 37(9):6225–6232. https://doi.org/10.1016/j.eswa.2010.02.102
Chandrasekhar AM, Raghuveer K (2013) Intrusion detection technique by using k-means, fuzzy neural network and SVM classifiers. In: Proceedings of the 2013 International Conference on Computer Communication and Informatics. Curran Associates, Red Hook, NY, USA. https://doi.org/10.1109/ICCCI.2013.6466310
Saied A, Overill RE, Radzik T (2016) Detection of known and unknown DDoS attacks using artificial neural networks. Neurocomputing 172:385–393. https://doi.org/10.1016/j.neucom.2015.04.101
Agarwal B, Mittal N (2012) Hybrid approach for detection of anomaly network traffic using data mining techniques. Proc Tech 6:996–1003. https://doi.org/10.1016/j.protcy.2012.10.121
He H-T, Luo X-N, Liu B-L (2005) Detecting anomalous network traffic with combined fuzzy-based approaches. In: Huang D-S, Zhang X-P, Huang G-B (eds) Advances in intelligent computing. Springer, Heidelberg, pp. 433–442. https://doi.org/10.1007/11538356_45
Kolmogorov AN (1957) On the representation of continuous functions of several variables as superpositions of continuous functions of one variable and addition. In: Tikhomirov VM (ed) Selected works of A. N. Kolmogorov, pp. 383–387. https://doi.org/10.1007/978-94-011-3030-1_56
Cybenko G (1989) Approximation by superpositions of a sigmoidal function. Math Control Signal 2(4):303–314. https://doi.org/10.1007/BF02551274
Hornik K, Stinchcombe M, White H (1989) Multilayer feedforward networks are universal approximators. Neural Netw 2(5):359–366. https://doi.org/10.1016/0893-6080(89)90020-8
Funahashi K-I (1989) On the approximate realization of continuous mappings by neural networks. Neural Netw 2(3):183–192. https://doi.org/10.1016/0893-6080(89)90003-8
Haykin SS (2011) Neural networks and learning machines, 3rd edn. Pearson, Upper Saddle River, NJ, USA
Riedmiller M, Braun H (1993) A direct adaptive method for faster backpropagation learning: the RPROP algorithm. In: Proceedings of IEEE International Conference on Neural Networks, vol 1. IEEE, New York, pp 586–591. https://doi.org/10.1109/ICNN.1993.298623
Fahlman SE (1988) Faster-learning variations on back-propagation: an empirical study. In: Proceedings of the 1988 connectionist models summer school. Morgan Kaufmann, San Francisco, pp 38–51
Levenberg K (1944) A method for the solution of certain non-linear problems in least squares. Q Appl Math 2(2):164–168. https://doi.org/10.1090/qam/10666
Marquardt DW (1963) An algorithm for least-squares estimation of nonlinear parameters. J Soc Ind Appl Math 11(2):431–441. https://doi.org/10.1137/0111030
Jordan ML (1986) Attractor dynamics and parallelism in a connectionist sequential machine. In: Proceedings of the eighth annual conference of the cognitive science society. Lawrence Erlbaum Associates, Hillsdale, NJ, USA, pp 531–546
Takagi T, Sugeno M (1985) Fuzzy identification of systems and its applications to modeling and control. IEEE T Syst Man Cyb SMC-15(1):116–132. https://doi.org/10.1109/TSMC.1985.6313399
Jang J-SR (1993) ANFIS: adaptive-network-based fuzzy inference system. IEEE T Syst Man Cyb 23(3):665–685. https://doi.org/10.1109/21.256541
Strang G (2016) Introduction to linear algebra, 5th edn. Cambridge Press, Wellesley, MA, USA
Vapnik V (1995) The nature of statistical learning theory. Springer-Verlag, New York. https://doi.org/10.1007/978-1-4757-2440-0
Hsu CW, Lin CJ (2002) A comparison of methods for multiclass support vector machines. IEEE T Neural Networ 13(2):415–425. https://doi.org/10.1109/72.991427
Drucker H, Burges CJC, Kaufman L, Smola A, Vapnik V (1997) Support vector regression machines. Advances in neural information processing systems 9. MIT Press, Cambridge, MA, USA, pp 155–161
Müller KR, Smola AJ, Rätsch G, Schölkopf B, Kohlmorgen J, Vapnik V (1997) Predicting time series with support vector machines. In: Gerstner W, Germond A, Hasler M, Nicoud J-D (eds) Artificial neural networks – ICANN’97, pp 999–1004. https://doi.org/10.1007/BFb0020283
Kuhn HW, Tucker AW (1951) Nonlinear programming. In: Neyman J (ed) Proceedings of 2nd Berkeley Symposium on Mathematical Statistics and Probabilistics. University of California Press, Berkeley, CA, USA, pp 481–492
Platt J (1998) Sequential minimal optimization: a fast algorithm for training support vector machines (1998). https://www.microsoft.com/en-us/research/publication/sequential-minimal-optimization-a-fast-algorithm-for-training-support-vector-machines
Shawe-Taylor J, Cristianini N (2004) Kernel methods for pattern analysis. Cambridge University Press, New York
Jolliffe IT (2011) Principal component analysis. In: Lovric M (ed) International encyclopedia of statistical science. Springer, Heidelberg. https://doi.org/10.1007/978-3-642-04898-2_455
Fix E, Hodges J (1951) Discriminatory analysis. Nonparametric discrimination: consistency properties. Technical Report 4, USAF School of Aviation Medicine, Randolph Field, TX, USA
McHugh J (2000) Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln laboratory. ACM T Inform Syst Se 3(4):262–294. https://doi.org/10.1145/382912.382923
Mahoney MV, Chan PK (2003) An analysis of the 1999 DARPA/Lincoln Laboratory evaluation data for network anomaly detection. In: Vigna G, Kruegel C, Jonsson E (eds) Recent advances in intrusion detection. Springer, Heidelberg, pp 220–237. https://doi.org/10.1007/978-3-540-45248-5_13
Refaeilzadeh P, Tang L, Liu H (2009) Cross-validation. In: Liu L, Özsu MT (eds) Encyclopedia of database systems. Springer, Boston, MA, USA. https://doi.org/10.1007/978-0-387-39940-9_565
Acknowledgements
This research was supported by the Russian Science Foundation under grant number 18-11-00302.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Branitskiy, A., Kotenko, I. (2019). Applying Artificial Intelligence Methods to Network Attack Detection. In: Sikos, L. (eds) AI in Cybersecurity. Intelligent Systems Reference Library, vol 151. Springer, Cham. https://doi.org/10.1007/978-3-319-98842-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-98842-9_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-98841-2
Online ISBN: 978-3-319-98842-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)