Skip to main content
SpringerLink
Log in

Applying Artificial Intelligence Methods to Network Attack Detection

  • Chapter
  • First Online:
AI in Cybersecurity

Part of the book series: Intelligent Systems Reference Library ((ISRL,volume 151))

Abstract

This chapter reveals the methods of artificial intelligence and their application for detecting network attacks. Particular attention is paid to the representation of models based on neural, fuzzy, and evolutionary computations. The main object is a binary classifier, which is designed to match each input object to one of two sets of classes. Various schemes for combining binary classifiers are considered, which allows building models trained on different subsamples. Several optimizing techniques are proposed, both in terms of parallelization (for increasing the speed of training) and usage of aggregating compositions (for enhancing the classification accuracy). Principal component analysis is also considered, which is aimed at reducing the dimensionality of the analyzed attack feature vectors. A sliding window method was developed and adopted to decrease the number of false positives. Finally, the model efficiency indicators obtained during the experiments using the multifold cross-validation are provided.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    A hidden layer is a layer hidden between the input and output layers, whose output is the input of another layer. Neural networks with more than one hidden layer are called deep neural networks, in which machine learning is called deep learning.

  2. 2.

    The first hidden layer is intended to perform sequential operations of linear and nonlinear transformations.

  3. 3.

    Backpropagation is a method for calculating a gradient needed in weight calculations.

  4. 4.

    In machine learning, a feature space is a vector space associated with feature vectors, i.e., n-dimensional vectors of numerical features that represent objects.

  5. 5.

    Transmission Control Protocol.

  6. 6.

    User Datagram Protocol.

  7. 7.

    Internet Control Message Protocol.

  8. 8.

    Internet Protocol.

  9. 9.

    For the sake of simplicity, some features related to the training of classifiers F and \(F^{(1)},\ldots ,F^{(P)}\) on various subsamples are omitted here.

  10. 10.

    https://www.ll.mit.edu/ideval/data/1998data.html

References

  1. Branitskiy A, Kotenko I (2016) Analysis and classification of methods for network attack detection. In: SPIIRAS Proceedings, vol 45(2), pp 207–244. https://doi.org/10.15622/sp.45.13 (in Russian)

    Article  Google Scholar 

  2. Branitskiy A, Kotenko I (2015) Network attack detection based on combination of neural, immune and neuro-fuzzy classifiers. In: Plessl C, Baz DE, Cong G, Cardoso JMP, Veiga L, Rauber T (eds) Proceedings of the 18th IEEE International Conference on Computational Science and Engineering, IEEE Computer Society, Los Alamitos, CA, USA, pp 152–159. https://doi.org/10.1109/CSE.2015.26

  3. Branitskiy A, Kotenko I (2017) Hybridization of computational intelligence methods for attack detection in computer networks. J Comput Sci 23:145–156. https://doi.org/10.1016/j.jocs.2016.07.010

    Article  MathSciNet  Google Scholar 

  4. Branitskiy A, Kotenko I (2017) Network anomaly detection based on an ensemble of adaptive binary classifiers. Computer Network Security. In: Rak J, Bay J, Kotenko I, Popyack L, Skormin V, Szczypiorski K (eds) Computer network security, pp 143–157. Springer, Cham. https://doi.org/10.1007/978-3-319-65127-9_12

    Google Scholar 

  5. Abraham A, Thomas J (2006) Distributed intrusion detection systems: a computational intelligence approach. In: Abbass HA, Essam D (eds) Applications of information systems to homeland security and defense. Idea Group, Hershey, PA, USA, pp 107–137. https://doi.org/10.4018/978-1-59140-640-2.ch005

  6. Peddabachigari S, Abraham A, Grosan C, Thomas J (2007) Modeling intrusion detection system using hybrid intelligent systems. J Netw Comput Appl 30(1):114–132. https://doi.org/10.1016/j.jnca.2005.06.003

    Article  Google Scholar 

  7. Mukkamala S, Sung AH, Abraham A (2003) Intrusion detection using ensemble of soft computing paradigms. In: Abraham A, Franke K, Köppen M (eds) Intelligent systems design and applications. Springer, Heidelberg, pp 239–248. https://doi.org/10.1007/978-3-540-44999-7_23

    Chapter  Google Scholar 

  8. Mukkamala S, Sung AH, Abraham A (2005) Intrusion detection using an ensemble of intelligent paradigms. J Netw Comput Appl 28(2):167–182. https://doi.org/10.1016/j.jnca.2004.01.003

    Article  Google Scholar 

  9. Toosi AN, Kahani M (2007) A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers. Comput Commun 30(10):2201–2212. https://doi.org/10.1016/j.comcom.2007.05.002

    Article  Google Scholar 

  10. Amini M, Rezaeenour J, Hadavandi E (2014) Effective intrusion detection with a neural network ensemble using fuzzy clustering and stacking combination method. J Comput Sec 1(4):293–305

    Google Scholar 

  11. Wang G, Hao J, Ma J, Huang L (2010) A new approach to intrusion detection using artificial neural networks and fuzzy clustering. Expert Syst Appl 37(9):6225–6232. https://doi.org/10.1016/j.eswa.2010.02.102

    Article  Google Scholar 

  12. Chandrasekhar AM, Raghuveer K (2013) Intrusion detection technique by using k-means, fuzzy neural network and SVM classifiers. In: Proceedings of the 2013 International Conference on Computer Communication and Informatics. Curran Associates, Red Hook, NY, USA. https://doi.org/10.1109/ICCCI.2013.6466310

  13. Saied A, Overill RE, Radzik T (2016) Detection of known and unknown DDoS attacks using artificial neural networks. Neurocomputing 172:385–393. https://doi.org/10.1016/j.neucom.2015.04.101

    Article  Google Scholar 

  14. Agarwal B, Mittal N (2012) Hybrid approach for detection of anomaly network traffic using data mining techniques. Proc Tech 6:996–1003. https://doi.org/10.1016/j.protcy.2012.10.121

    Article  Google Scholar 

  15. He H-T, Luo X-N, Liu B-L (2005) Detecting anomalous network traffic with combined fuzzy-based approaches. In: Huang D-S, Zhang X-P, Huang G-B (eds) Advances in intelligent computing. Springer, Heidelberg, pp. 433–442. https://doi.org/10.1007/11538356_45

    Google Scholar 

  16. Kolmogorov AN (1957) On the representation of continuous functions of several variables as superpositions of continuous functions of one variable and addition. In: Tikhomirov VM (ed) Selected works of A. N. Kolmogorov, pp. 383–387. https://doi.org/10.1007/978-94-011-3030-1_56

    Chapter  Google Scholar 

  17. Cybenko G (1989) Approximation by superpositions of a sigmoidal function. Math Control Signal 2(4):303–314. https://doi.org/10.1007/BF02551274

    Article  MathSciNet  Google Scholar 

  18. Hornik K, Stinchcombe M, White H (1989) Multilayer feedforward networks are universal approximators. Neural Netw 2(5):359–366. https://doi.org/10.1016/0893-6080(89)90020-8

    Article  Google Scholar 

  19. Funahashi K-I (1989) On the approximate realization of continuous mappings by neural networks. Neural Netw 2(3):183–192. https://doi.org/10.1016/0893-6080(89)90003-8

    Article  Google Scholar 

  20. Haykin SS (2011) Neural networks and learning machines, 3rd edn. Pearson, Upper Saddle River, NJ, USA

    Google Scholar 

  21. Riedmiller M, Braun H (1993) A direct adaptive method for faster backpropagation learning: the RPROP algorithm. In: Proceedings of IEEE International Conference on Neural Networks, vol 1. IEEE, New York, pp 586–591. https://doi.org/10.1109/ICNN.1993.298623

  22. Fahlman SE (1988) Faster-learning variations on back-propagation: an empirical study. In: Proceedings of the 1988 connectionist models summer school. Morgan Kaufmann, San Francisco, pp 38–51

    Google Scholar 

  23. Levenberg K (1944) A method for the solution of certain non-linear problems in least squares. Q Appl Math 2(2):164–168. https://doi.org/10.1090/qam/10666

    Article  MathSciNet  Google Scholar 

  24. Marquardt DW (1963) An algorithm for least-squares estimation of nonlinear parameters. J Soc Ind Appl Math 11(2):431–441. https://doi.org/10.1137/0111030

    Article  MathSciNet  Google Scholar 

  25. Jordan ML (1986) Attractor dynamics and parallelism in a connectionist sequential machine. In: Proceedings of the eighth annual conference of the cognitive science society. Lawrence Erlbaum Associates, Hillsdale, NJ, USA, pp 531–546

    Google Scholar 

  26. Takagi T, Sugeno M (1985) Fuzzy identification of systems and its applications to modeling and control. IEEE T Syst Man Cyb SMC-15(1):116–132. https://doi.org/10.1109/TSMC.1985.6313399

    Article  Google Scholar 

  27. Jang J-SR (1993) ANFIS: adaptive-network-based fuzzy inference system. IEEE T Syst Man Cyb 23(3):665–685. https://doi.org/10.1109/21.256541

    Article  Google Scholar 

  28. Strang G (2016) Introduction to linear algebra, 5th edn. Cambridge Press, Wellesley, MA, USA

    MATH  Google Scholar 

  29. Vapnik V (1995) The nature of statistical learning theory. Springer-Verlag, New York. https://doi.org/10.1007/978-1-4757-2440-0

    Book  Google Scholar 

  30. Hsu CW, Lin CJ (2002) A comparison of methods for multiclass support vector machines. IEEE T Neural Networ 13(2):415–425. https://doi.org/10.1109/72.991427

    Article  Google Scholar 

  31. Drucker H, Burges CJC, Kaufman L, Smola A, Vapnik V (1997) Support vector regression machines. Advances in neural information processing systems 9. MIT Press, Cambridge, MA, USA, pp 155–161

    Google Scholar 

  32. Müller KR, Smola AJ, Rätsch G, Schölkopf B, Kohlmorgen J, Vapnik V (1997) Predicting time series with support vector machines. In: Gerstner W, Germond A, Hasler M, Nicoud J-D (eds) Artificial neural networks – ICANN’97, pp 999–1004. https://doi.org/10.1007/BFb0020283

    Google Scholar 

  33. Kuhn HW, Tucker AW (1951) Nonlinear programming. In: Neyman J (ed) Proceedings of 2nd Berkeley Symposium on Mathematical Statistics and Probabilistics. University of California Press, Berkeley, CA, USA, pp 481–492

    Google Scholar 

  34. Platt J (1998) Sequential minimal optimization: a fast algorithm for training support vector machines (1998). https://www.microsoft.com/en-us/research/publication/sequential-minimal-optimization-a-fast-algorithm-for-training-support-vector-machines

  35. Shawe-Taylor J, Cristianini N (2004) Kernel methods for pattern analysis. Cambridge University Press, New York

    Book  Google Scholar 

  36. Jolliffe IT (2011) Principal component analysis. In: Lovric M (ed) International encyclopedia of statistical science. Springer, Heidelberg. https://doi.org/10.1007/978-3-642-04898-2_455

    Chapter  Google Scholar 

  37. Fix E, Hodges J (1951) Discriminatory analysis. Nonparametric discrimination: consistency properties. Technical Report 4, USAF School of Aviation Medicine, Randolph Field, TX, USA

    Google Scholar 

  38. McHugh J (2000) Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln laboratory. ACM T Inform Syst Se 3(4):262–294. https://doi.org/10.1145/382912.382923

    Article  Google Scholar 

  39. Mahoney MV, Chan PK (2003) An analysis of the 1999 DARPA/Lincoln Laboratory evaluation data for network anomaly detection. In: Vigna G, Kruegel C, Jonsson E (eds) Recent advances in intrusion detection. Springer, Heidelberg, pp 220–237. https://doi.org/10.1007/978-3-540-45248-5_13

    Google Scholar 

  40. Refaeilzadeh P, Tang L, Liu H (2009) Cross-validation. In: Liu L, Özsu MT (eds) Encyclopedia of database systems. Springer, Boston, MA, USA. https://doi.org/10.1007/978-0-387-39940-9_565

    Chapter  Google Scholar 

Download references

Acknowledgements

This research was supported by the Russian Science Foundation under grant number 18-11-00302.

Author information

Authors and Affiliations

  1. St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences, St. Petersburg, Russia

    Alexander Branitskiy & Igor Kotenko

Authors
  1. Alexander Branitskiy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Igor Kotenko
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Igor Kotenko .

Editor information

Editors and Affiliations

  1. School of Information Technology and Mathematical Sciences, University of South Australia, Adelaide, SA, Australia

    Leslie F. Sikos

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Branitskiy, A., Kotenko, I. (2019). Applying Artificial Intelligence Methods to Network Attack Detection. In: Sikos, L. (eds) AI in Cybersecurity. Intelligent Systems Reference Library, vol 151. Springer, Cham. https://doi.org/10.1007/978-3-319-98842-9_5

Download citation

Publish with us

Policies and ethics

Search

Navigation