Abstract
This study describes an Intrusion Detection System (IDS) called MOVICAB-IDS (MObile VIsualization Connectionist Agent-Based IDS). This system is based on a dynamic multiagent architecture combining case-base reasoning and an unsupervised neural projection model to visualize and analyze the flow of network traffic data. The formulation of the underlying Intrusion Detection framework is presented in advance. The described IDS enables the most interesting projections of a massive traffic data set to be extracted and depicted through a functional and mobile visualization interface. By its advanced visualization facilities, MOVICAB-IDS allows providing an overview of the network traffic as well as identifying anomalous situations tackled by computer networks, responding to the challenges presented by traffic volume and diversity. To show the performance of the described IDS, it has been tested in different domains containing several interesting attacks and anomalous situations.
Chapter PDF
References
Case, J., Fedor, M.S., Schoffstall, M.L., Davin, C.: Simple Network Management Protocol (SNMP). RFC-1157. (1990)
Lu, W., Traore, I.: Detecting New Forms of Network Intrusion Using Genetic Programming. Computational Intelligence 20(3), 475–494 (2004)
Julisch, K.: Chapter 1 - Data Mining for Intrusion Detection: A Critical Review. In: Applications of Data Mining in Computer Security. Advances in Information Security. Springer, Heidelberg (2002)
Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. In: ACM Transactions on Information and System Security (TISSEC), vol. 3(4), pp. 227–261. ACM Press, New York (2000)
Liao, Y.H., Vemuri, V.R.: Use of K-Nearest Neighbor Classifier for Intrusion Detection. Computers & Security 21(5), 439–448 (2002)
Lee, W., Stolfo, S.J., Mok, K.W.: Adaptive Intrusion Detection: A Data Mining Approach. Artificial Intelligence Review 14(6), 533–567 (2000)
Giacinto, G., Roli, F., Didaci, L.: Fusion of Multiple Classifiers for Intrusion Detection in Computer Networks. Pattern Recognition Letters 24(12), 1795–1803 (2003)
Chebrolu, S., Abraham, A., Thomas, J.P.: Feature Deduction and Ensemble Design of Intrusion Detection Systems. Computers & Security 24(4), 295–307 (2005)
Denning, D.E.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering 13(2), 222–232 (1987)
Lunt, T.F.: IDES: An Intelligent System for Detecting Intruders. In: Proceedings of the Symposium: Computer Security, Threat and Countermeasures (1990)
Vaccaro, H.S., Liepins, G.E.: Detection of Anomalous Computer Session Activity. In: Liepins, G.E. (ed.) Proceedings of the 1989 IEEE Symposium on Security and Privacy, pp. 280–289 (1989)
Sebring, M., Shellhouse, E., Hanna, M., Whitehurst, R.: Expert Systems in Intrusion Detection: A Case Study. In: Proceedings of the 11th National Computer Security Conference, pp. 74–81 (1988)
Zanero, S., Savaresi, S.: Unsupervised Learning Techniques for an Intrusion Detection System. In: Proc. of the ACM Symposium on Applied Computing, pp. 412–419 (2004)
Corchado, E., Herrero, A., Sáiz, J.M.: Detecting Compounded Anomalous SNMP Situations Using Cooperative Unsupervised Pattern Recognition. In: Duch, W., Kacprzyk, J., Oja, E., Zadrożny, S. (eds.) ICANN 2005. LNCS, vol. 3697, pp. 905–910. Springer, Heidelberg (2005)
Herrero, A., Corchado, E., Sáiz, J.M.: An Unsupervised Cooperative Pattern Recognition Model to Identify Anomalous Massive SNMP Data Sending. In: Wang, L., Chen, K., S. Ong, Y. (eds.) ICNC 2005. LNCS, vol. 3610, pp. 778–782. Springer, Heidelberg (2005)
Sarasamma, S.T., Zhu, Q.M.A., Huff, J.: Hierarchical Kohonenen Net for Anomaly Detection in Network Security. IEEE Transactions on Systems Man and Cybernetics, Part B 35(2), 302–312 (2005)
Mukkamala, S., Sung, A.H.: Feature Selection for Intrusion Detection Using Neural Networks and Support Vector Machines. Transportation Security and Infrastructure Protection, 33–39 (2003)
Zhang, C.L., Jiang, J., Kamel, M.: Intrusion Detection Using Hierarchical Neural Networks. Pattern Recognition Letters 26(6), 779–791 (2005)
Marchette, D.J.: Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint. Information Science and Statistics. Springer, New York (2001)
Roesch, M.: Snort–Lightweight Intrusion Detection for Networks. In: Proc. of the 13th Systems Administration Conf (LISA 1999), pp. 229–238 (1999)
Muelder, C., Ma, K.L., Bartoletti, T.: Interactive Visualization for Network and Port Scan Detection. In: Zamboni, D., Kruegel, C. (eds.) RAID 2005. LNCS, vol. 3858, pp. 265–283. Springer, Heidelberg (2006)
Nyarko, K., Capers, T., Scott, C., Ladeji-Osias, K.A.: Network Intrusion Visualization with NIVA, an Intrusion Detection Visual Analyzer with Haptic Integration. In: Capers, T. (ed.) Proceedings of the 10th Symposium on Haptic Interfaces for Virtual Environment and Teleoperator Systems, 2002 (HAPTICS 2002), pp. 277–284 (2002)
Labib, K., Vemuri, V.R.: An Application of Principal Component Analysis to the Detection and Visualization of Computer Network Attacks. Annals of Telecommunications 61(1-2), 218–234 (2006)
Becker, R.A., Eick, S.G., Wilks, A.R.: Visualizing Network Data. IEEE Transactions on Visualization and Computer Graphics 1(1), 16–28 (1995)
Ren, P., Gao, Y., Li, Z.C., Chen, Y., Watson, B.: IDGraphs: Intrusion Detection and Analysis Using Stream Compositing. IEEE Computer Graphics and Applications 26(2), 28–39 (2006)
Ahlberg, C., Shneiderman, B.: Visual Information Seeking: Tight Coupling of Dynamic Query Filters with Starfield Displays. In: Readings in information visualization: using vision to think, pp. 244–250. Morgan Kaufmann Publishers Inc., San Francisco (1999)
Wooldridge, M., Jennings, N.R.: Agent theories, architectures, and languages: A survey. Intelligent Agents (1995)
Aamodt, A., Plaza, E.: Case-Based Reasoning - Foundational Issues, Methodological Variations, and System Approaches. AI Communications 7(1), 39–59 (1994)
Chuvakin, A.: Monitoring IDS. Information Security Journal: A Global Perspective 12(6), 12–16 (2004)
Hotelling, H.: Analysis of a Complex of Statistical Variables Into Principal Components. Journal of Education Psychology 24, 417–444 (1933)
Pearson, K.: On Lines and Planes of Closest Fit to Systems of Points in Space. Philosophical Magazine 2(6), 559–572 (1901)
Oja, E.: Neural networks, principal components, and subspaces. Int. Journal of Neural Systems 1, 61–68 (1989)
Friedman, J.H., Tukey, J.W.: A Projection Pursuit Algorithm for Exploratory Data-Analysis. IEEE Transactions on Computers 23(9), 881–890 (1974)
Diaconis, P., Freedman, D.: Asymptotics of Graphical Projection Pursuit. The Annals of Statistics 12(3), 793–815 (1984)
Corchado, E., MacDonald, D., Fyfe, C.: Maximum and Minimum Likelihood Hebbian Learning for Exploratory Projection Pursuit. Data Mining and Knowledge Discovery 8(3), 203–225 (2004)
Fyfe, C., Corchado, E.: Maximum Likelihood Hebbian Rules. In: Proc. of the 10th European Symposium on Artificial Neural Networks (ESANN 2002), pp. 143–148 (2002)
Corchado, E., Fyfe, C.: Connectionist Techniques for the Identification and Suppression of Interfering Underlying Factors. Int. Journal of Pattern Recognition and Artificial Intelligence 17(8), 1447–1466 (2003)
Corchado, E., Han, Y., Fyfe, C.: Structuring Global Responses of Local Filters Using Lateral Connections. Journal of Experimental & Theoretical Artificial Intelligence 15(4), 473–487 (2003)
Seung, H.S., Socci, N.D., Lee, D.: The Rectified Gaussian Distribution. Advances in Neural Information Processing Systems 10, 350–356 (1998)
Kohonen, T.: The Self-Organizing Map. Proceedings of the IEEE 78(9), 1464–1480 (1990)
Ritter, H., Martinetz, T., Schulten, K.: Neural Computation and Self-Organizing Maps; An Introduction. Addison-Wesley Longman Publishing Co., Inc. (1992)
Carrascosa, C., Bajo, J., Julián, V., Corchado, J.M., Botti, V.: Hybrid Multi-agent Architecture as a Real-Time Problem-Solving Model. Expert Systems with Applications: An International Journal 34(1), 2–17 (2008)
Corchado, J.M., Laza, R.: Constructing Deliberative Agents with Case-Based Reasoning Technology. International Journal of Intelligent Systems 18(12), 1227–1241 (2003)
Pellicer, M.A., Corchado, J.M.: Development of CBR-BDI Agents. International Journal of Computer Science and Applications 2(1), 25–32 (2005)
Case, J., Fedor, M.S., Schoffstall, M.L., Davin, C.: Simple Network Management Protocol (SNMP). RFC-1157 (1990)
Cisco Secure Consulting. Vulnerability Statistics Report (2000)
Myerson, J.M.: Identifying Enterprise Network Vulnerabilities. Int. Journal of Network Management 12(3), 135–144 (2002)
Postel, J.: IAB Official Protocol Standards. RFC-1100 (1989)
Stephen, L.: The Spinning Cube of Potential Doom. Commun. ACM 47(6), 25–26 (2004)
Kulsoom, A., Lee, C., Conti, G., Copeland, J.A.: Visualizing Network Data for Intrusion Detection. In: Proc. of the Sixth Annual IEEE Information Assurance Workshop - Systems, Man and Cybernetics (SMC), 2005, pp. 100–108 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Herrero, Á., Corchado, E. (2009). Mining Network Traffic Data for Attacks through MOVICAB-IDS. In: Abraham, A., Hassanien, AE., de Carvalho, A.P.d.L.F. (eds) Foundations of Computational Intelligence Volume 4. Studies in Computational Intelligence, vol 204. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01088-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-01088-0_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01087-3
Online ISBN: 978-3-642-01088-0
eBook Packages: EngineeringEngineering (R0)