Abstract
We present a hybrid system based on a combination of Neural Networks and rule-based matching systems that is capable of detecting network-initiated intrusion attacks on web servers. The system has a strong learning component allowing it to recognize even novel attacks (i.e. attacks it has never seen before) and categorize them as such. The performance of the Neural Network in detecting attacks is very good with success rates of more than 78% in recognizing new attacks. However, because of an alarmingly high false alarm rate that measures more than 90% on normal HTTP traffic carrying image uploads we had to combine the original ANN with a rule-based component that monitors the server’s system calls for detecting unusual activity. A final component combines the two systems to make the final decision on whether to raise an intrusion alarm or not. We report on the results we got from our approach and future directions for this research.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
W. Lee, S. Stolfo, K. Mok: “A Data Mining Framework for Building Intrusion Detection Models”-Proceedings of the 1999 IEEE Symposium on Security and Privacy (May 1999)
H. Debar, M. Becker, D. Siboni: “A Neural Network Component for an Intrusion Detection System”-Proceedings of the 1998 National Information Systems Security Conference (NISSC’98) October 5–8 1998. Arlington, VA.
LiMin Fu: “A Neural Network Model for Learning Rule-Based Systems”-Proceedings of the 1992 International Joint Conference on Neural Networks, I-343:I–348. [R, L].
H. Teng, K. Chen, S. Lu: “Adaptive Real-time Anomaly Detection Using Inductively Generated Sequential Patterns”-Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 278–284, Oakland CA, May 1990.
T. Lane, C. Brodley: “Approaches to Online Learning and Concept Drift for User Identification in Computer Security”-Proceedings of the Fourth International Conference on Knowledge Discovery and Data Mining, pp. 259–263 (1998).
J. Anderson: “Computer Security Threat Monitoring and Surveillance”-Tech. Rep., James P Anderson Co., Fort Washington, PA, Apr. 1980.
A. Lazarevic, P. Dokas, L. Ertoz, V. Kumar, J. Srivastava, P. Tan: “Cyber Threat Analysis-A Key Enabling Technology for the Objective Force (A case study in Network Intrusion Detection)”-Proceedings 23rd Army Science Conference, Orlando, FL, December 2002.
P. Dokas, L. Ertoz, V. Kumar, A. Lazarevic, J. Srivastava, P. Tan: “Data Mining for Network Intrusion Detection”-Tutorial at the Pacific-Asia Conference on Knowledge Discovery in Databases, Seoul, April 30, 2003.
C. Warrender, S. Forrest, B. Pearlmutter: “Detecting Intrusions using System Calls-Alternative Data Models”-IEEE Symposium on Security and Privacy (1998).
L. Ertoz, E. Eilertson, A. Lazarevic, P. Tan, P. Dokas, V. Kumar, J. Srivastava: “Detection and Summarization of Novel Network Attacks Using Data Mining”-Minnesota INtrusion Detection System (MINDS) Technical Report, 2003.
R. C. O’Reilly, and Y. Munakata: “Computational Explorations in Cognitive Neuroscience: Understanding the Mind by Simulating the Brain”, MIT Press, Boston, MA, 2000.
T. Lunt: “Real-Time Intrusion Detection”-Technical report, Computer Science Laboratory, SRI international, Menlo Park, CA, February 1992.
J. Frank: “Artificial Intelligence and Intrusion Detection — Current and Future Directions”-Technical Report, Division of Comp. Science, University of California at Davis, 1994.
J. Ryan, M. Lin, R. Miikkulainen: “Intrusion Detection with Neural Networks”-AI Approaches to Fraud Detection and Risk Management: Papers from the 1997 AAAI Workshop (Providence, Rhode Island), pp. 72–79. Menlo Park, CA: AAAI.
M. Mahoney, P. Chan: “Learning Rules for Anomaly Detection of Hostile Network Traffic”-Proceedings of the Third IEEE International Conference on Data Mining, p.601, November 19–22, 2003
A. Ghosh, A. Schwartzbard, M. Schatz: “Learning Program Behavior Profiles for Intrusion Detection”-Reliable Software Technologies Corporation, 1999.
J. Cannady: “Artificial Neural Networks for Misuse Detection”-National Information Systems Security Conference (1998).
L. Ertoz, A. Lazarevic, E. Eilertson, P. Tan, P. Dokas, V. Kumar, J. Srivastava: “Protecting Against Cyber Threats in Networked Information Systems”-SPIE Annual Symposium on AeroSense, Battlespace Digitization and Network Centric Systems III, Orlando, FL (2003)
L. Lankewicz, M. Benard: “Real-time Anomaly Detection Using a Nonparametric Pattern Recognition Approach”-Proceedings of the of 7th Computer Security Applications conf., San Antonio, TX, 1991.
J. Shavlik, M. Shavlik: “Selection, Combination and Evaluation of Effective Software Sensors for Detecting Abnormal Usage on Computers Running Windows NT/2000”-Shavlik Technologies Apr. 2002.
K. Ilgun: “USTAT: A Real-time Intrusion Detection System for UNIX” Proceedings of the IEEE Symposium on Security and Privacy, Oak-land, CA, May 1993.
N. Bose, P. Liang: “Neural Network Fundamentals with Graphs, Algorithms, and Applications” — McGraw-Hill, 1996.
W. W. Cohen, and Y. Singer, “Simple Fast & Effective Rule Learner”, AAAI/IAAI 1999, pp. 335–3
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 International Federation for Information Processing
About this paper
Cite this paper
Koutsoutos, S., Christou, I.T., Efremidis, S. (2006). An Intrusion Detection System for Network-Initiated Attacks Using a Hybrid Neural Network. In: Maglogiannis, I., Karpouzis, K., Bramer, M. (eds) Artificial Intelligence Applications and Innovations. AIAI 2006. IFIP International Federation for Information Processing, vol 204. Springer, Boston, MA . https://doi.org/10.1007/0-387-34224-9_27
Download citation
DOI: https://doi.org/10.1007/0-387-34224-9_27
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-34223-8
Online ISBN: 978-0-387-34224-5
eBook Packages: Computer ScienceComputer Science (R0)