POLVO-IIDS: Um Sistema de Detecção de Intrusão Inteligente Baseado em Anomalias
Abstract
The intrusion detection systems (IDS) identify attacks and threats to computer systems. Additionally, the IDSs can perform other functions like intrusion prevention (IPS), including proactive functions. A recurrent problem in intrusion detection systems is the difficulty to identify legitimate access from attacks. A lot of conventional systems are signature based, although they do not identify variations of these attacks nor new attacks. This paper presents an intrusion detection system model based on the behavior of network traffic through the analysis and classification of messages. Two artificial intelligence techniques named support vector machine (SVM) and Kohonen neural network (KNN) are applied to detect anomalies. These techniques are used in sequence to improve the system accuracy, identifying known attacks and new attacks, in real time.
References
Allen, J., Christie, A., Fithen, W., McHugh, J., and Pickel, J. (2000). State of the practice of intrusion detection technologies. In CMU/SEI-99-TR-028, Carnegie Mellon Software Engineering Institute.
Bolzoni, D., Etalle, S., and Hartel, P. (2006). Poseidon: a 2-tier anomaly-based network intrusion detection system. In Fourth IEEE International Workshop on Information Assurance, pages 220–237.
Bridges, S. M. and Vaughn, R. B. (2000). Fuzzy data mining and genetic algorithms applied to intrusion detection. In National Information Systems Security Conference (NISSC), Baltimore, MD.
Cannady, J. (1998). Artificial neural networks for misuse detection. In Proceedings of the 1998 National Information Systems Security Conference (NISSC’98), pages 443–456, Arlington, VA.
Chen, W.-H., Hsu, S.-H., and Shen, H.-P. (2005). Application of svm and ann for intrusion detection. Comput. Oper. Res., 32(10):2617–2634.
Ghosh, A., Wanken, J., and Charron, F. (1998). Detecting anomalous and unknown intrusions against programs. In Proceedings Annual Computer Security Applications (ACSAC), Los Alamitos, CA.
Giacinto, G., Roli, F., and Didaci, L. (2003). Fusion of multiple classifiers for intrusion detection in computer networks.
Haijun, X., Fang, P., Ling, W., and Hongwei, L. (2007). Ad hoc-based feature selection and support vector machine classifier for intrusion detection. In Proceedings of 2007 IEEE Conference on Grey Systems and Intelligent Services, Nanjing, China.
Kayacik, H. G., Zincir-Heywood, A. N., and Heywood, M. I. (2003). On the capability of an som based intrusion detection system. In Proceedings of the International Joint Conference on Neural Networks, volume 3, pages 1808–1813.
Kohonen, T. (1988). Self-organized formation of topologically correct feature maps. Journal of the American Society for Information Science and Technology, pages 509–521.
Kröse, B. and van der Smagt, P. (1996). An introduction to neural networks. URL ftp://ftp.informatik.uni-freiburg.de/papers/neuro/ann_intro_smag.ps.gz, The University of Amsterdam.
Lee, H. D. (2001). Training a neural-network based intrusion detector to recognize novel attacks, systems, man and cybernetics. In IEEE Transactions on IEEE Computer Press 31, pages 294–299.
Lee, W. and Stolfo, S. (2000). A framework for constructing features and models for intrusion detection systems. 3(4):227–261.
Lee, W., Stolfo, S., and Mok, K. (1998). Mining audit data to build intrusion detection models. In Proceedings of the fourth international conference on knowledge discovery and data mining, New York.
Lei, J. Z. and Ghorbani, A. (2004). Network intrusion detection using an improved competitive learning neural network. In Proceedings of the Second Annual Conference on Communication Networks and Services Research (CNSR), pages 190–197.
Liu, G., Yi, Z., and Yang, S. (2006). A hierarchical intrusion detection model based on the pca neural networks. Journal of the American Society for Information Science and Technology, pages 1561–1568.
Lunt, T. (1993). Detecting intruders in computer systems. In Proceedings of 1993 Conference on Auditing and Computer Technology.
Luo, J. (1999). Integrating fuzzy logic with data mining methods for intrusion detection. In M.S. Thesis, Mississippi.
Mukkamala, R., Gagnon, J., and Jajodia, S. (2000). Integrating data mining techniques with intrusion detection methods. In Research Advances in Database and Information Systems Security, Boston, MA.
Mukkamala, S., Janoski, G., and Sung, A. (2002). Intrusion detection using neural networks and support vector machines. In Proceedings of the 2002 International Joint Conference on Neural Networks, IJCNN ’02, volume 2, pages 1702–1707.
Shyu, M., Chen, S., Sarinnapakorn, K., and Chang, L. (2003). A novel anomaly detection scheme based on principal component classifier. In Proceedings of ICDM’03, pages 172–179.
Stolfo, J. S., Wei, F., Lee, W., Prodromidis, A., and Chan, P. K. (1999). Kdd cup data knowledge discovery and data mining competition (1999).
Wang, H., Huang, J. Z., Qu, Y., and Xie, J. (2004). Web services: problems and future directions. J. Web Sem., 1(3):309–320.
Xiang, C. and Lim, S. M. (2005). Design of multiple-level hybrid classifier for intrusion detection system. In Proceedings of 2005 IEEE Workshop on Machine Learning for Signal Processing, pages 117–122.
Zanero, S. and Savaresi, S. M. (2004). Unsupervised learning techniques for an intrusion detection system. In Proceedings of the ACM symposium on Applied computing, pages 412–419, Nicosia, Cyprus.
Bolzoni, D., Etalle, S., and Hartel, P. (2006). Poseidon: a 2-tier anomaly-based network intrusion detection system. In Fourth IEEE International Workshop on Information Assurance, pages 220–237.
Bridges, S. M. and Vaughn, R. B. (2000). Fuzzy data mining and genetic algorithms applied to intrusion detection. In National Information Systems Security Conference (NISSC), Baltimore, MD.
Cannady, J. (1998). Artificial neural networks for misuse detection. In Proceedings of the 1998 National Information Systems Security Conference (NISSC’98), pages 443–456, Arlington, VA.
Chen, W.-H., Hsu, S.-H., and Shen, H.-P. (2005). Application of svm and ann for intrusion detection. Comput. Oper. Res., 32(10):2617–2634.
Ghosh, A., Wanken, J., and Charron, F. (1998). Detecting anomalous and unknown intrusions against programs. In Proceedings Annual Computer Security Applications (ACSAC), Los Alamitos, CA.
Giacinto, G., Roli, F., and Didaci, L. (2003). Fusion of multiple classifiers for intrusion detection in computer networks.
Haijun, X., Fang, P., Ling, W., and Hongwei, L. (2007). Ad hoc-based feature selection and support vector machine classifier for intrusion detection. In Proceedings of 2007 IEEE Conference on Grey Systems and Intelligent Services, Nanjing, China.
Kayacik, H. G., Zincir-Heywood, A. N., and Heywood, M. I. (2003). On the capability of an som based intrusion detection system. In Proceedings of the International Joint Conference on Neural Networks, volume 3, pages 1808–1813.
Kohonen, T. (1988). Self-organized formation of topologically correct feature maps. Journal of the American Society for Information Science and Technology, pages 509–521.
Kröse, B. and van der Smagt, P. (1996). An introduction to neural networks. URL ftp://ftp.informatik.uni-freiburg.de/papers/neuro/ann_intro_smag.ps.gz, The University of Amsterdam.
Lee, H. D. (2001). Training a neural-network based intrusion detector to recognize novel attacks, systems, man and cybernetics. In IEEE Transactions on IEEE Computer Press 31, pages 294–299.
Lee, W. and Stolfo, S. (2000). A framework for constructing features and models for intrusion detection systems. 3(4):227–261.
Lee, W., Stolfo, S., and Mok, K. (1998). Mining audit data to build intrusion detection models. In Proceedings of the fourth international conference on knowledge discovery and data mining, New York.
Lei, J. Z. and Ghorbani, A. (2004). Network intrusion detection using an improved competitive learning neural network. In Proceedings of the Second Annual Conference on Communication Networks and Services Research (CNSR), pages 190–197.
Liu, G., Yi, Z., and Yang, S. (2006). A hierarchical intrusion detection model based on the pca neural networks. Journal of the American Society for Information Science and Technology, pages 1561–1568.
Lunt, T. (1993). Detecting intruders in computer systems. In Proceedings of 1993 Conference on Auditing and Computer Technology.
Luo, J. (1999). Integrating fuzzy logic with data mining methods for intrusion detection. In M.S. Thesis, Mississippi.
Mukkamala, R., Gagnon, J., and Jajodia, S. (2000). Integrating data mining techniques with intrusion detection methods. In Research Advances in Database and Information Systems Security, Boston, MA.
Mukkamala, S., Janoski, G., and Sung, A. (2002). Intrusion detection using neural networks and support vector machines. In Proceedings of the 2002 International Joint Conference on Neural Networks, IJCNN ’02, volume 2, pages 1702–1707.
Shyu, M., Chen, S., Sarinnapakorn, K., and Chang, L. (2003). A novel anomaly detection scheme based on principal component classifier. In Proceedings of ICDM’03, pages 172–179.
Stolfo, J. S., Wei, F., Lee, W., Prodromidis, A., and Chan, P. K. (1999). Kdd cup data knowledge discovery and data mining competition (1999).
Wang, H., Huang, J. Z., Qu, Y., and Xie, J. (2004). Web services: problems and future directions. J. Web Sem., 1(3):309–320.
Xiang, C. and Lim, S. M. (2005). Design of multiple-level hybrid classifier for intrusion detection system. In Proceedings of 2005 IEEE Workshop on Machine Learning for Signal Processing, pages 117–122.
Zanero, S. and Savaresi, S. M. (2004). Unsupervised learning techniques for an intrusion detection system. In Proceedings of the ACM symposium on Applied computing, pages 412–419, Nicosia, Cyprus.
Published
2008-09-01
How to Cite
MAFRA, Paulo M.; FRAGA, Joni da Silva; MOLL, Vinícius; SANTIN, Altair Olivo.
POLVO-IIDS: Um Sistema de Detecção de Intrusão Inteligente Baseado em Anomalias. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 8. , 2008, Gramado.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2008
.
p. 61-72.
DOI: https://doi.org/10.5753/sbseg.2008.20888.
