Machine Learning for Net Flow Based Anomaly Intrusion Detection System Using Neural Network Stages
Keywords:
Intrusion Detection system, Anomaly Detection System, Neural networkAbstract
Computer systems and networks suffer due to rapid increase of attacks, and in order to keep them safe from malicious activities or policy violations, there is need for effective security monitoring systems, such as Intrusion Detection Systems (IDS). Many researchers concentrate their efforts on this area using different approaches to build reliable intrusion detection systems. Flow-based intrusion detection systems are one of these approaches that rely on aggregated flow statistics of network traffic. Their main advantages are host independence and usability on high speed networks, since the metrics may be collected by network device hardware or standalone probes. In this paper, an intrusion detection system using two neural network stages based on flow-data is proposed for detecting and classifying attacks in network traffic. The first stage detects significant changes in the traffic that could be a potential attack, while the second stage defines if there is a known attack and in that case classifies the type of attack. The first stage is crucial for selecting time windows where attacks, known or unknown, are more probable. Two different neural network structures have been used, multilayer and radial basis function networks, with the objective to compare performance, memory consumption and the time required for network training. The experimental results demonstrate that the designed models are promising in terms of accuracy and computational time, with low probability
References
Sperotto, A., Schaffrath, G., Sadre, R., Morariu, C., Pras, A., & Stiller, B. (2010). An overview of IP flow-based intrusion detection. IEEE communications surveys & tutorials, 12(3), 343-356.
Lai, H., Cai, S., Huang, H., Xie, J., & Li, H. (2004, June). A parallel intrusion detection system for high-speed networks. In International Conference on Applied Cryptography and Network Security (pp. 439-451). Springer, Berlin, Heidelberg.
Gao, M., Zhang, K., & Lu, J. (2006, April). Efficient packet matching for gigabit network intrusion detection using TCAMs. In 20th International Conference on Advanced Information Networking and Applications-Volume 1 (AINA'06) (Vol. 1, pp. 6-pp). IEEE.
Fathima, A. S., Prakesh, D., & Kumari, S. (2022). Defined Circle Friend Recommendation Policy for Growing Social Media. International Journal of Human Computations & Intelligence, 1(1), 9-12.
De Bruijn, W., Slowinska, A., Van Reeuwijk, K., Hruby, T., Xu, L., & Bos, H. (2006). Safecard: a gigabit ips on the network card. In International Workshop on Recent Advances in Intrusion Detection (pp. 311-330). Springer, Berlin, Heidelberg.
Ahmed, S. T., Singh, D. K., Basha, S. M., Abouel Nasr, E., Kamrani, A. K., & Aboudaif, M. K. (2021). Neural network based mental depression identification and sentiments classification technique from speech signals: A COVID-19 Focused Pandemic Study. Frontiers in public health, 9, 781827.
Sreedhar, S., Ahmed, S., Flora, P., Hemanth, L. S., Aishwarya, J., & Naik, R. (2021, January). An Improved Approach of Unstructured Text Document Classification Using Predetermined Text Model and Probability Technique. In Proceedings of the First International Conference on Advanced Scientific Innovation in Science, Engineering and Technology, ICASISET 2020, 16-17 May 2020, Chennai, India.
Vasiliadis, G., Antonatos, S., Polychronakis, M., Markatos, E. P., & Ioannidis, S. (2008, September). Gnort: High performance network intrusion detection using graphics processors. In International workshop on recent advances in intrusion detection (pp. 116-134). Springer, Berlin, Heidelberg.
Ahmed, S. T., Ashwini, S., Divya, C., Shetty, M., Anderi, P., & Singh, A. K. (2018). A hybrid and optimized resource scheduling technique using map reduce for larger instruction sets. International Journal of Engineering & Technology, 7(2.33), 843-846.
Abuadlla, Y., Kvascev, G., Gajin, S., & Jovanovic, Z. (2014). Flow-based anomaly intrusion detection system using two neural network stages. Computer Science and Information Systems, 11(2), 601-622.
Jaaz, Z. A., Oleiwi, S. S., Sahy, S. A., & Albarazanchi, I. (2020). Database techniques for resilient network monitoring and inspection. TELKOMNIKA (Telecommunication Computing Electronics and Control), 18(5), 2412-2420.
Elzentani, H., & Center, I. Flow Based Intrusion Detection System Using Multistage Neural Network.
Taher, A. M. M., & Mehrotra, B. M. (2009). Intrusion Detection System: A design perspective.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 S Swarna Keerthi, Konampeta Sai Srija, Peddigari Sai Pavan, Karre Prakash
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
CC Attribution-NonCommercial-NoDerivatives 4.0