Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 30184
Anomaly Detection using Neuro Fuzzy system

Authors: Fatemeh Amiri, Caro Lucas, Nasser Yazdani

Abstract:

As the network based technologies become omnipresent, demands to secure networks/systems against threat increase. One of the effective ways to achieve higher security is through the use of intrusion detection systems (IDS), which are a software tool to detect anomalous in the computer or network. In this paper, an IDS has been developed using an improved machine learning based algorithm, Locally Linear Neuro Fuzzy Model (LLNF) for classification whereas this model is originally used for system identification. A key technical challenge in IDS and LLNF learning is the curse of high dimensionality. Therefore a feature selection phase is proposed which is applicable to any IDS. While investigating the use of three feature selection algorithms, in this model, it is shown that adding feature selection phase reduces computational complexity of our model. Feature selection algorithms require the use of a feature goodness measure. The use of both a linear and a non-linear measure - linear correlation coefficient and mutual information- is investigated respectively

Keywords: anomaly Detection, feature selection, Locally Linear Neuro Fuzzy (LLNF), Mutual Information (MI), liner correlation coefficient.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1076396

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1767

References:


[1] S. Chebrolu, A. Abraham, P. Thomas, "Feature deduction and ensemble design of intrusion detection systems, " Computers & Security, vol .24, issue 4, (2005) pp.295-307.
[2] Y. Chena, A. Abrahama, B. Yanga, "Feature selection and classification using flexible neural tree," Journal of Neurocomputing 70 (2006) 305- 313
[3] S. B. Cho, "Incorporating soft computing techniques into a probabilistic intrusion detection system," IEEE Transactions on Systems, MAN, and Cybernetics part C: Applications and Reviews, vol. 32, pp. 154-160, May 2002.
[4] Battiti, R.: "Using Mutual Information for Selecting Features in Supervised Neural Net Learning," IEEE Transactions on Neural Networks. 5 (1994), p. 537-550
[5] T.F. Lunt, A. Tamaru, F. Gilham, R. Jagannathm, C. Jalali,P.G. Neumann, H.S. Javitz, A. Valdes, T.D. Garvey, "A Real-time Intrusion Detection Expert System (IDES)," Computer Science Laboratory, SRI International, Menlo Park, CA, USA, Final Technical Report, February 1992.
[6] L. Erto¨ z, E. Eilertson, A. Lazarevic, P.-N. Tan, V. Kumar, J. Srivastava, P. Dokas, "The MINDS - Minnesota intrusion detection system, in: Next Generation Data Mining," MIT Press, Boston, 2004.
[7] A. Lazarevic, L. Ertoz,, V. Kumar, A. Ozgur and J. Srivastava, "A comparative study of anomaly detection schemes in network intrusion detection, " in Proc. of Third SIAM Conference on Data Mining (May 2003).
[8] H. Debar, M. Becker and D. Siboni, "A neural network component for an intrusion detection system, " in Proc. of IEEE Computer Society Symposium on Research in Security and Privacy (Oakland, CA, May 1992) 240-250.
[9] M. Ramadas, S.O.B. Tjaden, "Detecting anomalous network traffic with self-organizing maps, " in Proc. the 6th International Symposium on Recent Advances in Intrusion Detection, Pittsburgh, PA, USA, 2003, pp. 36-54.
[10] M. Saniee Abadeh, J. Habibi, C. Lucas, "Intrusion detection using a fuzzy genetics-based learning algorithm, " Journal of Network and Computer Applications, Volume 30, Issue 1, January 2007, Pages 414- 428
[11] W.W. Cohen, "Fast effective rule induction," in Proc. of the 12th International Conference on Machine Learning, Tahoe City, CA, 1995, pp. 115-123.
[12] S. Mukkamalaa, A.H. Sunga, A. Abrahamb, "Intrusion detection using an ensemble of intelligent paradigms," Journal of Network and Computer Applications 28 (2005) 167-182.
[13] Z. Zhang, and H. Shen, "Application of online-training SVMs for realtime intrusion detection with different considerations," Computer Communications, vol. 28, issue 12, pp. 1428-1442, 2005.
[14] J.E. Dickerson, J.A. Dickerson, Fuzzy network profiling for intrusion detection, in: Proc. 19th International Conference of the North American Fuzzy Information Processing Society (NAFIPS), Atlanta, GA, 2000, pp. 301-306.
[15] A. Sung, S. Mukkamala, Identifying important features for intrusion detection using support vector machines and neural networks, " In: Proc. International Symposium on Applications and the Internet (SAINT 2003); 2003. p. 209e17.
[16] M. Rezaei Yousefi, M. Mirmomeni, A. Vahabie, C. Lucas, C: "Near Optimal Feature Selection Using Mutual Information for Classification Problems," In Proc. the International Joint Conference on Knowledge Management for Composite Materials (kcmc2007),
[17] F.Amiri, M. Rezaei Yousefi, C. Lucas, N.Yazdani, R.Rahmani, "Improved Feature Selection for Intrusion Detection System", unpublished.
[18] O.Nelles, NonLiner System Identification from classical Approches to Neural Networks and Fuzzy Models. New York, Springer-Verlag 2001, ch 13.
[19] http://www.esat.kuleuven.ac.be/sista/lssvmlab/ http://kdd.ics.uci.edu//databases/kddcup99/kddcup99. html
[20] S. Mukkamala, A. Sung, and A. Abraham, "Intrusion detection using ensemble of soft computing and hard computing paradigms, " Journal of Network and Computer Applications, Elsevier Science, vol. 28, issue 2, pp. 167-182, 2005