Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 33122
An Approach for Reducing the Computational Complexity of LAMSTAR Intrusion Detection System using Principal Component Analysis
Authors: V. Venkatachalam, S. Selvan
Abstract:
The security of computer networks plays a strategic role in modern computer systems. Intrusion Detection Systems (IDS) act as the 'second line of defense' placed inside a protected network, looking for known or potential threats in network traffic and/or audit data recorded by hosts. We developed an Intrusion Detection System using LAMSTAR neural network to learn patterns of normal and intrusive activities, to classify observed system activities and compared the performance of LAMSTAR IDS with other classification techniques using 5 classes of KDDCup99 data. LAMSAR IDS gives better performance at the cost of high Computational complexity, Training time and Testing time, when compared to other classification techniques (Binary Tree classifier, RBF classifier, Gaussian Mixture classifier). we further reduced the Computational Complexity of LAMSTAR IDS by reducing the dimension of the data using principal component analysis which in turn reduces the training and testing time with almost the same performance.Keywords: Binary Tree Classifier, Gaussian Mixture, IntrusionDetection System, LAMSTAR, Radial Basis Function.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1055982
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1754References:
[1] A.K.Ghosh, A.Schwartzbard, "Study in Using Neural Networks for Anomaly and Misuse Detection", in Proc. 8th USENIX Security Symposium, pp 131-142, August 1999, Washington, D.C.
[2] Abirami Muralidharan, J.Patrick Rousche, "Decoding of auditory cortex signals with a LAMSTAR neural network", Neurological Research, Volume 27, pp. 4-10, January 2005.
[3] D.Graupe and H. Kordylewski, "A Large Memory Storage and Retrieval Neural Network for Adaptive Retrieval and Diagnosis", International Journal of Software Engineering and Knowledge Engineering, volume 8, pp.115-138, 1998.
[4] D.Graupe, "Principles of Artificial Neural Networks", pp. 191-222, World Scientific Publishing Co. Pte. Ltd., Singapore, 1997.
[5] H. Kordylewski, "A Large Memory Storage and Retrieval Neural Network for Medical and Engineering Diagnosis/Fault Detection", Doctor of Philosophy-s Thesis, University of Illinois at Chicago, TK- 99999-K629, 1998.
[6] D.Graupe and H. Kordylewski, "A large scale memory (LAMSTAR) neural network for medical diagnosis", in Proc. 19th Annual International Conference of the IEEE, Volume 3, Issue 30, Oct-2 Nov 1997 Page(s):1332 - 1335.
[7] S.K.Chang, D.Graupe, K.Hasegawa, H.Kordylewski, "An Active Multimedia Information System for Information Retrieval, Discovery and Fusion", International Journal of Software Engineering and Knowledge Engineering, volume 8, pp. 139-160, 1998.
[8] http://kdd.ics.uci.edu//databases/kddcup99/kddcup99.html
[9] Teuvo Kohonen , "The Self Organizing Map", in Proc. IEEE, Volume 78, No. 9, pp 1464 - 1480, September 1990.
[10] Srilatha Chebrolu, Ajith Abraham, Johnson P.Thomas, "Feature deduction and ensemble design of intrusion detection systems", Elsevier Journal of Computers & Security" Vol. 24/4, pp. 295-307, 2005.
[11] Itzhak Levin, KDD-99 Classifier Learning Contest LLSoft-s Results Overview, "SIGKDD Explorations. Copyright 2000 ACM SIGKDD", Vol. 1, Issue 2, pp. 67 -75, January 2000.
[12] www.ll.mit.edu/SST/lnknet/
[13] www-ra.informatik.uni-tuebingen.de/ software/ JavaNNS/ welcome_e. html.
[14] Dae-Ki Kang, "Learning Classifiers for Misuse and Anomaly Detection Using a Bag of System Calls Representation", in Proc. 6th IEEE Workshop on Information Assurance and Security United States Military Academy, West Point, NY, 2005.
[15] D. Nguyen, A. Das, G. Memik, and A. Choudhary , "Reconfigurable Architecture for Network Intrusion Detection Using Principal Component Analysis" In Proc. ACM/SIGDA 14th international symposium on Field programmable gate arrays , pp. 235 - 235, 2006.
[16] M.-L. Shyu, S.-C. Chen, K. Sarinnapakorn, and L. Chang, "A novel anomaly detection scheme based on principal component classifier", In Proc. IEEE Foundations and New Directions of Data Mining Workshop, in conjunction with the Third IEEE International Conference on Data Mining (ICDM-03), pp 172-179, Nov. 2003.
[17] I. T. Jolliffe, "Principal Component Analysis", Springer Verlag, New York, NY, third edition, July 2002.
[18] Jing Gao, Haibin Cheng, Pang Ming Tan, "A Novel Framework for Incorporating Labeled Examples into Anomaly Detection", in Proc. of the Siam Conference on Data Mining, April 2006.
[19] Dima Novikov, Roman V. Yampolskiy, Leon Reznik, "Anomaly Detection Based Intrusion Detection" in Proc. of the Third IEEE International Conference on Information Technology: New Generations (ITNG'06), pp. 420-425, 2005.
[20] Richard Lippmann, "Passive Operating System Identification From TCP/IP Packet Headers" in Proc. of the Workshop on Data Mining for Computer Security (DMSEC), Lincoln Laboratory ,Massachusetts, 2003.
[21] Liberios Vokorokos, Anton Baley, Martin Chovenac, "Intrusion detection system using self organizing map", Acta Electrotechnica et Informatica , Vol. 6 No.1, pp.1-6, 2006.
[22] Chaker Katar, "Combining Multiple Techniques for Intrusion Detection", International Journal of Computer Science and Network Security, Vol. 6 No.2B, February 2006.