14-01-2014, 03:36 PM
A NOVEL ANOMALY-NETWORK INTRUSION DETECTION SYSTEM USING ABC ALGORITHMS
[attachment=59866]
Abstract
Network Intrusion Detection Systems (NIDSs) are increasingly in demand
today as the widespread of networked machines and Internet technologies emerge rapidly.
As a result, many unauthorized activities by external and internal attackers within orga-
nizations need to be detected in recent years. Thus, it is crucial that organizations should
have the capability to detect these unlawful activities so that the integrity of organiza-
tional information can be protected. In previous research, NIDSs have been approached
by various machine learning techniques. From our knowledge, it is first time applying the
Artificial Bee Colony (ABC) to solve the intrusion detection problems. In this paper, a
new network intrusion system based on ABC searching algorithm has been proposed and
implemented. The performance of the proposed Anomaly-based NIDS (A-NIDS) using
ABC algorithm (called A-NIDS-ABC for short) has been tested using KDD-99 datasets
developed by MIT Lincoln Labs. We have also compared the proposed A-NIDS-ABC with
other five traditional classification algorithms. The experimental results showed that the
proposed method can outperform other five popular benchmark classifiers and is suitable
for the network intrusion detection.
INTRODUCTION
Intrusion detection can be considered as a pattern recognition problem to define the
normal and abnormal pattern in TCP/IP connections. Therefore, machine learning algo-
rithm can play an important role in it. In order to evaluate the performance of applying
different machine learning based methods to intrusion detection, the 1998 DARPA Intru-
sion Detection Evaluation project was conducted by MIT Lincoln Labs, which set up a
LAN network and logged normal and attacked network traffic. These records were re-
duced and processed by domain experts to yield KDD Cup 99 dataset for competition [3].
This dataset had been used in our experiments later to find the accuracy of the proposed
Anomaly-based NIDS using ABC algorithm (A-NIDS-ABC).
Moreover, this paper aims at creating a novel algorithm for detecting the intrusion
data from network information using pattern recognition approach with anomaly detec-
tion technique. For evaluation purpose, the A-NIDS-ABC is compared with other five
most widely used classifier such as Naives Bayes [4], Support Vector Machine (SVM) [5],
Classification Tree [6], k-Nearest Neighbour (k-NN) [6], C4.5 [7], Weka [8] and Orange
software tools [9].
Background and Previous Works
Intrusion detection has been an active field
of research for more than two decades. In 1987, Dorothy Denning published a seminar
paper An Intrusion Detection Model [10], where he discussed various security concerns,
presented a definition of Intrusion Detection and discussed different types of Intrusion
Detection. Most of the contemporary computer security research work is based on the
milestone established by Denning.
Intrusion detection is a component of detection processes. It tries to identify if a network
is under attack or not. NIDS are classified firstly as host Intrusion Detection System (IDS)
and NIDS based on location from which it collects data; secondly as signature based IDS
and anomaly based NIDS (A-NIDS).
Conclusions and Discussion.
The Network Intrusion Detection System (NIDS) has
become a critical component of an organizations security strategy. However, deployment
of network-based intrusion detection brings with a number of potential pitfalls, which can
compromise security. An ideal network based intrusion detection deployment must provide
100% network intrusion coverage and ensure network availability. This includes recognis-
ing potential threat or unauthorised activity. One way of doing this is to use anomaly
network intrusion detection technique (A-NIDS). A-NIDS is required as an additional wall
for protecting systems and is useful not only in detecting successful intrusions, but also
provides important information for timely countermeasures. Therefore, we have proposed
a new A-NIDS using artificial bee colony (ABC) machine learning (A-NIDS-ABC). This
paper is first time applying ABC machine learning in A-NIDS. We have tested the pro-
posed A-NIDS-ABC with KDD Cup 1999 dataset.
[attachment=59866]
Abstract
Network Intrusion Detection Systems (NIDSs) are increasingly in demand
today as the widespread of networked machines and Internet technologies emerge rapidly.
As a result, many unauthorized activities by external and internal attackers within orga-
nizations need to be detected in recent years. Thus, it is crucial that organizations should
have the capability to detect these unlawful activities so that the integrity of organiza-
tional information can be protected. In previous research, NIDSs have been approached
by various machine learning techniques. From our knowledge, it is first time applying the
Artificial Bee Colony (ABC) to solve the intrusion detection problems. In this paper, a
new network intrusion system based on ABC searching algorithm has been proposed and
implemented. The performance of the proposed Anomaly-based NIDS (A-NIDS) using
ABC algorithm (called A-NIDS-ABC for short) has been tested using KDD-99 datasets
developed by MIT Lincoln Labs. We have also compared the proposed A-NIDS-ABC with
other five traditional classification algorithms. The experimental results showed that the
proposed method can outperform other five popular benchmark classifiers and is suitable
for the network intrusion detection.
INTRODUCTION
Intrusion detection can be considered as a pattern recognition problem to define the
normal and abnormal pattern in TCP/IP connections. Therefore, machine learning algo-
rithm can play an important role in it. In order to evaluate the performance of applying
different machine learning based methods to intrusion detection, the 1998 DARPA Intru-
sion Detection Evaluation project was conducted by MIT Lincoln Labs, which set up a
LAN network and logged normal and attacked network traffic. These records were re-
duced and processed by domain experts to yield KDD Cup 99 dataset for competition [3].
This dataset had been used in our experiments later to find the accuracy of the proposed
Anomaly-based NIDS using ABC algorithm (A-NIDS-ABC).
Moreover, this paper aims at creating a novel algorithm for detecting the intrusion
data from network information using pattern recognition approach with anomaly detec-
tion technique. For evaluation purpose, the A-NIDS-ABC is compared with other five
most widely used classifier such as Naives Bayes [4], Support Vector Machine (SVM) [5],
Classification Tree [6], k-Nearest Neighbour (k-NN) [6], C4.5 [7], Weka [8] and Orange
software tools [9].
Background and Previous Works
Intrusion detection has been an active field
of research for more than two decades. In 1987, Dorothy Denning published a seminar
paper An Intrusion Detection Model [10], where he discussed various security concerns,
presented a definition of Intrusion Detection and discussed different types of Intrusion
Detection. Most of the contemporary computer security research work is based on the
milestone established by Denning.
Intrusion detection is a component of detection processes. It tries to identify if a network
is under attack or not. NIDS are classified firstly as host Intrusion Detection System (IDS)
and NIDS based on location from which it collects data; secondly as signature based IDS
and anomaly based NIDS (A-NIDS).
Conclusions and Discussion.
The Network Intrusion Detection System (NIDS) has
become a critical component of an organizations security strategy. However, deployment
of network-based intrusion detection brings with a number of potential pitfalls, which can
compromise security. An ideal network based intrusion detection deployment must provide
100% network intrusion coverage and ensure network availability. This includes recognis-
ing potential threat or unauthorised activity. One way of doing this is to use anomaly
network intrusion detection technique (A-NIDS). A-NIDS is required as an additional wall
for protecting systems and is useful not only in detecting successful intrusions, but also
provides important information for timely countermeasures. Therefore, we have proposed
a new A-NIDS using artificial bee colony (ABC) machine learning (A-NIDS-ABC). This
paper is first time applying ABC machine learning in A-NIDS. We have tested the pro-
posed A-NIDS-ABC with KDD Cup 1999 dataset.