Flow Based Intrusion Detection System Using Multistage Neural Network

Authors

  • Yousef Abuadlla University of Al Jafara, Faculty of Electrical Engineering
  • Omran Ben Taher Higher Institute of Technology and Science, Zliten,
  • Hesham Elzentani Industrialization Center, Tripoli

DOI:

https://doi.org/10.59743/aujas.v2i2.1158

Keywords:

Artificial neural network, Intrusion Detection, Netflow, Anomaly detection

Abstract

With the rapid expansion of computer networks during the past decade, security has become a crucial issue for computer systems. And to keep security at highest level, there is an increasing need for effective security monitors such as Network Intrusion Detection System to prevent such illicit. In the recent years many researchers focus their hard work on this field using different approaches to build dependable intrusion detection systems. One of these approaches is Flow-based intrusion detection systems that rely on aggregated network traffic flows. In this paper, Multistage Neural Network intrusion detection system based on aggregated flow data is proposed for detecting and classifying attacks in network traffic. The proposed system detects significant changes in the traffic that could be a possible attack in the first stage of neural network, while the second stage has the ability to recognize an attack, to differentiate one attack from another i.e. classifying attack, and the most important, to detect new attacks with high detection rate and low false negative. Two different neural network structures with the use of different training algorithms have been used in our proposed Intrusion Detection System. The experimental results show that the designed system is promising in terms of accuracy and low probability of false alarms, where the overall accuracy classification rate average is equal to 99.25%.

References

Ahmad I., Ullah S., Swati, and Mohsin S., "Intrusions Detection Mechanism by Resilient Back Propagation (RPROP)", European Journal of Scientific Research, vol. 17, No.4, pp. 523-531, 2007.

Al-Subaie M., "The power of sequential learning in anomaly intrusion detection", degree master thesis, Queen University, Canada.2006. DOI: https://doi.org/10.1109/ICC.2007.234

Alsharafat W., “Applying Artificial Neural Network and eXtended Classifier System for Network Intrusion Detection”, The International Arab Journal of Information Technology, vol. 10, No. 3, pp. 230-238, 2013

Braga R., Mota E., and Passito A.,” Lightweight DDoS Flooding Attack Detection Using NOX/OpenFlow”, 35th Annual IEEE Conference on Local Computer Networks, LCN 2010, Denver, Colorado 6, 2010. DOI: https://doi.org/10.1109/LCN.2010.5735752

Cisco, “IOS NetFlow Configuration Guide”, Available at: www.cisco.com, April 2008.

Cannady J., “Artificial neural networks for misuse detection,” Proceedings of the 1998 National Information

Systems Security Conference, Arlington, VA, 1998.

DARPA1998, Available at: http://www.ll.mit.edu/IST/ideval/docs/1998.

D. Herrmann, "A practical guide to security engineering and information assurance", 2002, DOI: https://doi.org/10.1201/9781420031492

www.auerbach-publications.com.

Govindarajan M., and Chandrasekaran R., “Intrusion detection using neural based hybrid classification

methods”, Computer Networks Journal. Vol. 55, No. 8, pp. 1662-1671, 2011. DOI: https://doi.org/10.1016/j.comnet.2010.12.008

Gao Y, Li Z., and Chen Y., “A DoS Resilient Flow-level Intrusion Detection Approach for High-speed

Networks”, in Proc. of the 26th IEEE International Conference on Distributed Computing Systems,

Washington, USA, pp.39, 2006.

Hagan M, Demuth H., and Beale M., Neural Network Design, Boston, MA: PWS Publishing, 1996.

Hagan M., and Menhaj M., "Training feed-forward networks with the Marquardt algorithm", IEEE

Transactions on Neural Networks, Vol. 5, No. 6, pp. 989–993, 1994. DOI: https://doi.org/10.1109/72.329697

Hartman E., Keeler J., and Kowalski J., “Layered neural networks with Gaussian hidden units as universal

approximations”. Neural Computation Journal, vol. 2, pp. 210–215, 1990. DOI: https://doi.org/10.1162/neco.1990.2.2.210

Internet2 NetFlow: Weekly Reports. netflow.internet2.edu/weekly, April 2008

Jimmy S. and Heidar A., "Network Intrusion Detection System using Neural Networks”, IEEE computer

society, Vol. 05, pp. 242-246, 2008.

J. Daejoon , H. Taeho, and H. Ingoo “The neural network models for IDS based on the asymmetric

costs of false negative errors”, Pergamon, Journal of Expert Systems with Applications, No. 25, pp.

.2003 ,75–69

Karasaridis A., Rexroad B., and Hoeflin D., “Wide-scale botnet detection and characterization”, in Proc.

of the first conference on Hot Topics in Understanding Botnets (HotBots ’07), Berkeley, CA, USA, p.7, 2007.

KDDCup1999, Available at: http://kdd.ics.uci.edu/databases.

Lippmann R. ., “Evaluating Intrusion Detection Systems: The 1998 DARPA Off-line Intrusion Detection

Evaluation,” in Proc. of the DARPA Information Survivability Conference and Exposition, pp. 12-26, 2000.

McHugh J., “Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory,” ACM Transactions on Information and System

Security, vol. 3, no. 4, pp. 262 – 294, 2000. DOI: https://doi.org/10.1145/382912.382923

Muna J., M. and Mehrotra M., "Design Network Intrusion Detection System using Fuzzy-Neural Network",

International Journal of Computer Science and Security, vol. 4, no. 3, pp. 285-294, 2010.

Mukkamala S., “Intrusion detection using neural networks and support vector machine”, Proceedings of the

IEEE International, Honolulu, HI, 2002.

Mukkamala S., Sung A., and Abraham A., "Intrusion detection using an ensemble of intelligent paradigms",

Journal of Network and Computer Applications, pp. 167–182, 2005.

Muna J., M. and Mehrotra M., “Intrusion Detection System: A design perspective", 2nd International

Conference on Data Management, IMT Ghaziabad, India, 2009.

Novikov D., Roman V., Yampolskiy, and Reznik L., "Anomaly Detection Based Intrusion Detection", IEEE

Third International Conference on Communication, Networking & Broadcasting, ITNG, pp 420-425, 2006.

Novikov D., Roman V., Yampolskiy, and Reznik L, "Artificial Intelligence Approaches for Intrusion

Detection", IEEE Long Island Systems Applications and Technology Conference, pp. 1-8, 2006.

Net flow sensor, Available at: www. nfsen.sourceforge.net.

Plonka D., “Flowscan”, Available at: www.caida.org/tools/utilities/flowscan, April 2008.

Prasanta G., Bhattacharyya D., Borah B., and K. Kalita, “MLH-IDS: A Multi-Level Hybrid Intrusion

Detection Method”, The Computer Journal Advance Access, 2013.

Paxson V., “Bro: a system for detecting network intruders in real-time”, in the Proceedings of the 7th

USENIX Security Symposium, San Antonio, Texas , pp. 2435–2463, 1998.

Roesch M., “Snort & intrusion detection system”, Available at: http://www.snort.org, 2010.

Ryan J., Lin M., and Miikkulainen R., “Intrusion Detection with Neural Networks,” AI Approaches to Fraud

Detection and Risk Management: Papers from the 1997 AAAI Workshop, Providence, RI, pp. 72-79, 1997

R. Bace and P. Mell, "NIST Special Publication on Intrusion Detection Systems", 2002. DOI: https://doi.org/10.6028/NIST.SP.800-31

R. Ghosh, "A novel hybrid learning algorithm for artificial neural networks", Ph.D. Thesis, School

of Information Technology, Griffith University, 2002.

Sperotto A., Schaffrath G., Sadre R., Morariu C., Pras A., and Stiller B.,” An overview of ip flow-based

intrusion detection”. IEEE Communications Surveys &Tutorials, vol. 12, no 3 pp. 343–356, 2010. DOI: https://doi.org/10.1109/SURV.2010.032210.00054

S. Kiran, "Exploring a novel approach for providing software security using soft computing

systems", International Journal of Security and Its Applications, Vol. 2, No. 2, pp. 51- 58, 2008.

S. Alexander, "An anomaly intrusion detection system based on intelligent user recognition", Ph.D.

Thesis, Faculty of Information Technology, University of Jyväskylä, Finland, 2002.

Shahrestani A., Feily M., Ahmad R., and Ramadass S., “Architecture for Applying Data Mining and Visualization on Network Flow for Botnet Traffic Detection,” in Proc. of the International Conference on

Computer Technology and Development, Washington, DC, USA, pp. 33-37, 2009.

S. Mansour and A. Sha'bani, "Fast neural intrusion detection System Based on Hidden Weight Optimization Algorithm and Feature Selection", World Applied Sciences Journal, No. 7 (Special

Issue of Computer & IT), pp. 45-53, 2009. DOI: https://doi.org/10.1016/j.comnet.2008.09.013

Sperotto A., Sadre R., Vliet F., and Pras A, “A Labeled Data Set for Flow-Based Intrusion Detection,” in

Proc. of the 9th IEEE International Workshop on IP Operations and Management, Berlin, pp. 39 – 50, 2009.

Sammany M., Sharawi M., El-Beltagy M., and Saroit I. “Artificial neural networks architecture for intrusion detection systems and classification of attacks”. Accepted for publication in the 5th international conference

INFO2007, Cairo University, 2007.

Vallipuram M., and Robert B., "An Intelligent Intrusion Detection System based on Neural Network",

IADIS International Conference Applied Computing, 2004.

V. Konstantinos, "Machine learning approaches to medical decision making ", PhD Thesis,

Department of Computer Science, University of Bristol. March 2001

Wang H., Zhang D., and Shin K.,”SYN-dog: Sniffing SYN Flooding Sources”, In Proc. of 22nd International

Conference on Distributed Computing Systems, Vienna, Austria, 2002.

Zhou T., and Yang L., "The Research of Intrusion Detection Based on Genetic Neural Network", In Proceedings of the 2008 International Conference on Wavelet Analysis and Pattern Recognition, Hong Kong, 2008.

B. Subba, S. Biswas and S. Karmakar, "A Neural Network based system for Intrusion Detection and attack classification,"2016 Twenty Second National Conference on Communication (NCC), Guwahati, 2016, pp.1-6.doi: 10.1109/NCC.2016. DOI: https://doi.org/10.1109/NCC.2016.7561088

D, Vrushali & Pawar, Anomaly based IDS using Backpropagation Neural Network. International Journal of Computer Applications.2016, 136. 29-34. 10.5120/ijca2016. DOI: https://doi.org/10.5120/ijca2016908592

Downloads

Published

2017-12-30

How to Cite

Abuadlla, Y., Ben Taher, O., & Elzentani, H. (2017). Flow Based Intrusion Detection System Using Multistage Neural Network. Journal of Alasmarya University, 2(2), 87–77. https://doi.org/10.59743/aujas.v2i2.1158

Issue

Vol. 2 No. 2 (2017): Basic and Applied Sciences

Section

Articles

License

Copyright (c) 2017 Yousef Abuadlla، Omran Ben Taher، Hesham Elzentani

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The rights relate to the publication and distribution of research published in the Journal of Alasmarya University where authors who have published their articles in the Journal of Alasmarya University should Know how they can use or distribute their articles. They reserve all their rights to the published works, such as (but not limited to) the following rights:

  • Copyright and other property rights related to the article, such as patent rights.
  • Copyright on all open access article in Journal of Alasmarya published by Alasmarya Islamic University  is retained by the author(s) and they can used in it's future works, including lectures and books, the right to reproduce articles for their own purposes, and the right to self-archive their articles..
  • Authors grant Alasmarya Islamic University a license to publish the article and identify itself as the original publisher.
  • Authors also grant any third party the right to use the article freely as long as its integrity is maintained and its original authors, citation details and publisher are identified.

The Creative Commons Attribution License 4.0 formalizes these and other terms and conditions of publishing articles

Crossref
Scopus
Google Scholar
Europe PMC