A Hybrid Artificial Immune System and Self Organising Map for Network Intrusion Detection
A Hybrid Artificial Immune System and Self Organising Map for Network Intrusion Detection
Network intrusion detection is the problem of detecting unauthorised use of, or access to, computer systems over a network. Two broad approaches exist to tackle this problem: anomaly detection and misuse detection. An anomaly detection system is trained only on examples of normal connections, and thus has the potential to detect novel attacks. However, many anomaly detection systems simply report the anomalous activity, rather than analysing it further in order to report higher-level information that is of more use to a security officer. On the other hand, misuse detection systems recognise known attack patterns, thereby allowing them to provide more detailed information about an intrusion. However, such systems cannot detect novel attacks. A hybrid system is presented in this paper with the aim of combining the advantages of both approaches. Specifically, anomalous network connections are initially detected using an artificial immune system. Connections that are flagged as anomalous are then categorised using a Kohonen Self Organising Map, allowing higher-level information, in the form of cluster membership, to be extracted. Experimental results on the KDD 1999 Cup dataset show a low false positive rate and a detection and classification rate for Denial-of-Service and User-to-Root attacks that is higher than those in a sample of other works.
Artificial Immune System, Self Organizing Map, Intrusion detection, Negative selection, Anomaly detection, Genetic algorithm
3024-3042
Powers, Simon T
474bffcd-e5ab-4be0-89fe-b0d0b2bdf2c1
He, Jun
d190c383-8093-4c9c-aade-c3a1fb3ae78f
August 2008
Powers, Simon T
474bffcd-e5ab-4be0-89fe-b0d0b2bdf2c1
He, Jun
d190c383-8093-4c9c-aade-c3a1fb3ae78f
Powers, Simon T and He, Jun
(2008)
A Hybrid Artificial Immune System and Self Organising Map for Network Intrusion Detection.
Information Sciences, 178 (15), .
(doi:10.1016/j.ins.2007.11.028).
Abstract
Network intrusion detection is the problem of detecting unauthorised use of, or access to, computer systems over a network. Two broad approaches exist to tackle this problem: anomaly detection and misuse detection. An anomaly detection system is trained only on examples of normal connections, and thus has the potential to detect novel attacks. However, many anomaly detection systems simply report the anomalous activity, rather than analysing it further in order to report higher-level information that is of more use to a security officer. On the other hand, misuse detection systems recognise known attack patterns, thereby allowing them to provide more detailed information about an intrusion. However, such systems cannot detect novel attacks. A hybrid system is presented in this paper with the aim of combining the advantages of both approaches. Specifically, anomalous network connections are initially detected using an artificial immune system. Connections that are flagged as anomalous are then categorised using a Kohonen Self Organising Map, allowing higher-level information, in the form of cluster membership, to be extracted. Experimental results on the KDD 1999 Cup dataset show a low false positive rate and a detection and classification rate for Denial-of-Service and User-to-Root attacks that is higher than those in a sample of other works.
This record has no associated files available for download.
More information
Published date: August 2008
Keywords:
Artificial Immune System, Self Organizing Map, Intrusion detection, Negative selection, Anomaly detection, Genetic algorithm
Organisations:
Electronics & Computer Science
Identifiers
Local EPrints ID: 264908
URI: http://eprints.soton.ac.uk/id/eprint/264908
ISSN: 0020-0255
PURE UUID: 96469041-e322-44ba-b787-02104610003f
Catalogue record
Date deposited: 28 Nov 2007 11:58
Last modified: 14 Mar 2024 07:57
Export record
Altmetrics
Contributors
Author:
Simon T Powers
Author:
Jun He
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics