RT-MOVICAB-IDS: Addressing real-time intrusion detection

This study presents a novel Hybrid Intelligent Intrusion Detection System (IDS) known as RT-MOVICAB-IDS that incorporates temporal control. One of its main goals is to facilitate real-time Intrusion Detection, as accurate and swift responses are crucial in this field, especially if automatic abortion mechanisms are running. The formulation of this hybrid IDS combines Artificial Neural Networks (ANN) and Case-Based Reasoning (CBR) within a Multi-Agent System (MAS) to detect intrusions in dynamic computer networks. Temporal restrictions are imposed on this IDS, in order to perform real/execution time processing and assure system response predictability. Therefore, a dynamic real-time multi-agent architecture for IDS is proposed in this study, allowing the addition of predictable agents (both reactive and deliberative). In particular, two of the deliberative agents deployed in this system incorporate temporal-bounded CBR. This upgraded CBR is based on an anytime approximation, which allows the adaptation of this Artificial Intelligence paradigm to real-time requirements. Experimental results using real data sets are presented which validate the performance of this novel hybrid IDSMinisterio de Economía y Competitividad (TIN2010-21272-C02-01, TIN2009-13839-C03-01), Ministerio de Ciencia e Innovación (CIT-020000-2008-2, CIT-020000-2009-12

Development of an adaptive learning network-attack detection system

The proliferation of Internet and the increase of the number of network computers cause a raise of network attacks that attempt to confidentiality, integrity and availability of the computer infrastructures. Therefore Intrusion Detection Systems (IDSs) have become an essential part of today’s security infrastructures. There exists different kind of IDS. The separation that interest us the most for this study is misuse and anomaly-based IDSs. The first of them detects and classifies attacks with predefined rules and the second checks how much traffic differs from “normal” traffic and adapts itself to know in each moment what is normal and what not. The goal of this study is to propose a new IDS for the Stuttgart’s University network since the current one called Peakflow is a misuse IDS and can’t detect novel attacks. Here it is proposed SPADE as new IDS. SPADE detects anomalies based in probabilities and decides through a threshold that adapts according with the last results. SPADE solves the problem of novel attacks but we will see that this isn’t always very efficient because it can considerer abnormal traffic to be normal when the attacks are continuous or when there isn’t enough traffic normal in order to calculate the probabilities correctly and introduce a high false alarm rate. _______________________________________La proliferación de Internet y el aumento del número de redes de ordenadores están provocando un incremento de ataques a la red que atentan a diferentes aspectos de la comunicación: • Integridad: Fiabilidad de la información. • Disponibilidad: los recursos tienen que estar disponibles cuando se necesitan. • Confidencialidad: acceso limitado a la información a usuarios autorizados. En la universidad de Stuttgart, el sistema de monitorización de la red se llama Peakflow y se basa en la detección de usos indebidos a través de patrones por lo que no es eficiente para la detección de nuevos ataques. Por lo tanto, el objetivo de este proyecto consistía en mejorar este sistema proponiendo una detección basada en anomalías.Ingeniería de Telecomunicació

Novel Intrusion Detection using Probabilistic Neural Network and Adaptive Boosting

This article applies Machine Learning techniques to solve Intrusion Detection problems within computer networks. Due to complex and dynamic nature of computer networks and hacking techniques, detecting malicious activities remains a challenging task for security experts, that is, currently available defense systems suffer from low detection capability and high number of false alarms. To overcome such performance limitations, we propose a novel Machine Learning algorithm, namely Boosted Subspace Probabilistic Neural Network (BSPNN), which integrates an adaptive boosting technique and a semi parametric neural network to obtain good tradeoff between accuracy and generality. As the result, learning bias and generalization variance can be significantly minimized. Substantial experiments on KDD 99 intrusion benchmark indicate that our model outperforms other state of the art learning algorithms, with significantly improved detection accuracy, minimal false alarms and relatively small computational complexity.Comment: 9 pages IEEE format, International Journal of Computer Science and Information Security, IJCSIS 2009, ISSN 1947 5500, Impact Factor 0.423, http://sites.google.com/site/ijcsis