Analysis of Hybrid Soft Computing Techniques for Intrusion Detection on Network

Intrusion detection is an action towards security of a network when a system or network is being used inappropriately or without authorization. The use of Soft Computing Approaches in intrusion detection is an Appealing co ncept for two reasons: firstly, the Soft Computing Approaches achieve tractability, robustness, low solution cost, and better report with reality. Secondly, current techniques used in network security from intrusion are not able to cope with the dynamic and increasingly complex nature of network and their security. It is hoped that Soft Computing inspired approaches in this area will be able to meet this challenge. Here we analyze the approaches including the examination of efforts in hybrid system of SC su ch as neuro - fuzzy, fuzzy - genetic, neuro - genetic, and neuro - fuzzy - genetic used the development of the systems and outcome their implementation. It provides an introduction and review of the key developments within this field, in addition to making suggestio ns for future research

ПОБУДОВА СИСТЕМ ВИЯВЛЕННЯ АТАК В ІНФОРМАЦІЙНИХ МЕРЕЖАХ НА НЕЙРОМЕРЕЖЕВИХ СТРУКТУРАХ

Systems for detecting network intrusions and detecting signs of attacks on information systems have long been used as one of the necessary lines of defense of information systems. Today, intrusion and attack detection systems are usually software or hardware-software solutions that automate the process of monitoring events occurring in an information system or network, as well as independently analyze these events in search of signs of security problems. As the number of different types and ways of organizing unauthorized intrusions into foreign networks has increased significantly in recent years, attack detection systems (ATS) have become a necessary component of the security infrastructure of most organizations. The article proposes a software prototype of a network attack detection system based on selected methods of data mining and neural network structures. The conducted experimental researches confirm efficiency of the created model of detection for protection of an information network. Experiments with a software prototype showed high quality detection of network attacks based on neural network structures and methods of intelligent data distribution. The state of protection of information systems to counter cyber attacks is analyzed, which made it possible to draw conclusions that to ensure the security of cyberspace it is necessary to implement a set of systems and protection mechanisms, namely systems: delimitation of user access; firewall; cryptographic protection of information; virtual private networks; anti-virus protection of ITS elements; detection and prevention of intrusions; authentication, authorization and audit; data loss prevention; security and event management; security management.Системи виявлення мережевих вторгнень і виявлення ознак атак на інформаційні системи вже давно застосовуються як один з необхідних рубежів оборони інформаційних систем. На сьогодні системи виявлення вторгнень і атак зазвичай являють собою програмні або апаратно-програмні рішення, які автоматизують процес контролю подій, що відбуваються в інформаційній системі або мережі, а також самостійно аналізують ці події в пошуках ознак проблем безпеки. Оскільки кількість різних типів і способів організації несанкціонованих проникнень в чужі мережі за останні роки значно збільшилася, системи виявлення атак (СВА) стали необхідним компонентом інфраструктури безпеки більшості організацій. У статті запропоновано програмний прототип системи виявлення мережевих атак на основі вибраних методів інтелектуального аналізу даних та нейромережевих структур. Проведені експериментальні дослідження підтверджують ефективність створеної моделі виявлення для захисту інформаційної мережі. Проведені експерименти з програмним прототипом показали високу якість виявлення мережевих атак на основі нейромережевих структур та методів інтелектуального розподілу даних. Проаналізовано стан захищеності інформаційних систем по протидії від кібератак, що дало можливість зробити висновки,  шо для забезпечення безпеки кіберпростору необхідне впровадження комплексу систем і механізмів захисту, а саме систем: розмежування доступу користувачів; міжмережного екранування; криптографічного захисту інформації; віртуальні приватні мережі; антивірусного захисту елементів ІТС; виявлення і запобігання вторгнень; автентифікації, авторизації і аудиту; попередження втрати даних; управління безпекою та подіями; управління захищеності

Integrated Multilevel Intrusion Detection and Report System

In this paper we demonstrate a new impression of intrusion detection system. We use multilevel structure of intrusion detection systems to protect our network. Most of traditional report systems are complicated and hard to manage. In our system, our interface of report system is easy to read and manage. The most important is we use open source software to integrate our system. This can make the cost of intrusion detection system down and make our system flexible. It is convenient to user and network manager. In our system, we can integrate different intrusion detection system and report system into one system. It will become a trend nowadays

Identifying DOS attacks using data pattern analysis

During a denial of service attack, it is difficult for a firewall to differentiate legitimate packets from rogue packets, particularly in large networks carrying substantial levels of traffic. Large networks commonly use network intrusion detection systems to identify such attacks, however new viruses and worms can escape detection until their signatures are known and classified as an attack. Commonly used IDS are rule based and static, and produce a high number of false positive alerts. The aim of this research was to determine if it is possible for a firewall to self-learn by analysing its own traffic patterns. Statistical analyses of firewall logs for a large network were carried out and a baseline determined. Estimated traffic levels were projected using linear regresssion and Holt-Winter methods for comparison with the baseline. Rejected traffic falling outside the projected level for the network under study could indicate an attack. The results of the research were positive with variance from the projected rejected packet levels successfully indicating an attack in the test network

Detección de intrusiones mediante el uso de redes neuronales

Con el crecimiento explosivo de Internet y particularmente de las aplicaciones de comercio electrónico, los ataques a las redes se han vuelto más comunes y sofisticados. Las redes demandan medidas de protección más elaboradas para garantizar que éstas operen seguras y dar continuidad a los servicios críticos, estas medidas incluyen métodos de detección y repuesta en tiempo real a los intentos de intrusión. Este trabajo usa modelos estadísticos y clasificadores multivariables para detectar perfiles de tráfico anómalos, utilizando redes neuronales. El análisis estadístico basa su cálculo en el álgebra de las funciones de densidad de probabilidad (PDF). La red neuronal integra esta información en una sola salida reportando el estado de la red, la que alimenta un software que configura al firewall, para producir un rechazo de la amenaza en tiempo real.Eje: Arquitectura, Redes y Sistemas OperativosRed de Universidades con Carreras en Informática (RedUNCI

Detección de intrusiones mediante el uso de redes neuronales

Con el crecimiento explosivo de Internet y particularmente de las aplicaciones de comercio electrónico, los ataques a las redes se han vuelto más comunes y sofisticados. Las redes demandan medidas de protección más elaboradas para garantizar que éstas operen seguras y dar continuidad a los servicios críticos, estas medidas incluyen métodos de detección y repuesta en tiempo real a los intentos de intrusión. Este trabajo usa modelos estadísticos y clasificadores multivariables para detectar perfiles de tráfico anómalos, utilizando redes neuronales. El análisis estadístico basa su cálculo en el álgebra de las funciones de densidad de probabilidad (PDF). La red neuronal integra esta información en una sola salida reportando el estado de la red, la que alimenta un software que configura al firewall, para producir un rechazo de la amenaza en tiempo real.Eje: Arquitectura, Redes y Sistemas OperativosRed de Universidades con Carreras en Informática (RedUNCI

Feature selection and visualization techniques for network anomaly detector

Intrusion detection systems have been widely used as burglar alarms in the computer security field. There are two major types of detection techniques: misuse detection and anomaly detection. Although misuse detection can detect known attacks with lower false positive rate, anomaly detection is capable of detecting any new or varied attempted intrusion as long as the attempted intrusions disturb the normal states of the systems. The network anomaly detector is employed to monitor a segment of network for any suspicious activities based on the sniffered network traffic. The fast speed of network and wide use of encryption techniques make it almost unpractical to read payload information for the network anomaly detector. This work tries to answer the question: What are the best features for network anomaly detector? The main experiment data sets are from 1999 DARPA Lincoln Library off-line intrusion evaluation project since it is still the most comprehensive public benchmark data up to today. Firstly, 43 features of different levels and protocols are defined. Using the first three weeks as training data and last two weeks as testing data, the performance of the features are testified by using 5 different classifiers. Secondly, the feasibility of feature selection is investigated by employing some filter and wrapper techniques such as Correlation Feature Selection, etc. Thirdly, the effect of changing overlap and time window for the network anomaly detector is investigated. At last, GGobi and Mineset are utilized to visualize intrusion detections to save time and effort for system administrators. The results show the capability of our features is not limited to probing attacks and denial of service attacks. They can also detect remote to local attacks and backdoors. The feature selection techniques successfully reduce the dimensionality of the features from 43 to 10 without performance degrading. The three dimensional visualization pictures provide a straightforward view of normal network traffic and malicious attacks. The time plot of key features can be used to aid system administrators to quickly locate the possible intrusions

Introduction on intrusion detection systems : focus on hierarchical analysis

In today\u27s fast paced computing world security is a main concern. Intrusion detection systems are an important component of defensive measures protecting computer systems and networks from abuse. This paper will examine various intrusion detection systems. The task of intrusion detection is to monitor usage of a system and detect and malicious activity, therefore, the architecture is a key component when studying intrusion detection systems. This thesis will also analyze various neural networks for statistical anomaly intrusion detection systems. The thesis will focus on the Hierarchical Intrusion Detection system (HIDE) architecture. The HIDE system detects network based attack as anomalies using statistical preprocessing and neural network classification. The thesis will conclude with studies conducted on the HIDE architecture. The studies conducted on the HIDE architecture indicate how the hierarchical multi-tier anomaly intrusion detection system is an effective one

Anomaly Detection in Ethernet Networks Using Self Organising Maps

The network is a highly vulnerable venture for any organization that needs to have a set of computers for their work and needs to communicate among them. Any large organization that sets up a network needs a basic Ethernet or wireless framework for transferring data. Nevertheless the security concern of the organization creeps in and the computers storing the highly sensitive data need to be safeguarded. The threat to the network comes from the internal network as well as the external network. The amount of monitoring data generated in computer networks is enormous. Tools are needed to ease the work of system operators. Anomaly detection attempts to recognize abnormal behavior to detect intrusions. We have concentrated to design a prototype UNIX Anomaly Detection System. Neural Networks are tolerant of imprecise data and uncertain information. We worked to devise a tool for detecting such intrusions into the network. The tool uses the machine learning approaches ad clustering techniques like Self Organizing Map and compares it with the k-means approach. Our system is described for applying hierarchical unsupervised neural network to intrusion detection system. The network connection is characterized by six parameters and specified as a six dimensional vectors. The self organizing map creates a two dimensional lattice of neurons for network for each network service. During real time analysis, network features are fed to the neural network approaches and a winner is selected by finding a neuron that is closest in distance to it. The network is then classified as an intrusion if the distance is more than a preset threshold. The evaluation of this approach will be based on data sets provided by the Defense Advanced Research Projects Agency (DARPA) IDS evaluation in 1999