Intrusion Detection Systems Using Adaptive Regression Splines

Past few years have witnessed a growing recognition of intelligent techniques for the construction of efficient and reliable intrusion detection systems. Due to increasing incidents of cyber attacks, building effective intrusion detection systems (IDS) are essential for protecting information systems security, and yet it remains an elusive goal and a great challenge. In this paper, we report a performance analysis between Multivariate Adaptive Regression Splines (MARS), neural networks and support vector machines. The MARS procedure builds flexible regression models by fitting separate splines to distinct intervals of the predictor variables. A brief comparison of different neural network learning algorithms is also given

Mukkamala, Sung 1 Feature Selection for Intrusion Detection using Neural Networks and Support Vector Machines

Computational Intelligence (CI) methods are increasingly being used for problem solving. This paper concerns using CI-type learning machines for intrusion detection, which is a problem of general interest to transportation infrastructure protection since a necessary task thereof is to protect the computers responsible for the infrastructure’s operational control, and an effective Intrusion Detection System (IDS) is essential for ensuring network security. Two classes of learning machines for IDSs are studied: Artificial Neural Networks (ANNs) and Support Vector Machines (SVMs). We show that SVMs are superior to ANNs in three critical respects of IDSs: SVMs train and run an order of magnitude faster; SVMs scale much better; and SVMs give higher classification accuracy. We also address the related issue of ranking the importance of input features, which is itself a problem of great interest. Since elimination of the insignificant and/or useless inputs leads to a simplified problem and possibly faster and more accurate detection, feature selection is very important in intrusion detection. Two methods for feature ranking are presented: the first one is independent of the modeling tool, while the second method is specific to SVMs. The two methods are applied to identify the important features in the 1999 DARPA intrusion data set. It is shown that the two methods produce results that are largely consistent. We present experimental results that indicate that SVM-based IDSs using a reduced number of features can deliver enhanced or comparable performance. Finally, an SVM-based IDS for class-specific detection is proposed. 1

Intrusion Detection Using an Ensemble of Intelligent Paradigms

Soft computing techniques are increasingly being used for problem solving. This paper addresses using an ensemble approach of different soft computing and hard computing techniques for intrusion detection. Due to increasing incidents of cyber attacks, building effective intrusion detection systems are essential for protecting information systems security, and yet it remains an elusive goal and a great challenge. We studied the performance of Artificial Neural Networks (ANNs), Support Vector Machines (SVMs) and Multivariate Adaptive Regression Splines (MARS). We show that an ensemble of ANNs, SVMs and MARS is superior to individual approaches for intrusion detection in terms of classification accuracy

Modeling intrusion detection systems using linear genetic programming approach

Abstract-This paper investigates the suitability of linear genetic programming (LGP) technique to model efficient intrusion detection systems, while comparing its performance with artificial neural networks and support vector machines. Due to increasing incidents of cyber attacks and, building effective intrusion detection systems (IDSs) are essential for protecting information systems security, and yet it remains an elusive goal and a great challenge. We also investigate key feature indentification for building efficient and effective IDSs. Through a variety of comparative experiments, it is found that, with appropriately chosen population size, program size, crossover rate and mutation rate, linear genetic programs could outperform support vector machines and neural networks in terms of detection accuracy. Using key features gives notable performance in terms of detection accuracies. However the difference in accuracy tends to be small in a few cases.

Designing Intrusion Detection Systems: Architectures, Challenges and Perspectives

Computer security is defined as the protection of computing systems against threats to confidentiality, integrity, and availability. There are two types of intruders: the external intruders who are unauthorized users of the machines they attack, and internal intruders, who have permission to access the system with some restrictions. Due to increasing incidents of cyber attacks, building effective intrusion detection systems are essential for protecting information systems security, and yet it remains an elusive goal and a great challenge. We present the state-of-the-art of the evolution of intrusion detection systems and address some of the research challenges to design efficient and effective intrusion detection systems. Further distributed intrusion detection systems are presented which could be used to detect and prevent attacks that would be invisible to any single system or whose significance would be missed if information from only a single system were available. We finally illustrate how a data mining approach could reduce abundant/redundant and noisy data and design effective intrusion detection systems