IJSER Home >> Journal >> IJSER
International Journal of Scientific and Engineering Research
ISSN Online 2229-5518
ISSN Print: 2229-5518 1    
Website: http://www.ijser.org
scirp IJSER >> Volume 3,Issue 1,January 2012
Anomaly Detection through NN Hybrid Learning with Data Transformation Analysi
Full Text(PDF, )  PP.200-205  
Saima Munawar, Mariam Nosheen and Dr.Haroon Atique Babri
ANN, Anomaly Detection, Self Organizing Map, Backpropagation network, Indicator variables, Conditional probability
ntrusion detection system is a vital part of computer security system commonly used for precaution and detection.It is built for classifier or descriptive or predictive model to proficient classification of normal behavior from abnormal behavior of IP packets. This paper presents the solution regarding proper data transformation methods handling and importance of data analysis of complete data set which is apply on hybrid neural network approaches for used to cluster and classify normal and abnormal behavior to improve the accuracy of network based anomaly detection classifier. Because neural network classes only require the numerical form of data but IP connections or packets of network have some symbolic features which are difficult to handle without the proper data transformation analysis. For this reason, it got non redundant new NSL KDD CUP data set. The experimental results show that indicator variable is more effective as compared to the both conditional probabilities and arbitrary assignment method from measurement of accuracy and balance error rate.
[1] Jean-Philippe. (2001). Retrieved from http://www.sans.org/reading_room/whitepapers/detection/app lication-neural-networks-intrusion-detection_336

[2] Chen, C.-M., Chen, Y.-L., & Lin, H.-C. (2010). An efficient network intrusion detection. Computer Communications, 33, 477–484.

[3] Bahrololum, M., & Khaleghi, M. (2008). Anomaly Intrusion Detection System Using Hierarchical Gaussian Mixture Model. IJCSNS International Journal of Computer Science and Network Security, 8.

[4] Chandola, V., Banerjee, A., & Kumar, V. (2009). Anomaly Detection: A Survey. University of Minnesota. ACM Computing Surveys.

[5] Stoneburner, G. (2001). Underlying Technical Models for Information Technology Security. National Institute of Standards and Technology. WASHINGTON: NIST Special Publication 800-33.

[6] Frederick, K. K. (2000). Abnormal IP Packets. Retrievedfromhttp://www.symantec.com/connect/articles/abnormal-ippackets [7] Dupuis, C. (2002). Intrusion Detection Systems (Ids).Retrievedfromhttp://www.cccure.org/Documents/IDS/IDS_2002.PPT

[8] Intrusion Prevention Systems (IPS). (2008). Retrieved from http://nsslabs.com/white-papers/intrusion-prevention-systemsips.html

[9] Alanazi, H. .., Noor, R. M., Zaidan, B., & Zaidan, A. (2010). Intrusion Detection System: Overview. Journal of computing, 2(2).

[10] Powers, S. T., & He, J. (2008). A hybrid artificial immune system and Self Organising Map for network intrusion detection. Information Sciences, 178 , 3024–3042

[11] Bahrololum, M., Salahi, E., & Khaleghi, M. (2009). Anomaly Intrusion Detection Design Using Hybrid of Unsupervised And Supervised Neural Network. International Journal of Computer Networks & Communications, 1(2).

[12] Oh, H., Doh, I., & Chae, K. (2009). Attack classification based on data mining technique and Its application for reliable medical sensor communication. International Journal of Computer Science and Applications, 6(2), 20 – 32.

[13] KDD Cup 1999 Data. (1999). Retrieved from http://kdd.ics.uci.edu/databases/kddcup 99/kddcup99.html.

[14] Tavallaee, M., Bagheri, E., Lu, W., & Ghorban, A. A. (2009). A Detailed Analysis of the KDD CUP 99 Data Set. IEEE Symposium on computational Intelligence in Security and Defence Application.

[15] Hernández-Pereira, E., Suárez-Romero, J. A., Fontenla-Romero, O., & Alonso-Betanzos, A. (2009). Conversion methods for symbolic features: A comparison applied to an intrusion detection problem. Expert Systems with Applications, 36, 10612–10617.

[16] Demuth, H., Beale, M., & Hagan, M. (2010). Neural Network Toolbox™ 6. Retrieved from www.mathworks.com/access/helpdesk/help/pdf_doc/nnet/nnet.pdf

[17] The 16 ACM SIGKDD conference on knowledge discovery and data mining. (2010). Retrieved from http://www.kdd.org/kdd2010/tutorials.shtml

[18] The NSL-KDD Data Set.(2009).Retrieved from http://nsl.cs.unb.ca/NSL-KDD/

[19] Shyu, M.-L., Sarinnapakorn, K., Kuruppu-Appuhamilage, I., Chen, S.-C., Chang, L., & Goldring, T. (2005). Handling Nominal Features in Anomaly Intrusion Detection Problems. 15th international workshop on research issues in data engineering:strean data mining and applications.

[20] Duch, W., Grudzinski, K., & Stawski, G. (2000). Symbolic Features in Neural Networks. Torun, Poland.

[21] Pomplun, M. (2006). Artificial Neural Network Paradigms. Retrievedfrom http://www.cs.umb.edu/~marc/www.scs.ipm.ac.ir/seminars/Lec ture/.../mark%20pomplan/marc.../talk8.ppt

[22] Gunes Kayacik, H., Zincir-Heywood, A. N., & Heywood, M. I. (2007). A hierarchical SOM-based intrusion detection system. Engineering Applications of Artificial Intelligence, 20 , 439–451

Untitled Page