An Approach for Reducing the Computational Complexity of LAMSTAR Intrusion Detection System using Principal Component Analysis
The security of computer networks plays a strategic
role in modern computer systems. Intrusion Detection Systems (IDS)
act as the 'second line of defense' placed inside a protected
network, looking for known or potential threats in network traffic
and/or audit data recorded by hosts. We developed an Intrusion
Detection System using LAMSTAR neural network to learn patterns
of normal and intrusive activities, to classify observed system
activities and compared the performance of LAMSTAR IDS with
other classification techniques using 5 classes of KDDCup99 data.
LAMSAR IDS gives better performance at the cost of high
Computational complexity, Training time and Testing time, when
compared to other classification techniques (Binary Tree classifier,
RBF classifier, Gaussian Mixture classifier). we further reduced the
Computational Complexity of LAMSTAR IDS by reducing the
dimension of the data using principal component analysis which in
turn reduces the training and testing time with almost the same
performance.
[1] A.K.Ghosh, A.Schwartzbard, "Study in Using Neural Networks for
Anomaly and Misuse Detection", in Proc. 8th USENIX Security
Symposium, pp 131-142, August 1999, Washington, D.C.
[2] Abirami Muralidharan, J.Patrick Rousche, "Decoding of auditory cortex
signals with a LAMSTAR neural network", Neurological Research,
Volume 27, pp. 4-10, January 2005.
[3] D.Graupe and H. Kordylewski, "A Large Memory Storage and Retrieval
Neural Network for Adaptive Retrieval and Diagnosis", International
Journal of Software Engineering and Knowledge Engineering, volume
8, pp.115-138, 1998.
[4] D.Graupe, "Principles of Artificial Neural Networks", pp. 191-222,
World Scientific Publishing Co. Pte. Ltd., Singapore, 1997.
[5] H. Kordylewski, "A Large Memory Storage and Retrieval Neural
Network for Medical and Engineering Diagnosis/Fault Detection",
Doctor of Philosophy-s Thesis, University of Illinois at Chicago, TK-
99999-K629, 1998.
[6] D.Graupe and H. Kordylewski, "A large scale memory (LAMSTAR)
neural network for medical diagnosis", in Proc. 19th Annual
International Conference of the IEEE, Volume 3, Issue 30, Oct-2 Nov
1997 Page(s):1332 - 1335.
[7] S.K.Chang, D.Graupe, K.Hasegawa, H.Kordylewski, "An Active
Multimedia Information System for Information Retrieval, Discovery
and Fusion", International Journal of Software Engineering and
Knowledge Engineering, volume 8, pp. 139-160, 1998.
[8] http://kdd.ics.uci.edu//databases/kddcup99/kddcup99.html
[9] Teuvo Kohonen , "The Self Organizing Map", in Proc. IEEE, Volume
78, No. 9, pp 1464 - 1480, September 1990.
[10] Srilatha Chebrolu, Ajith Abraham, Johnson P.Thomas, "Feature
deduction and ensemble design of intrusion detection systems", Elsevier
Journal of Computers & Security" Vol. 24/4, pp. 295-307, 2005.
[11] Itzhak Levin, KDD-99 Classifier Learning Contest LLSoft-s Results
Overview, "SIGKDD Explorations. Copyright 2000 ACM SIGKDD",
Vol. 1, Issue 2, pp. 67 -75, January 2000.
[12] www.ll.mit.edu/SST/lnknet/
[13] www-ra.informatik.uni-tuebingen.de/ software/ JavaNNS/ welcome_e.
html.
[14] Dae-Ki Kang, "Learning Classifiers for Misuse and Anomaly Detection
Using a Bag of System Calls Representation", in Proc. 6th IEEE
Workshop on Information Assurance and Security United States Military
Academy, West Point, NY, 2005.
[15] D. Nguyen, A. Das, G. Memik, and A. Choudhary , "Reconfigurable
Architecture for Network Intrusion Detection Using Principal
Component Analysis" In Proc. ACM/SIGDA 14th international
symposium on Field programmable gate arrays , pp. 235 - 235, 2006.
[16] M.-L. Shyu, S.-C. Chen, K. Sarinnapakorn, and L. Chang, "A novel
anomaly detection scheme based on principal component classifier", In
Proc. IEEE Foundations and New Directions of Data Mining Workshop,
in conjunction with the Third IEEE International Conference on Data
Mining (ICDM-03), pp 172-179, Nov. 2003.
[17] I. T. Jolliffe, "Principal Component Analysis", Springer Verlag, New
York, NY, third edition, July 2002.
[18] Jing Gao, Haibin Cheng, Pang Ming Tan, "A Novel Framework for
Incorporating Labeled Examples into Anomaly Detection", in Proc. of
the Siam Conference on Data Mining, April 2006.
[19] Dima Novikov, Roman V. Yampolskiy, Leon Reznik, "Anomaly
Detection Based Intrusion Detection" in Proc. of the Third IEEE
International Conference on Information Technology: New Generations
(ITNG'06), pp. 420-425, 2005.
[20] Richard Lippmann, "Passive Operating System Identification From
TCP/IP Packet Headers" in Proc. of the Workshop on Data Mining for
Computer Security (DMSEC), Lincoln Laboratory ,Massachusetts, 2003.
[21] Liberios Vokorokos, Anton Baley, Martin Chovenac, "Intrusion
detection system using self organizing map", Acta Electrotechnica et
Informatica , Vol. 6 No.1, pp.1-6, 2006.
[22] Chaker Katar, "Combining Multiple Techniques for Intrusion
Detection", International Journal of Computer Science and Network
Security, Vol. 6 No.2B, February 2006.
[1] A.K.Ghosh, A.Schwartzbard, "Study in Using Neural Networks for
Anomaly and Misuse Detection", in Proc. 8th USENIX Security
Symposium, pp 131-142, August 1999, Washington, D.C.
[2] Abirami Muralidharan, J.Patrick Rousche, "Decoding of auditory cortex
signals with a LAMSTAR neural network", Neurological Research,
Volume 27, pp. 4-10, January 2005.
[3] D.Graupe and H. Kordylewski, "A Large Memory Storage and Retrieval
Neural Network for Adaptive Retrieval and Diagnosis", International
Journal of Software Engineering and Knowledge Engineering, volume
8, pp.115-138, 1998.
[4] D.Graupe, "Principles of Artificial Neural Networks", pp. 191-222,
World Scientific Publishing Co. Pte. Ltd., Singapore, 1997.
[5] H. Kordylewski, "A Large Memory Storage and Retrieval Neural
Network for Medical and Engineering Diagnosis/Fault Detection",
Doctor of Philosophy-s Thesis, University of Illinois at Chicago, TK-
99999-K629, 1998.
[6] D.Graupe and H. Kordylewski, "A large scale memory (LAMSTAR)
neural network for medical diagnosis", in Proc. 19th Annual
International Conference of the IEEE, Volume 3, Issue 30, Oct-2 Nov
1997 Page(s):1332 - 1335.
[7] S.K.Chang, D.Graupe, K.Hasegawa, H.Kordylewski, "An Active
Multimedia Information System for Information Retrieval, Discovery
and Fusion", International Journal of Software Engineering and
Knowledge Engineering, volume 8, pp. 139-160, 1998.
[8] http://kdd.ics.uci.edu//databases/kddcup99/kddcup99.html
[9] Teuvo Kohonen , "The Self Organizing Map", in Proc. IEEE, Volume
78, No. 9, pp 1464 - 1480, September 1990.
[10] Srilatha Chebrolu, Ajith Abraham, Johnson P.Thomas, "Feature
deduction and ensemble design of intrusion detection systems", Elsevier
Journal of Computers & Security" Vol. 24/4, pp. 295-307, 2005.
[11] Itzhak Levin, KDD-99 Classifier Learning Contest LLSoft-s Results
Overview, "SIGKDD Explorations. Copyright 2000 ACM SIGKDD",
Vol. 1, Issue 2, pp. 67 -75, January 2000.
[12] www.ll.mit.edu/SST/lnknet/
[13] www-ra.informatik.uni-tuebingen.de/ software/ JavaNNS/ welcome_e.
html.
[14] Dae-Ki Kang, "Learning Classifiers for Misuse and Anomaly Detection
Using a Bag of System Calls Representation", in Proc. 6th IEEE
Workshop on Information Assurance and Security United States Military
Academy, West Point, NY, 2005.
[15] D. Nguyen, A. Das, G. Memik, and A. Choudhary , "Reconfigurable
Architecture for Network Intrusion Detection Using Principal
Component Analysis" In Proc. ACM/SIGDA 14th international
symposium on Field programmable gate arrays , pp. 235 - 235, 2006.
[16] M.-L. Shyu, S.-C. Chen, K. Sarinnapakorn, and L. Chang, "A novel
anomaly detection scheme based on principal component classifier", In
Proc. IEEE Foundations and New Directions of Data Mining Workshop,
in conjunction with the Third IEEE International Conference on Data
Mining (ICDM-03), pp 172-179, Nov. 2003.
[17] I. T. Jolliffe, "Principal Component Analysis", Springer Verlag, New
York, NY, third edition, July 2002.
[18] Jing Gao, Haibin Cheng, Pang Ming Tan, "A Novel Framework for
Incorporating Labeled Examples into Anomaly Detection", in Proc. of
the Siam Conference on Data Mining, April 2006.
[19] Dima Novikov, Roman V. Yampolskiy, Leon Reznik, "Anomaly
Detection Based Intrusion Detection" in Proc. of the Third IEEE
International Conference on Information Technology: New Generations
(ITNG'06), pp. 420-425, 2005.
[20] Richard Lippmann, "Passive Operating System Identification From
TCP/IP Packet Headers" in Proc. of the Workshop on Data Mining for
Computer Security (DMSEC), Lincoln Laboratory ,Massachusetts, 2003.
[21] Liberios Vokorokos, Anton Baley, Martin Chovenac, "Intrusion
detection system using self organizing map", Acta Electrotechnica et
Informatica , Vol. 6 No.1, pp.1-6, 2006.
[22] Chaker Katar, "Combining Multiple Techniques for Intrusion
Detection", International Journal of Computer Science and Network
Security, Vol. 6 No.2B, February 2006.
@article{"International Journal of Information, Control and Computer Sciences:50994", author = "V. Venkatachalam and S. Selvan", title = "An Approach for Reducing the Computational Complexity of LAMSTAR Intrusion Detection System using Principal Component Analysis", abstract = "The security of computer networks plays a strategic
role in modern computer systems. Intrusion Detection Systems (IDS)
act as the 'second line of defense' placed inside a protected
network, looking for known or potential threats in network traffic
and/or audit data recorded by hosts. We developed an Intrusion
Detection System using LAMSTAR neural network to learn patterns
of normal and intrusive activities, to classify observed system
activities and compared the performance of LAMSTAR IDS with
other classification techniques using 5 classes of KDDCup99 data.
LAMSAR IDS gives better performance at the cost of high
Computational complexity, Training time and Testing time, when
compared to other classification techniques (Binary Tree classifier,
RBF classifier, Gaussian Mixture classifier). we further reduced the
Computational Complexity of LAMSTAR IDS by reducing the
dimension of the data using principal component analysis which in
turn reduces the training and testing time with almost the same
performance.", keywords = "Binary Tree Classifier, Gaussian Mixture, IntrusionDetection System, LAMSTAR, Radial Basis Function.", volume = "1", number = "8", pages = "2336-9", }
