Hybrid Intelligent Intrusion Detection System

Intrusion Detection Systems are increasingly a key part of systems defense. Various approaches to Intrusion Detection are currently being used, but they are relatively ineffective. Artificial Intelligence plays a driving role in security services. This paper proposes a dynamic model Intelligent Intrusion Detection System, based on specific AI approach for intrusion detection. The techniques that are being investigated includes neural networks and fuzzy logic with network profiling, that uses simple data mining techniques to process the network data. The proposed system is a hybrid system that combines anomaly, misuse and host based detection. Simple Fuzzy rules allow us to construct if-then rules that reflect common ways of describing security attacks. For host based intrusion detection we use neural-networks along with self organizing maps. Suspicious intrusions can be traced back to its original source path and any traffic from that particular source will be redirected back to them in future. Both network traffic and system audit data are used as inputs for both.

Authors:

• Norbik Bashah
• Idris Bharanidharan Shanmugam
• Abdul Manan Ahmed

Keywords:

• Intrusion Detection
• Network Security
• Data mining
• Fuzzy Logic.

References:

[1] Bace R.G Intrusion Detection, Technical Publishing (ISBN 1-57870-
185-6).
[2] Lunt. T. "Detecting intruders in computer systems". Conference on
auditing and computer technology, 1993.
[3] Teng, H., K.Chen and S.Lu "Adaptive real time anomaly detection using
inductively generated sequential patters". IEEE computer society
symposium on research in security and privacy, California, IEEE
Computer Society 278-84 1990.
[4] Lee, S.Stolfo and K.Mok "Mining audit data to build data to build
intrusion detection models". Fourth international conference on
knowledge discovery and data mining, New York, AAAI Press 66-72,
1998.
[5] Mukkamala, R., J.Gagnon and S.Jaiodia Integrating data mining
techniques with intrusion detection methods. Research Advances in
Database and Information systems security, 33-46, 2000.
[6] S Stolfo, Lee, Chan. "Data mining-based Intrusion detectors : An
overview of the Columbia IDS Project" SIGMOD Record Vol 30, No 4,
200.
[7] Debar, M. Becker, D.Siboni. "A neural network component for an
intrusion detection system". IEEE Computer Society Symposium on
Research in Computer Security and Privacy, 240-250 1992.
[8] Tan.K "The Application of Neural Networks to UNIX Computer
security". IEEE International conference on Neural Networks Vol 1,
476-481 1995
[9] Wang J, Wang Z, Dai K, "A Network intrusion detection system based
on ANN", InfoSecu04, ACM 2004(ISBN1-58113-955-1)
[10] Botha.M, Solms R, Perry K, Loubser E, Yamoyany G "The utilization of
Artificial Intelligence in a Hybrid Intrusion Detection System",
SAICSIT, 149-155 2002
[11] www.snort.org
[12] Xinyuan Wang, Douglas S. Reeves, S. Felix and Jim Yuill, " Sleepy
Watermark Tracing : An active Network Based Intrusion Response
Framework" IEEE Information Survivability Workshop, October 2003
[13] http://snort-inline.sourceforge.net/
[14] Lee, W.,S Stolfo and K. Mok 1998 "Mining audit data to build intrusion
detection models". Fourth international conference on knowledge
discovery and data mining, New York August 1998
[15] Agrawal, R., and R.Srikant 1994 "Fast algorithms for mining association
rules 20"h international conference on very large databases September
1994
[16] Kuok, C., A.Fu and M. Wong "Mining fuzzy association rules in
databases" SIGMOD Record 17 (1) 41-46.
[17] Peter Lichodzijewski A.Nur Zincir-Heywood, Malcolm I. Heywood
"Host-based Intrusion Detection using Self-Organizing maps" IEEE
Communications 2002.