Chapter

Learning Vector Quantization and Radial Basis Function Performance Comparison Based Intrusion Detection System

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Information system’s technologies increase rapidly and continuously due to the huge traffic and volume of data. Stored data need to be secured adequately and transferred safely through the computer network. Therefore the data transaction mechanism still exposed to the intrusion attack of which consequences remain unlikable. An intrusion can be understood as a set of actions that can compromise the three security purposes known as Confidentiality, Integrity and Availability (CIA) of resources and services. In order to face on these intrusions, an efficient and robust Intrusion Detection System (IDS) which can detect successfully the intrusion is strongly recommended. An IDS is a network/host security tool used for preventing and detecting malicious attacks which could make a system useless. The purpose of this paper is to implement network intrusion detection system based on machine learning using Artificial Neural Network algorithms specifically the Learning Quantization Vector and Radial Basis Function make the comparison on the performance between these two algorithms.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

ResearchGate has not been able to resolve any citations for this publication.
Article
Full-text available
With the advancement of internet over years, the number of attacks over internet has also increased. A powerful Intrusion Detection System (IDS) is required to ensure the security of a network. The aim of IDS is to monitor the processes prevailing in a network and to analyze them for signs of any possible deviations. Some studies have been done in this field but a deep and exhaustive work has still not been done. This paper proposes an IDS using machine leaning for network with a good union of feature selection technique and classifier by studying the combinations of most of the popular feature selection techniques and classifiers. A set of significant features is selected from the original set of features using feature selection techniques and then the set of significant features is used to train different types of clas-sifiers to make the IDS. Five folds cross validation is done on NSL-KDD dataset to find results. It is finally observed that K-NN classifier produces better performance than others and, among the feature selection methods, information gain ratio based feature selection method is better.
Article
Full-text available
This study investigates the performance of two open source intrusion detection systems (IDSs) namely Snort and Suricata for accurately detecting the malicious traffic on computer networks. Snort and Suricata were installed on two different but identical computers and the performance was evaluated at 10 Gbps network speed. It was noted that Suricata could process a higher speed of network traffic than Snort with lower packet drop rate but it consumed higher computational resources. Snort had higher detection accuracy and was thus selected for further experiments. It was observed that Snort triggered a high rate of false positive alarms. To solve this problem a Snort adaptive plug-in was developed. To select the best performing algorithm for the Snort adaptive plug-in, an empirical study was carried out with different learning algorithms and Support Vector Machine (SVM) was selected. A hybrid version of SVM and Fuzzy logic produced a better detection accuracy. But the best result was achieved using an optimized SVM with the firefly algorithm with FPR (false positive rate) as 8.6% and FNR (false negative rate) as 2.2%, which is a good result. The novelty of this work is the performance comparison of two IDSs at 10 Gbps and the application of hybrid and optimized machine learning algorithms to Snort.
Article
Full-text available
The prosperity of technology worldwide has made the concerns of security tend to increase rapidly. The enormous usage of Internetworking has raised the need of protecting systems as well as networks from the unauthorized access or intrusion. An intrusion is an activity of breaking into the system by compromising the security policies, and the process of analyzing the network data for the possible intrusions is Intrusion Detection. For the last two decades automatic intrusion detection system has been an important research topic. Up to the moment, researchers have developed Intrusion Detection Systems (IDS) capable of detecting attacks in several available environments. A boundlessness of methods for misuse detection as well as anomaly detection has been applied, most popular of the all is using machine learning techniques. In this work a survey of various research efforts spared towards the development of intrusion detection systems based on machine learning techniques in given. The surveyed works are presented in easy to understand tabular forms and for each work; technique employed, dataset used and the parameters evaluated are mentioned. Current achievements and limitations in developing intrusion detection system by machine learning and future directions for research are also given.
Article
Full-text available
Abstract— Attacks on computer infrastructure are becoming an increasingly serious problem nowadays, and with the rapid expansion of computer networks during the past decade, computer security has become a crucial issue for protecting systems against threats, such as intrusions. Intrusion detection is an interesting approach that could be used to improve the security of network system. Different soft-computing based methods have been proposed in recent years for the development of intrusion detection systems. This paper presents a composition of Learning Vector Quantization artificial neural network and k-Nearest Neighbor approach to detect intrusion. A Supervised Learning Vector Quantization (LVQ) was trained for the intrusion detection system; it consists of two layers with two different transfer functions, competitive and linear. Competitive (hidden) and output layers contain a specific number of neurons which are the sub attack types and the main attack types respectively. k-Nearest Neighbor (kNN) as a machine learning algorithm was implemented using different distance measures and different k values, but the results demonstrates that using the first norm instead the second norm and using k=1 gave the best results among other possibilities. The experiments and evaluations of the proposed method have been performed using the NSL-KDD 99 intrusion detection dataset. Hybrid (LVQ_kNN) was able to classify the datasets into five classes at learning rate 0.09 using 23 hidden neurons with classification rate about 89%.
Article
Full-text available
Network-based computer systems play increasingly vital roles in modern society; they have become the target of intrusions by our enemies and criminals. Intrusion detection system attempts to detect computer attacks by examining various data records observed in processes on the network. This paper presents a hybrid intrusion detection system models, using Learning Vector Quantization and an enhanced resilient backpropagation artificial neural network. The proposed system is divided into five phases: environment phase, dataset features and pre-processing phase, Learning Vector Quantization phase, enhanced resilient backpropagation neural network phase and testing the hybrid system phase. A Supervised Learning Vector Quantization (LVQ) as the first stage of classification was trained to detect intrusions; it consists of two layers with two different transfer functions, competitive and linear. A multilayer perceptron as the second stage of classification was trained using an enhanced resilient backpropagation training algorithm. Best number of hidden layers and hidden neurons were calculated to train the enhanced resilient backpropagation neural network. One hidden layer with 32 hidden neurons was used in resilient backpropagation artificial neural network training process. An optimal learning factor was derived to speed up the convergence of the resilient backpropagation neural network performance. The evaluations were performed using the NSL-KDD99 network anomaly intrusion detection dataset. The experiments results demonstrate that the proposed system (LVQ_ERBP) has a detection rate about 97.06% with a false negative rate of 2%. 1. INTRODUCTION The importance of protecting systems from attacks and intrusions is critical, especially with the coming of Internet age, and because of the increasing dependence which companies and government agencies have on their computer networks [1]. A single intrusion of a computer network can result in the loss or unauthorized utilization or modification of large amounts of data and cause users to question the confidentiality, reliability and the availability of all of the information and the resources on the network. Intrusion Detection Systems have become the key foundation of network security. The two main intrusion detection techniques are misuse detection and anomaly detection. Misuse detection systems, use patterns of well known attacks or weak spots of the system to match and identify known intrusions. Anomaly detection systems, flag observed activities that deviate significantly from the established normal usage profiles as anomalies, that is, possible intrusions. Anomaly detection techniques can be effective against unknown or novel attacks since no a priori knowledge about specific intrusions is required. However, anomaly detection systems tend to generate more false alarms than misuse detection systems because an anomaly can just be a new normal behavior [2]. Neural networks are a uniquely powerful tool in multiple class classification, especially when used in applications where formal analysis would be very difficult or even impossible, such as pattern recognition, nonlinear system identification, and control [3]. Because of their generalization feature, neural networks are able to work with imprecise and incomplete data. It means that they can recognize also patterns not presented during a learning phase. That is why the neural networks could be a good solution for detection a well-known attack, which has been modified by an aggressor in order to pass through the firewall system. In that case, traditional Intrusion Detection Systems, based on the signatures of attacks or expert rules, may not be able to detect the new version of this attack [4].
Article
Full-text available
Intrusion detection system (IDS) is used to produce security alerts to discover attacks against protected network and/or computer systems. IDSs generate high amount of security alerts and analyzing these alert by a security expert are time consuming and error pron. IDS alert management system are used to manage generated alerts and classify true positive and false positives alert. This paper represents an IDS alert management system that uses learning vector quantization technique to classify generated alerts. Because of low classification time per each alert, the system also could be used in active alert management systems.
Intrusion detection systems: a modern investigation
  • G Vyas
  • S Meena
  • P Kumar
Hybrid system of learning vector quantization and enhanced resilient backpropagation artificial neural network for intrusion classification
  • R S Naoum
  • Z N Al-Sultani
  • RS Naoum
Application of machine learning approaches in intrusion detection system: a survey
  • N F Haq
  • A R Onik
  • M A K Hridoy
  • M Rafni
  • F M Shah
  • D M Farid
Learning vector quantization
  • Org Handwiki
Computer network intrusion detection
  • Sigkdd
  • Cup