{"title":"What defines an intruder? An intelligent approach","authors":"H. Lugo-Cordero, R. Guha","doi":"10.1109/CICYBS.2013.6597202","DOIUrl":null,"url":null,"abstract":"All attacks in a computer network begin with an intruder's action of affecting the services provided to legitimate users. Hence, intrusion detection is vital for preserving integrity, confidentiality, and availability in a computer network. Intrusion detection faces many challenges, such as the need for large amount of data to discriminate between intruders and non-intruders, and the overlapping of user behavior to that of the intruders. This paper aims to target both of these challenges, by employing a distributed intrusion prevention system based on the Binary Partitle Swarm Optimization (BPSO) and Probabilistic Neural Network (PNN) algorithms. Such a system is capable of: 1) locally classifying actions as intruder or non-intruder type, and 2) consulting neighbors for casting a majority vote, upon finding high ambiguity on a decision. The algorithm uses an evolutionary computation approach to select the best features that can help classify intruders, while using fewer amounts of data. Furthermore, the approach uses concepts from semi-supervised learning to improve and adapt over time, to any network infrastructure. To demonstrate the viability of the proposed approach, a random set of data has been selected from the KDD-99 dataset. Such a set contained capture data from both users and attackers. Results have been compared with traditional data mining algorithms from previous work, demonstrating that such a system can have high accuracy, while maintaining a low false alarm rate.","PeriodicalId":178381,"journal":{"name":"2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-04-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CICYBS.2013.6597202","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
All attacks in a computer network begin with an intruder's action of affecting the services provided to legitimate users. Hence, intrusion detection is vital for preserving integrity, confidentiality, and availability in a computer network. Intrusion detection faces many challenges, such as the need for large amount of data to discriminate between intruders and non-intruders, and the overlapping of user behavior to that of the intruders. This paper aims to target both of these challenges, by employing a distributed intrusion prevention system based on the Binary Partitle Swarm Optimization (BPSO) and Probabilistic Neural Network (PNN) algorithms. Such a system is capable of: 1) locally classifying actions as intruder or non-intruder type, and 2) consulting neighbors for casting a majority vote, upon finding high ambiguity on a decision. The algorithm uses an evolutionary computation approach to select the best features that can help classify intruders, while using fewer amounts of data. Furthermore, the approach uses concepts from semi-supervised learning to improve and adapt over time, to any network infrastructure. To demonstrate the viability of the proposed approach, a random set of data has been selected from the KDD-99 dataset. Such a set contained capture data from both users and attackers. Results have been compared with traditional data mining algorithms from previous work, demonstrating that such a system can have high accuracy, while maintaining a low false alarm rate.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
