Based on the fusion of neural network algorithm in the application of the anomaly detection

Similar documents
International Journal of Scientific & Engineering Research, Volume 4, Issue 7, July-2013 ISSN

A Network Intrusion Detection System Architecture Based on Snort and. Computational Intelligence

An Integrated Face Recognition Algorithm Based on Wavelet Subspace

Research on Applications of Data Mining in Electronic Commerce. Xiuping YANG 1, a

A study on fuzzy intrusion detection

Information Security Coding Rule Based on Neural Network and Greedy Algorithm and Application in Network Alarm Detection

Forest Fire Smoke Recognition Based on Gray Bit Plane Technology

Review on Data Mining Techniques for Intrusion Detection System

DDoS Detection in SDN Switches using Support Vector Machine Classifier

A Novel Image Super-resolution Reconstruction Algorithm based on Modified Sparse Representation

A Data Classification Algorithm of Internet of Things Based on Neural Network

An Abnormal Data Detection Method Based on the Temporal-spatial Correlation in Wireless Sensor Networks

Flow-based Anomaly Intrusion Detection System Using Neural Network

The Population Density of Early Warning System Based On Video Image

Research on adaptive network theft Trojan detection model Ting Wu

Construction Scheme for Cloud Platform of NSFC Information System

A Novel Intrusion Detection Method for WSN Sijia Wang a, Qi Li and Yanhui Guo

Performance Degradation Assessment and Fault Diagnosis of Bearing Based on EMD and PCA-SOM

Multiple Classifier Fusion With Cuttlefish Algorithm Based Feature Selection

Research on Design and Application of Computer Database Quality Evaluation Model

Different attack manifestations Network packets OS calls Audit records Application logs Different types of intrusion detection Host vs network IT

Combination of Three Machine Learning Algorithms for Intrusion Detection Systems in Computer Networks

Intrusion Detection System with FGA and MLP Algorithm

An advanced data leakage detection system analyzing relations between data leak activity

Intrusion Detection Using Data Mining Technique (Classification)

Intrusion detection system with decision tree and combine method algorithm

2017 2nd International Conference on Communications, Information Management and Network Security (CIMNS 2017) ISBN:

Quality Assessment of Power Dispatching Data Based on Improved Cloud Model

Face Recognition Technology Based On Image Processing Chen Xin, Yajuan Li, Zhimin Tian

Keywords Intrusion Detection System, Artificial Neural Network, Multi-Layer Perceptron. Apriori algorithm

Post-Classification Change Detection of High Resolution Satellite Images Using AdaBoost Classifier

Analysis of neural networks usage for detection of a new attack in IDS

A Detailed Analysis on NSL-KDD Dataset Using Various Machine Learning Techniques for Intrusion Detection

Data Mining Technology Based on Bayesian Network Structure Applied in Learning

Real-time Aerial Targets Detection Algorithm Based Background Subtraction

Cloud Computing Intrusion Detection Using Artificial Bee Colony-BP Network Algorithm

CSE 565 Computer Security Fall 2018

Efficient Method for Intrusion Detection in Multitenanat Data Center; A Review

Classification Of Attacks In Network Intrusion Detection System

Bayesian Learning Networks Approach to Cybercrime Detection

Keywords: Intrusion Detection System, k-nearest neighbor, Support Vector Machine, Primal Dual, Particle Swarm Optimization

Feature Selection in the Corrected KDD -dataset

Data Mining Approach For IDS in WSN

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

Security Research for Software Defined Network

Basic Concepts in Intrusion Detection

Enhanced Multivariate Correlation Analysis (MCA) Based Denialof-Service

Prediction of traffic flow based on the EMD and wavelet neural network Teng Feng 1,a,Xiaohong Wang 1,b,Yunlai He 1,c

Wireless Smart Home Security System Based on Android

Ensemble of Soft Computing Techniques for Intrusion Detection. Ensemble of Soft Computing Techniques for Intrusion Detection

Intelligent Computer Room Management Platform Based on RF Card

Determining the Number of Hidden Neurons in a Multi Layer Feed Forward Neural Network

An Ensemble Data Mining Approach for Intrusion Detection in a Computer Network

INTRUSION DETECTION WITH TREE-BASED DATA MINING CLASSIFICATION TECHNIQUES BY USING KDD DATASET

Pedestrian Detection with Improved LBP and Hog Algorithm

High Resolution Remote Sensing Image Classification based on SVM and FCM Qin LI a, Wenxing BAO b, Xing LI c, Bin LI d

The Detection Method of Website Administrator Account Password Brute-Force Attack by Flow Characteristics

Developing the Sensor Capability in Cyber Security

Improvement of SURF Feature Image Registration Algorithm Based on Cluster Analysis

2017 International Conference on Economics, Management Engineering and Marketing (EMEM 2017) ISBN:

An Efficient Character Segmentation Algorithm for Printed Chinese Documents

Remote Monitoring System of Ship Running State under Wireless Network

Rolling element bearings fault diagnosis based on CEEMD and SVM

Performance of data mining algorithms in unauthorized intrusion detection systems in computer networks

Detection and Mitigation of Web Application Vulnerabilities Based on Security Testing *

Exploration of Fault Diagnosis Technology for Air Compressor Based on Internet of Things

Time Series Clustering Ensemble Algorithm Based on Locality Preserving Projection

Anomaly Detection in Communication Networks

Virtual CMS Honey pot capturing threats In web applications 1 BADI ALEKHYA, ASSITANT PROFESSOR, DEPT OF CSE, T.J.S ENGINEERING COLLEGE

Anomaly Intrusion Detection System Using Hierarchical Gaussian Mixture Model

Audit Logging and Monitoring Procedure Document Number: OIL-IS-PRO-ALM

Numerical Recognition in the Verification Process of Mechanical and Electronic Coal Mine Anemometer

A survey on RBF Neural Network for Intrusion Detection System

Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats.

Data Imbalance Problem solving for SMOTE Based Oversampling: Study on Fault Detection Prediction Model in Semiconductor Manufacturing Process

HYBRID INTRUSION DETECTION USING SIGNATURE AND ANOMALY BASED SYSTEMS

Modeling Intrusion Detection Systems With Machine Learning And Selected Attributes

A Comparison Between the Silhouette Index and the Davies-Bouldin Index in Labelling IDS Clusters

Research on outlier intrusion detection technologybased on data mining

Study of Machine Learning Based Intrusion Detection System

AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID

The Prediction of Real estate Price Index based on Improved Neural Network Algorithm

Remote monitoring system based on C/S and B/S mixed mode Kaibing Song1, a, Yinsong Wang2,band Dandan Shang3,c

Chongqing, China. *Corresponding author. Keywords: Wireless body area network, Privacy protection, Data aggregation.

Video Inter-frame Forgery Identification Based on Optical Flow Consistency

A Rough Set Based Feature Selection on KDD CUP 99 Data Set

Overview of Honeypot Security System for E-Banking

Intrusion Detection System (IDS) IT443 Network Security Administration Slides courtesy of Bo Sheng

Abnormal Network Traffic Detection Based on Semi-Supervised Machine Learning

A Software-Defined Networking Security Controller Architecture. Fengjun Shang, Qiang Fu

Log System Based on Software Testing System Design And Implementation

A Survey on Intrusion Detection Using Outlier Detection Techniques

Design and Realization of WCDMA Project Simulation System

Fabric Defect Detection Based on Computer Vision

Comparison of variable learning rate and Levenberg-Marquardt back-propagation training algorithms for detecting attacks in Intrusion Detection Systems

An Adaptive Threshold LBP Algorithm for Face Recognition

Detection of Network Intrusions with PCA and Probabilistic SOM

Embedded Smart Home System Based on ZigBee Song Chi

Method to Study and Analyze Fraud Ranking In Mobile Apps

ISSN: (Online) Volume 4, Issue 3, March 2016 International Journal of Advance Research in Computer Science and Management Studies

Transcription:

, pp.28-34 http://dx.doi.org/10.14257/astl.2016.134.05 Based on the fusion of neural network algorithm in the application of the anomaly detection Zhu YuanZhong Electrical and Information Engineering Department of Beijing Polytechnic College Beijing China Zyz107@163.com Abstract. With the continuous expansion of network, computer network has highly unsafe factors such as hacker attacks. For efficient network anomaly detection, become the key to the healthy development of the network. A variety of sensors in the traditional neural network algorithm fusion, design a fusion of anomaly detection model, used to verify the data sets, the method is compared with the traditional single algorithm design of the detection system has better performance. Keywords: The BP neural network; Fusion technology; Anomaly detection 1 Introduction With the popularity of the Internet technology in the national production and living, the dependence of people on the Internet is growing. However, every coin has its two sides, the Internet technology in bring great convenience to people as well as develop the network security problem. Due to its own defects of Internet technology, as well as in various interests driven generated by the threat of hacking techniques, the security problem of network growing. The combination of data fusion is the purpose of through data, derived for more information, get the best of the coordinating role as a result, the use of multiple sensors common advantage, improve the effectiveness of the sensor system, eliminating the limitations of a single or a small number of sensors [1-2]. 2 Related works 2.1 Intrusion detection technology At present about the definition of intrusion detection mainly adopt the international computer security association about the definition of intrusion detection, intrusion detection is refers to by several key from a computer system or network nodes to collect information, and analyze the information, to find in the network or system whether there is a violation of security policy and the signs of the attack, namely to ISSN: 2287-1233 ASTL Copyright 2016 SERSC

detect intrusion behavior. A complete the role and function of intrusion detection system are as follows: (1) monitoring, analysis of the user and the system activity.(2) auditing system configuration and weaknesses.(3) assessment of critical systems and data integrity.(4) identify attack pattern of activity.(5) statistical analysis of abnormal activities.(6) of the operating system audit trail management, user activity recognition in violation of the policy[2-4]. access Internal access External access firewall Access restrictions The protected system Monitor outsiders Monitor insiders Intrusion detection system Real-time monitoring Regularly scan Vulnerability scanning system Fig. 1. The function of intrusion detection systems At present basically has the following several kinds of common intrusion detection method (1) pattern matching is one of the most simple misuse detection method, this method can be relatively simple pattern matching system for the current patterns of behavior to search in the pattern library, if it is found that a specific substring, argues that detected the invasion. (2) based on contour detection method using multiple attributes to express the behavior of the system, the combination of all these attributes defined as the current of tested body contour. (3) statistical analysis in anomaly detection is applied to the language, there are mainly four questions: can select effective measurement, statistics and generate can reflect the characteristics of the main body of the vector;able to generate audit records according to the main body activity, and update the current main body activity session vector;can use statistical methods to analyze data, and to assess the history of the current activity is in line with the main body behavior characteristic;can change over time, the study main body behavior characteristic, and update the record. (4) with some attack signature only sometimes and some attacks, the conditional probability of misuse detection technology by calculating signature under the condition of intrusion happens to judge whether there is the conditional probability of the occurrence of aggressive behavior. (5) neural network with organizations, adaptive and self-learning ability, in dealing with some background knowledge is not clear, the environment information of a Copyright 2016 SERSC 29

complex situations can be very good effect, applied to the intrusion detection system can detect unknown attacks [5-6]. 2.2 The BP neural network The BP neural network is a kind of neural network learning algorithm.composed of input layer, middle layer and output layer class type of neural network, the middle layer can be extended to multilayer.each neuron in the connection between adjacent layers, and there is no connection between each layer of neurons, the network to learn the way the teacher teach them, when a pair of learning model for network, each neuron get the produce corresponding input connection weights of the network. Support vector machine (SVM) is put forward by Vapnik et al a classification method of study, after received widespread attention.it on the basis of statistical learning theory considering the structural risk minimization, it overcomes the defect of the traditional empirical risk minimization, on to identify the small sample problem has a unique advantage, and then get a lot of research in the field of intrusion detection applications [7-8]. 2.3 Data fusion Data fusion is through study and analysis of data from different sources, is a multi-level, multifaceted process of data processing, and the data from multiple sources are automatic detection, correlation, correlation, estimation and combination processing and so on.the classic model is mainly composed of multi-sensor data fusion, calibration, related, identify and estimate parts.multisensor mainly complete raw data collection, the calibration ready for subsequent related and identification, the realization of the real data fusion occurs in the identification and estimation.data fusion process can be divided into two phases, the first stage is mainly to the processing of the underlying data, namely the pixel level fusion and feature level fusion, and the result is a state, characteristics and properties, etc., the second phase of high-level data processing, namely the decision level fusion, threat, purpose and attempt to abstract results. 3 Based on the fusion of neural network algorithm In traditional network anomaly detection model, a network connection of different characteristics in the detection of different network attacks have different influence degree. Here will take a base as calculating the weights of BP artificial neural network algorithm, namely by using BP artificial neural network as the fusion algorithm of computing engine.final fusion decision part of the fusion center, will adopt a weighted summation method to calculate the final decision-making results. Here to set up a based on the design idea of weights were calculated based on the BP neural network and SVM classifier fusion and fusion of BMPM network anomaly detection model, as shown in figure 2: 30 Copyright 2016 SERSC

SVM_I Basic characteristics BMPM_I SVM_T Flow characteristics The BP neural network Fusion center Result BMPM_T SVM_C Content characteristics BMPM_C Fig. 2. The fusion of SVM and BMPM network anomaly detection model As shown in figure 3, the model is mainly composed of three parts, the first part is for different network characteristics of early detection of the SVM and BMPM detection module, this part mainly includes the according to the characters of the early stage of the given prior network data set trained six classifier, this part of the main function is to achieve early detection, in preparation for the subsequent establishment of the BP neural network. Third part for the decision-making parts of the model, the main role of integration analysis, the results of previous processing to get the final test results.this part of the corresponding has 12 input, respectively is in the early period of the six classifier results output and the output of the BP neural network to calculate weight of the six, the final output is the final test results of the model [9-11]. 4 The experiment results analysis Experiments using 10% of KDD Cup1999 training data set, the data set includes a total of 23 different types of attacks, 326421 link records, 92373 normal connection records, each connection record is composed of 31 different attributes, 34 of them for numeric, 7 for character attributes.test data set contains 241225 link records, 37 kinds of different types of attacks, including 14 types of attack did not appear in the training sample.at the same time, all of these attack types can be divided into the following four categories: Dos: namely the denial of service attacks, such as the smurf, teardrop, syn flood, etc.; Probe: namely to detect attacks, such as port scanning and vulnerability scanning; U2R: elevated privileges, such as buffer overflow attacks, etc.; Copyright 2016 SERSC 31

R2L: namely remote access permissions, such as guess password attacks. Experiment of using 10% Normal KDD Cup1999 data set, DOS, the Probe and R2L type of connecting the 4125 attack, U2R type attack connection 236.Selection of these data are for the selected data set of a variety of services, including all the network services.experiments, such as the selection of data is divided into two, and a as the training data set, another one as a test data set, to train the fusion anomaly detection model, and to test the test data set.in order to reflect the effectiveness of the detection model in the fusion, here will use the same set of training data to train the SVM, BMPM and use the same test data set to test the SVM, BMPM and BP, and finally with the comparative analysis of monitoring results of fusion of anomaly detection model [12-15]. Table 1. The detection result of all the attacking types with SVM Attack types The total number Detect attack of attacks number Detection rate Dos 1800 1765 0.980 Probe 1700 1692 0.995 U2R 153 142 0.928 R2L 1800 1750 0.972 Total 5453 5349 0.980 Table 2. The detection result of all the attacking types with BMPM Attack types The total number Detect attack of attacks number Detection rate Dos 1800 1736 0.964 Probe 1700 1682 0.989 U2R 153 146 0.954 R2L 1800 1759 0.977 Total 5453 5343 0.979 Table 3. Detection rate for all types of attacks with fusion of SVM and BMPM Attack types The total number Detect attack of attacks number Detection rate Dos 1800 1756 0.975 Probe 1700 1692 0.995 U2R 153 150 0.980 R2L 1800 1787 0.992 Total 5453 5425 0.994 Can be seen in the chart, and the SVM, BMPM compared single anomaly detection methods, such as the integration of the SVM and BMPM detection methods in keeping the detection rate of reduce the false alarm rate (SVM false-alarm rate = 1.83%, BMPM false-alarm rate = 1.26%, the integration of the SVM and BMPM false-alarm rate = 0.48%).At the same time, specific to a variety of different types of attacks on the detection, fusion method on the DOS attack types of testing, slightly 32 Copyright 2016 SERSC

lower than the SVM detection rate and high detection rate than BMPM, namely in made a balance between two kinds of detection methods, on the three other types of attacks also played a balance SVM and BMPM high detection rate on a single attack type, low detection rate on other types of defects, this fusion model is used to detect multiple attack types with higher stability. 5 Conclusion This paper discusses the SVM and BMPM two single anomaly detection methods by combining the BP neural network, design a fusion of anomaly detection model, and the corresponding fusion algorithm is given.by using a data set to validate, and with a single SVM and BMPM using the same experimental data for comparison, it can be seen that the anomaly detection method based on the integration of the SVM and BMPM better design of the anomaly detection system combines the advantages of SVM and BMPM at the same time, reduces the false alarm rate of the system, namely between the detection rate and false alarm rate with better balance, that is, the method to design the detection system has better performance. References 1. Cao, S., Cao, G., Chen, K.: The Ground Objects Identification for Digital Remote Sensing Image Based on the BP Neural Network [M]// Computer Engineering and Networking. Springer International Publishing, 2014:671-677. 2. Peng, HY.: The BP neural network's GA optimization and its realization on MATLAB [C]// Control and Decision Conference (CCDC), 2013 25th Chinese. IEEE, 2013:536-539. 3. Zhang, K., Zhang, B., Qu, R.: Analysis of eight volume pulse elements based on the BP neural network[c]// Advanced Computational Intelligence (ICACI), 2015 Seventh International Conference on. IEEE, 2015. 4. Shi, T., Yuan, T., Shi, B.: Bus turnaround time prediction research based on the BP neural network [J]. Journal of Shandong Jianzhu University, 2015. 5. Li., QH, Liu, D.: Aluminum Plate Surface Defects Classification Based on the BP Neural Network [J]. Applied Mechanics & Materials, 2015, 734:543-547. 6. Benmoussat, MS., Guillaume, M., Caulier, Y., Automatic metal parts inspection: Use of thermographic images and anomaly detection algorithms [J]. Infrared Physics & Technology, 2013, 61(11):68 80. 7. Bhuyan, M H., Bhattacharyya, DK., Kalita, JK.: Network Anomaly Detection: Methods, Systems and Tools[J]. Communications Surveys & Tutorials IEEE, 2014, 16(1):303-336. 8. Lee, YJ., Yeh, YR., Wang, Y.C.F.: Anomaly Detection via Online Over-Sampling Principal Component Analysis[M]// Anomaly Detection via Online Over. IEEE, 2013:1-1. 9. Li, W., Mahadevan, V., Vasconcelos, N.: Anomaly Detection and Localization in Crowded Scenes.[J]. IEEE Transactions on Pattern Analysis & Machine Intelligence, 2013, 36(1):1. Copyright 2016 SERSC 33

10. Vrabič, R., Škulj, G., Butala, P.: Anomaly detection in shop floor material flow: A network theory approach [J]. CIRP Annals - Manufacturing Technology, 2013, 62(1):487 490. 11. Bhattacharyya, D.K., Kalita, JK.: Network Anomaly Detection: A Machine Learning Perspective [J]. Crc Press, 2013. 12. Poletto, MA, Ratin, A., Gorelik, A.: Aggregator for connection based anomaly detection: US, US8479057 B2 [P]. 2013. 13. Tartakovsky, A.G., Polunchenko, A.S., Sokolov, G.: Efficient Computer Network Anomaly Detection by Changepoint Detection Methods [J]. IEEE Journal of Selected Topics in Signal Processing, 2013, 7(1):4-11. 14. Angello, L., Lieuwen, T., Noble, D.R.: System and method for anomaly detection: WO, WO2013077861 A1 [P]. 2013. 15. Song, J., Takakura, H., Okabe, Y.: Toward a more practical unsupervised anomaly detection system [J]. Information Sciences, 2013, 231(9):4 14. 34 Copyright 2016 SERSC

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback