Intrusion Detection at Packet Level by Unsupervised Architectures | SpringerLink
Skip to main content
Springer Nature Link
Log in

Intrusion Detection at Packet Level by Unsupervised Architectures

  • Conference paper
Intelligent Data Engineering and Automated Learning - IDEAL 2007 (IDEAL 2007)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4881))

Abstract

Intrusion Detection Systems (IDS’s) monitor the traffic in computer networks for detecting suspect activities. Connectionist techniques can support the development of IDS’s by modeling ‘normal’ traffic. This paper presents the application of some unsupervised neural methods to a packet dataset for the first time. This work considers three unsupervised neural methods, namely, Vector Quantization (VQ), Self-Organizing Maps (SOM) and Auto-Associative Back-Propagation (AABP) networks. The former paradigm proves quite powerful in supporting the basic space-spanning mechanism to sift normal traffic from anomalous traffic. The SOM attains quite acceptable results in dealing with some anomalies while it fails in dealing with some others. The AABP model effectively drives a nonlinear compression paradigm and eventually yields a compact visualization of the network traffic progression.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Laskov, P., Dussel, P., Schafer, C., Rieck, K.: Learning Intrusion Detection: Supervised or Unsupervised? In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol. 3617, pp. 50–57. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  2. Liao, Y., Vemuri, V.R.: Use of K-nearest Neighbor Classifier for Intrusion Detection. Comput. Security 21(5), 439–448 (2002)

    Article  Google Scholar 

  3. Sarasamma, S.T., Qiuming, A.Z., Huff, J.: Hierarchical Kohonen Net for Anomaly Detection in Network Security. IEEE Trans. on SMC – part B 35(2) (2005)

    Google Scholar 

  4. Zanero, S.: Analyzing TCP Traffic Patterns Using Self Organizing Maps. In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol. 3617, pp. 83–90. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  5. Zheng, J., Hu, M.: An Anomaly Intrusion Detection System Based on Vector Quantization. ICIE Trans. on Inf. & Syst. E89-D(1) (2006)

    Google Scholar 

  6. Ridella, S., Rovetta, S., Zunino, R.: Plastic Algorithm for Adaptive Vector Quantization. Neural Computing & Applications 7, 37–51 (1998)

    Article  MATH  Google Scholar 

  7. Kohonen, T.: The Self-Organizing Map. Proceedings of the IEEE 78(9), 1464–1480 (1990)

    Article  Google Scholar 

  8. Kramer, M.A.: Nonlinear Principal Component Analysis using Autoassociative Neural Networks. AIChE Journal 37(2) (1991)

    Google Scholar 

  9. Cisco Secure Consulting: Vulnerability Statistics Report (2000)

    Google Scholar 

  10. Corchado, E., Herrero, A., Saiz, J.M.: Detecting Compounded Anomalous SNMP Situations using Unsupervised Pattern Recognition. In: Duch, W., Kacprzyk, J., Oja, E., Zadrożny, S. (eds.) ICANN 2005. LNCS, vol. 3697, pp. 905–910. Springer, Heidelberg (2005)

    Google Scholar 

  11. Corchado, E., Herrero, A., Saiz, J.M.: Testing CAB-IDS through Mutations: on the Identification of Network Scans. In: Gabrys, B., Howlett, R.J., Jain, L.C. (eds.) KES 2006. LNCS (LNAI), vol. 4252, pp. 433–441. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  12. Elkan, M.: Results of the KDD 1999 Classifier Learning Contest (1999), online from: http://www-cse.ucsd.edu/users/elkan/clresults.html

  13. Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 162–182. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  14. Sabhnani, M., Serpen, G.: Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context. In: Proc. MLMTA 2003, pp. 623–630 (2003)

    Google Scholar 

  15. Lee, W., Xiang, D.: Information-Theoretic Measures for Anomaly Detection. In: Proc. 2001 IEEE Symp. on Security and Privacy, pp. 130–143 (2001)

    Google Scholar 

  16. Lee, W., Stolfo, S.J., Mok, K.W.: Mining in a Data-Flow Environment: Experience in Network Intrusion Detection. In: KDD 1999. Proc. 5th ACM International Conference on Knowledge Discovery and Data Mining, pp. 114–124 (1999)

    Google Scholar 

  17. Lee, W., Stolfo, S.J., Mok, K.W.: Adaptive Intrusion Detection: A Data Mining Approach. Artificial Intelligence Review 14(6), 533–567 (2000)

    Article  MATH  Google Scholar 

  18. Martinetz, T., Berkovich, S.G., Schulten, K.J.: Neural Gas Network for Vector Quantization and its Application to Time-Series Prediction. IEEE TNN 4(4), 558–569 (1993)

    Google Scholar 

  19. Kohonen, T., Lehtio, P., Rovamo, J., Hyvarinen, J., Bry, K., Vainio, L.: Principle of Neural Associative Memory. Neuroscience 2(6), 1065–1076 (1977)

    Article  Google Scholar 

  20. Kiviluoto, K.: Topology Preservation in Self-Organizing Maps. In: IEEE International Conference on Neural Networks, vol. 1, pp. 294–299 (1996)

    Google Scholar 

  21. Kohonen, T.: Self-Organizing Maps. Springer Series In Information Sciences, vol. 30. Springer, New York (1997)

    MATH  Google Scholar 

  22. Pearson, K.: On Lines and Planes of Closest Fit to Systems of Points in Space. Philosophical Magazine 2(6), 559–572 (1901)

    Google Scholar 

  23. Rumelhart, D.E., McClelland, J.L.: Parallel Distributed Processing. MIT Press, Cambridge, MA (1986)

    Google Scholar 

  24. Widrow, W., Lehr, M.A.: 30 Years of Adaptive Neural Networks: Perceptron, Madaline and Back Propagation. Proc. IEEE 78(9), 1415–1442 (1990)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Civil Engineering, University of Burgos, C/ Francisco de Vitoria s/n, 09006 Burgos, Spain

    Álvaro Herrero & Emilio Corchado

  2. Dept. of Biophysical and Electronic Engineering (DIBE), Genoa University, Via Opera Pia 11a, 16145 Genoa, Italy

    Paolo Gastaldo, Davide Leoncini, Francesco Picasso & Rodolfo Zunino

Authors
  1. Álvaro Herrero
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emilio Corchado
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paolo Gastaldo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Davide Leoncini
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Francesco Picasso
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Rodolfo Zunino
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Hujun Yin Peter Tino Emilio Corchado Will Byrne Xin Yao

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Herrero, Á., Corchado, E., Gastaldo, P., Leoncini, D., Picasso, F., Zunino, R. (2007). Intrusion Detection at Packet Level by Unsupervised Architectures. In: Yin, H., Tino, P., Corchado, E., Byrne, W., Yao, X. (eds) Intelligent Data Engineering and Automated Learning - IDEAL 2007. IDEAL 2007. Lecture Notes in Computer Science, vol 4881. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77226-2_72

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-77226-2_72

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-77225-5

  • Online ISBN: 978-3-540-77226-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics