Result: Flow-based anomaly detection in high-speed links using modified GSA-optimized neural network

Title:
Flow-based anomaly detection in high-speed links using modified GSA-optimized neural network
Authors:
SHEIKHAN, Mansour, JADIDI, Zahra
Source:
Neural computing & applications (Print). 24(3-4):599-611
Publisher Information:
London: Springer, 2014.
Publication Year:
2014
Physical Description:
print, 120 ref
Original Material:
INIST-CNRS
Subject Terms:
Computer science, Informatique, Neurology, Neurologie, Sciences exactes et technologie, Exact sciences and technology, Sciences appliquees, Applied sciences, Informatique; automatique theorique; systemes, Computer science; control theory; systems, Informatique théorique, Theoretical computing, Algorithmique. Calculabilité. Arithmétique ordinateur, Algorithmics. Computability. Computer arithmetics, Logiciel, Software, Systèmes informatiques et systèmes répartis. Interface utilisateur, Computer systems and distributed systems. User interface, Organisation des mémoires. Traitement des données, Memory organisation. Data processing, Gestion des mémoires et des fichiers (y compris la protection et la sécurité des fichiers), Memory and file management (including protection and security), Intelligence artificielle, Artificial intelligence, Connexionnisme. Réseaux neuronaux, Connectionism. Neural networks, Algorithme rétropropagation, Backpropagation algorithm, Algoritmo retropropagación, Anomalie, Anomaly, Anomalía, Classification, Clasificación, Commutation paquet, Packet switching, Conmutación por paquete, Disponibilité, Availability, Disponibilidad, Délinquance, Delinquency, Delincuencia, Détecteur intrus, Intruder detector, Detector intruso, Ecoulement trafic, Traffic flow, Flujo tráfico, Extensibilité, Scalability, Estensibilidad, Flot réseau, Network flow, Flujo red, Grande vitesse, High speed, Gran velocidad, Gravitation, Gravitación, Infrastructure, Infraestructura, Intelligence artificielle, Artificial intelligence, Inteligencia artificial, Intelligence en essaim, Swarm intelligence, Inteligencia de enjambre, Internet, Monitorage, Monitoring, Monitoreo, Méthode heuristique, Heuristic method, Método heurístico, Optimisation PSO, Particle swarm optimization, Optimización PSO, Propagation erreur, Growth of error, Propagación error, Réseau multicouche, Multilayer network, Red multinivel, Réseau neuronal, Neural network, Red neuronal, Résultat expérimental, Experimental result, Resultado experimental, Rétropropagation, Backpropagation, Retropropagacíon, Système réparti, Distributed system, Sistema repartido, Sécurité informatique, Computer security, Seguridad informatica, Temps traitement, Processing time, Tiempo proceso, Traitement donnée, Data processing, Tratamiento datos, Perceptron multicouche, Multilayer perceptrons, Perceptrón multicapa, Système détection intrusion, Intrusion detection systems, Sistema de detección de intrusiones, Computer networks, Flow-based anomaly detection, Modified GSA, PSO
Document Type:
Academic journal Article
File Description:
text
Language:
English
Author Affiliations:
Electrical Engineering Department, Engineering Faculty, Islamic Azad University, South Tehran Branch, P.O. Box: 11365-4435, Tehran, Iran, Islamic Republic of
ISSN:
0941-0643
Access URL:
http://pascal-francis.inist.fr/vibad/index.php?action=search&terms=28616958
Rights:
Copyright 2015 INIST-CNRS
CC BY 4.0
Sauf mention contraire ci-dessus, le contenu de cette notice bibliographique peut être utilisé dans le cadre d’une licence CC BY 4.0 Inist-CNRS / Unless otherwise stated above, the content of this bibliographic record may be used under a CC BY 4.0 licence by Inist-CNRS / A menos que se haya señalado antes, el contenido de este registro bibliográfico puede ser utilizado al amparo de una licencia CC BY 4.0 Inist-CNRS
Notes:
Computer science; theoretical automation; systems
Accession Number:
edscal.28616958
Database:
PASCAL Archive

Further Information

Ever growing Internet causes the availability of information. However, it also provides a suitable space for malicious activities, so security is crucial in this virtual environment. The network intrusion detection system (NIDS) is a popular tool to counter attacks against computer networks. This valuable tool can be realized using machine learning methods and intrusion datasets. Traditional datasets are usually packet-based in which all network packets are analyzed for intrusion detection in a time-consuming process. On the other hand, the recent spread of 1-10-Gbps-technologies have clearly pointed out that scalability is a growing problem. In this way, flow-based solutions can help to solve the problem by reduction of data and processing time, opening the way to high-speed detection on large infrastructures. Besides, NIDS should be capable of detecting new malicious activities. Artificial neural network-based NIDSs can detect unseen attacks, so a multi-layer perceptron (MLP) neural classifier is used in this study to distinguish benign and malicious traffic in a flow-based NIDS. In this way, a modified gravitational search algorithm (MGSA), as a modern heuristic technique, is employed to optimize the interconnection weights of the neural anomaly detector. The proposed scheme is trained using an enhanced version of the first labeled flow-based dataset for intrusion detection introduced in 2009. In addition, the particle swarm optimization (PSO) algorithm and traditional error back-propagation (EBP) algorithm are employed to train MLP, so performance comparison becomes possible. The experimental results based on the actual network data show that the MGSA-optimized neural anomaly detector is effective for monitoring abnormal traffic flows in the gigabytes traffic environment, and the accuracy is about 97.8 %.