An efficient anomaly intrusion detection method with evolutionary neural network
Anomaly-based intrusion detection plays a vital role in protecting networks against malicious activities. Despite all the strengths of the anomaly detection systems, there are still drawbacks that reduce the performance of the system. One of the technical challenges is to examine a large amount o...
Saved in:
| 主要作者: | |
|---|---|
| 格式: | Thesis |
| 語言: | English |
| 出版: |
2020
|
| 主題: | |
| 在線閱讀: | http://psasir.upm.edu.my/id/eprint/89852/1/FSKTM%202020%2017%20ir.pdf |
| 標簽: |
添加標簽
沒有標簽, 成為第一個標記此記錄!
|
| 總結: | Anomaly-based intrusion detection plays a vital role in protecting networks against
malicious activities. Despite all the strengths of the anomaly detection systems, there
are still drawbacks that reduce the performance of the system. One of the technical
challenges is to examine a large amount of data which makes a large number of
computations and low detection rates problematic. Another critical issue in anomaly
detection is to produce a high false alarm rate that reduce the efficiency of the system.
In recent years, detection methods based on machine learning techniques are widely
deployed in order to improve the efficiency of anomaly-based detection. Among these
techniques, Artificial Neural Network-Multilayer Perceptron (ANN-MLP) is one of
the significant used techniques that has been successful in solving many complex
practical problems. However, ANN-MLP without activation function would simply
be a linear regression model which has limitation and does not perform well most of
the times. Although activation functions are important for MLP to learn but for nonlinear
complex functional mappings it has complicated calculation which reduces the
accuracy of classification.
To overcome the aforementioned issues, in this research proposed anomaly based
detection is designed with Evolutionary Neural Network (ENN) by three different
detection methods. The first anomaly detection method is designed using a new feature
selection technique called Mutation Cuckoo Fuzzy (MCF) and evolutionary neural
network classification called MultiVerse Optimizer- Artificial Neural Network
(MVO-ANN) to improve the performance and execution time. The second anomaly
detection method is the Evolutionary Kernel Neural Network Random Weights
(EKNNRW) in order to increase the accuracy of classification. The third proposed
method is a new Evolutionary Neural Network (ENN) algorithm with a combination
of Genetic Algorithm and Multiverse Optimizer (GAMVO) as a training part of ANN
to create efficient anomaly-based detection with low false alarm rate. The proposed methods have been applied to the problem of intrusion detection and validated based
on the famous dataset NSL-KDD.
Based on the first method, the result of execution time for the proposed method (MCF
& MVO-ANN) is 60.33s, while previous research (MVO-ANN) indicates 163.07s in
second. Furthermore, performance of proposed method is much improved as
compared to previous research. In the second method (EKNNRW), accuracy obtained
99.24% whereas accuracy in previous research was 98.03%. The experiment results
show that not only accuracy also detection rate and false alarm rate have had an
exhibitive improve. The third proposed method (GAMVO-ANN) obtained detection
rate and false alarm rate of 98.65% and 0.012% respectively which outperforming the
previous research and the two previous methods proposed in this research. Several
directions can be taken to extend this work such as a combination of an IDS with the
IPS system to be capable of dropping or blocking network connections that are
determined too risky, extend the model for multi-class classification problems and
using hybrid IDS (combining anomaly and signature-based detection systems) to
respond to wider ranges of intrusions and increase the level of security of a network. |
|---|