Summary
This paper presents a neural network (NN) approach to detect intrusions. Previous works used many KDD records to train NNs for detecting intrusions. That is why; our objective here is to show that in case of the KDD data sets, we can obtain good results by training some NNs with a small data subset. To prove that, this study compares the attacks detection and classification by using two training sets: a set of only 260 records and a set of 65536 records. The testing set is composed of 65536 records randomly chosen from the KDD testing set. Our study focused on two classification types of records: a single class (normal or attack), and a multi class where the category of the attack is detected by the NN. Four different types of NNs were tested: Multi-Layer Perceptron (MLP), Modular, Jordan/Elman and Principal Component Analysis (PCA) NN. Two NN structures were used: the first one contains only one hidden layer and the second contains ten hidden layers. Our simulations show that the small data subset (260 records) can be trained to detect and classify attacks more efficiently than the second data subset.
See the full content of this document
Extract
Training a Small Kdd Subset to Detect and Classify Attacks
1. Introduction
Intrusion can be defined as a serie of activities aiming at compromising the security of a computer network system [1]. Intrusions may take many forms: external attacks, internal misuses, network-based attacks, information gathering, denial of service, and so on. Intrusion detection is an important step of protecting the computer network system from intrusions. Intrusion detection systems (IDS) are used to detect, identify and stop intruders. The administrators can rely on them to find out successful attacks and prevent a future use of known exploits. IDS are also considered as a complementary solution to firewall technology by recognizing attacks against the network that are missed by the firewall.There are two basic types of intrusion detection: host-based and network-based. Each has a distinct approach to monitoring and securing data, and each has distinct advantages and disadvantages. In short, host-based IDSs examine data held onindividual computers that serve as hosts, while the network-based IDSs examine data exchanged between...See the full content of this document
Sponsored links
