Convergence Security Journal (융합보안논문지)

Korea convergence Security Association (한국융합보안학회)
권호 표지

An Intrusion Detection System based on the Artificial Neural Network for Real Time Detection

실시간 탐지를 위한 인공신경망 기반의 네트워크 침입탐지 시스템

  • 김태희 (동신대학교 에너지융합대학 융합정보보안전공) ;
  • 강승호 (동신대학교 에너지융합대학 융합정보보안전공)
  • Received : 2017.03.08
  • Accepted : 2017.03.21
  • Published : 2017.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

As the cyber-attacks through the networks advance, it is difficult for the intrusion detection system based on the simple rules to detect the novel type of attacks such as Advanced Persistent Threat(APT) attack. At present, many types of research have been focused on the application of machine learning techniques to the intrusion detection system in order to detect previously unknown attacks. In the case of using the machine learning techniques, the performance of the intrusion detection system largely depends on the feature set which is used as an input to the system. Generally, more features increase the accuracy of the intrusion detection system whereas they cause a problem when fast responses are required owing to their large elapsed time. In this paper, we present a network intrusion detection system based on artificial neural network, which adopts a multi-objective genetic algorithm to satisfy the both requirements: accuracy, and fast response. The comparison between the proposing approach and previously proposed other approaches is conducted against NSL_KDD data set for the evaluation of the performance of the proposing approach.

네트워크를 통한 사이버 공격 기법들이 다양화, 고급화 되면서 간단한 규칙 기반의 침입 탐지/방지 시스템으로는 지능형 지속 위협(Advanced Persistent Threat: APT) 공격과 같은 새로운 형태의 공격을 찾아내기가 어렵다. 기존에 알려지지 않은 형태의 공격 방식을 탐지하는 이상행위 탐지(anomaly detection)를 위한 해결책으로 최근 기계학습 기법을 침입탐지 시스템에 도입한 연구들이 많다. 기계학습을 이용하는 경우, 사용하는 특징 집합에 침입탐지 시스템의 효율성과 성능이 크게 좌우된다. 일반적으로, 사용하는 특징이 많을수록 침입탐지 시스템의 정확성은 높아지는 반면 탐지를 위해 소요되는 시간이 많아져 긴급성을 요하는 경우 문제가 된다. 논문은 이러한 두 가지 조건을 동시에 충족하는 특징 집합을 찾고자 다목적 유전자 알고리즘을 제안하고 인공신경망에 기반한 네트워크 침입탐지 시스템을 설계한다. 제안한 방법의 성능 평가를 위해 NSL_KDD 데이터를 대상으로 이전에 제안된 방법들과 비교한다.

Keywords

References

  1. G. Wang, J. Hao, J. Ma, and L. Huang, "A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering", Expert Systems with Applications, Vol. 37, Issue 9, pp. 6225-6232, 2010. https://doi.org/10.1016/j.eswa.2010.02.102
  2. Md. Al mohediHasan, M. Nasser, and B. Pal, "On the KDD'99 Dataset: Support Vector Machine Based Intrusion Detection System (IDS) with Different Kernels", International Journal of Electronics Communication and Computer Engineering, Vol. 4, Issue 4, pp. 1164-1170, 2013.
  3. H. S. Huang, "Supervised feature selection: A tutorial", Artificial Intelligence Research, Vol. 4, No. 2, 2015.
  4. H. G. Kayacik, A. N. Zincir-Heywood, and M. I. Heywood, "Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Intrusion Detection Datasets," in Thrid Annual Conference on Privacy, Security and Trust, St. Andrews, New Brunswick, Canada, 2005.
  5. A. A. Olusola, A. S. Oladele, and D. O. Abosede, "Analysis of KDD '99 Intrusion Detection Dataset for Selection of Relevance Features," in Proc. of the World Congress on Engineering and Computer Science, Vol. 1, 2010.
  6. S. Parazad, E. Saboori, and A. Allahyar, "Fast Feature Reduction in Intrusion Detection Datasets," in MIPRO, Proceedings of the 35th International Convention, pp.1023-1029, 2012.
  7. KDD Cup 1999. Available on:http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, 2007.
  8. NSL_KDD data set. Avalilable on: http://nsl.cs.unb.ca/NSL-KDD/
  9. M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, "A Detailed Analysis of the KDD CUP 99 Data Set," Proc. 2009 IEEE Int. Conf. Comput. Intell. Security Defense Appl. CISDA, pp. 53-58, 2009.
  10. T. Naidoo, J. R. Tapamo and A. McDonald, "Feature selection for anomaly-based network intrusion detection using cluster validity indices", In: SATNAC: Africa - The Future Communications Galaxy, 2015.
  11. M. Sabhnani and G. Serpen, "Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context," Proc. of International Conference on Machine Learning: Models, Technologies, and Applications, pp. 209-215, 2013.
  12. A. Konak, D. Coit, and A. Smith, "Multi-objective optimization using genetic algorithms: a tutorial", Reliability Engineering & System Safety in Special Issue - Genetic Algorithms and Reliability, vol. 92, pp. 992-1007, 2006.
  13. S. H. Kang, and K. J. Kim, "A feature selection approach to find optimal feature subsets for the network intrusion detection system", Cluster Computing, Vol. 19, Issue 1, pp 325-333, 2016. https://doi.org/10.1007/s10586-015-0527-8
  14. I. S. Jeong, H. K. Kim, T. H. Kim, D. H. Lee, K. J. Kim and S. H. Kang, "A Feature Selection Approach Based on Simulated Annealing for Detecting Various Denial of Service Attacks", Convergence Security, Vol. 1, pp. 1-18., 2016.