JCSE, vol. 5, no. 4, pp.305-313, 2011

DOI: http://dx.doi.org/10.5626/JCSE.2011.5.4.305

Intrusion Detection: Supervised Machine Learning

Ahmed H. Fares, Mohamed I. Sharawy, Hala H. Zayed
Department of Electrical & Computer Engineering, Benha University, Cairo, Egypt/ Department of Computer Science, Faculty of Computers, Benha University, Cairo, Egypt

Abstract: Due to the expansion of high-speed Internet access, the need for secure and reliable networks has become more critical. The sophistication of network attacks, as well as their severity, has also increased recently. As such, more and more organizations are becoming vulnerable to attack. The aim of this research is to classify network attacks using neural networks (NN), which leads to a higher detection rate and a lower false alarm rate in a shorter time. This paper focuses on two classification types: a single class (normal, or attack), and a multi class (normal, DoS, PRB, R2L, U2R), where the category of attack is also detected by the NN. Extensive analysis is conducted in order to assess the translation of symbolic data, partitioning of the training data and the complexity of the architecture. This paper investigates two engines; the first engine is the back-propagation neural network intrusion detection system (BPNNIDS) and the second engine is the radial basis function neural network intrusion detection system (BPNNIDS).The two engines proposed in this paper are tested against traditional and other machine learning algorithms using a common dataset: the DARPA 98 KDD99 benchmark dataset from International Knowledge Discovery and Data Mining Tools. BPNNIDS shows a superior response compared to the other techniques reported in literature especially in terms of response time, detection rate and false positive rate.

Keyword: Intrusion detection systems; Machine learning; Denial of service; Neural networks; The Defense Advanced

Full Paper:   360 Downloads, 3058 View