An efficient anomaly intrusion detection method with evolutionary neural network
Anomaly-based intrusion detection plays a vital role in protecting networks against malicious activities. Despite all the strengths of the anomaly detection systems, there are still drawbacks that reduce the performance of the system. One of the technical challenges is to examine a large amount o...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2020
|
| Subjects: | |
| Online Access: | http://psasir.upm.edu.my/id/eprint/89852/1/FSKTM%202020%2017%20ir.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-upm-ir.89852 |
|---|---|
| record_format |
uketd_dc |
| spelling |
my-upm-ir.898522021-12-06T08:38:51Z An efficient anomaly intrusion detection method with evolutionary neural network 2020-02 Sarvari, Samira Anomaly-based intrusion detection plays a vital role in protecting networks against malicious activities. Despite all the strengths of the anomaly detection systems, there are still drawbacks that reduce the performance of the system. One of the technical challenges is to examine a large amount of data which makes a large number of computations and low detection rates problematic. Another critical issue in anomaly detection is to produce a high false alarm rate that reduce the efficiency of the system. In recent years, detection methods based on machine learning techniques are widely deployed in order to improve the efficiency of anomaly-based detection. Among these techniques, Artificial Neural Network-Multilayer Perceptron (ANN-MLP) is one of the significant used techniques that has been successful in solving many complex practical problems. However, ANN-MLP without activation function would simply be a linear regression model which has limitation and does not perform well most of the times. Although activation functions are important for MLP to learn but for nonlinear complex functional mappings it has complicated calculation which reduces the accuracy of classification. To overcome the aforementioned issues, in this research proposed anomaly based detection is designed with Evolutionary Neural Network (ENN) by three different detection methods. The first anomaly detection method is designed using a new feature selection technique called Mutation Cuckoo Fuzzy (MCF) and evolutionary neural network classification called MultiVerse Optimizer- Artificial Neural Network (MVO-ANN) to improve the performance and execution time. The second anomaly detection method is the Evolutionary Kernel Neural Network Random Weights (EKNNRW) in order to increase the accuracy of classification. The third proposed method is a new Evolutionary Neural Network (ENN) algorithm with a combination of Genetic Algorithm and Multiverse Optimizer (GAMVO) as a training part of ANN to create efficient anomaly-based detection with low false alarm rate. The proposed methods have been applied to the problem of intrusion detection and validated based on the famous dataset NSL-KDD. Based on the first method, the result of execution time for the proposed method (MCF & MVO-ANN) is 60.33s, while previous research (MVO-ANN) indicates 163.07s in second. Furthermore, performance of proposed method is much improved as compared to previous research. In the second method (EKNNRW), accuracy obtained 99.24% whereas accuracy in previous research was 98.03%. The experiment results show that not only accuracy also detection rate and false alarm rate have had an exhibitive improve. The third proposed method (GAMVO-ANN) obtained detection rate and false alarm rate of 98.65% and 0.012% respectively which outperforming the previous research and the two previous methods proposed in this research. Several directions can be taken to extend this work such as a combination of an IDS with the IPS system to be capable of dropping or blocking network connections that are determined too risky, extend the model for multi-class classification problems and using hybrid IDS (combining anomaly and signature-based detection systems) to respond to wider ranges of intrusions and increase the level of security of a network. Computer networks - Security measures Intrusion detection systems (Computer security) Neural networks (Computer science) 2020-02 Thesis http://psasir.upm.edu.my/id/eprint/89852/ http://psasir.upm.edu.my/id/eprint/89852/1/FSKTM%202020%2017%20ir.pdf text en public doctoral Universiti Putra Malaysia Computer networks - Security measures Intrusion detection systems (Computer security) Neural networks (Computer science) Mohd Sani, Nor Fazlida |
| institution |
Universiti Putra Malaysia |
| collection |
PSAS Institutional Repository |
| language |
English |
| advisor |
Mohd Sani, Nor Fazlida |
| topic |
Computer networks - Security measures Intrusion detection systems (Computer security) Neural networks (Computer science) |
| spellingShingle |
Computer networks - Security measures Intrusion detection systems (Computer security) Neural networks (Computer science) Sarvari, Samira An efficient anomaly intrusion detection method with evolutionary neural network |
| description |
Anomaly-based intrusion detection plays a vital role in protecting networks against
malicious activities. Despite all the strengths of the anomaly detection systems, there
are still drawbacks that reduce the performance of the system. One of the technical
challenges is to examine a large amount of data which makes a large number of
computations and low detection rates problematic. Another critical issue in anomaly
detection is to produce a high false alarm rate that reduce the efficiency of the system.
In recent years, detection methods based on machine learning techniques are widely
deployed in order to improve the efficiency of anomaly-based detection. Among these
techniques, Artificial Neural Network-Multilayer Perceptron (ANN-MLP) is one of
the significant used techniques that has been successful in solving many complex
practical problems. However, ANN-MLP without activation function would simply
be a linear regression model which has limitation and does not perform well most of
the times. Although activation functions are important for MLP to learn but for nonlinear
complex functional mappings it has complicated calculation which reduces the
accuracy of classification.
To overcome the aforementioned issues, in this research proposed anomaly based
detection is designed with Evolutionary Neural Network (ENN) by three different
detection methods. The first anomaly detection method is designed using a new feature
selection technique called Mutation Cuckoo Fuzzy (MCF) and evolutionary neural
network classification called MultiVerse Optimizer- Artificial Neural Network
(MVO-ANN) to improve the performance and execution time. The second anomaly
detection method is the Evolutionary Kernel Neural Network Random Weights
(EKNNRW) in order to increase the accuracy of classification. The third proposed
method is a new Evolutionary Neural Network (ENN) algorithm with a combination
of Genetic Algorithm and Multiverse Optimizer (GAMVO) as a training part of ANN
to create efficient anomaly-based detection with low false alarm rate. The proposed methods have been applied to the problem of intrusion detection and validated based
on the famous dataset NSL-KDD.
Based on the first method, the result of execution time for the proposed method (MCF
& MVO-ANN) is 60.33s, while previous research (MVO-ANN) indicates 163.07s in
second. Furthermore, performance of proposed method is much improved as
compared to previous research. In the second method (EKNNRW), accuracy obtained
99.24% whereas accuracy in previous research was 98.03%. The experiment results
show that not only accuracy also detection rate and false alarm rate have had an
exhibitive improve. The third proposed method (GAMVO-ANN) obtained detection
rate and false alarm rate of 98.65% and 0.012% respectively which outperforming the
previous research and the two previous methods proposed in this research. Several
directions can be taken to extend this work such as a combination of an IDS with the
IPS system to be capable of dropping or blocking network connections that are
determined too risky, extend the model for multi-class classification problems and
using hybrid IDS (combining anomaly and signature-based detection systems) to
respond to wider ranges of intrusions and increase the level of security of a network. |
| format |
Thesis |
| qualification_level |
Doctorate |
| author |
Sarvari, Samira |
| author_facet |
Sarvari, Samira |
| author_sort |
Sarvari, Samira |
| title |
An efficient anomaly intrusion detection method with evolutionary neural network |
| title_short |
An efficient anomaly intrusion detection method with evolutionary neural network |
| title_full |
An efficient anomaly intrusion detection method with evolutionary neural network |
| title_fullStr |
An efficient anomaly intrusion detection method with evolutionary neural network |
| title_full_unstemmed |
An efficient anomaly intrusion detection method with evolutionary neural network |
| title_sort |
efficient anomaly intrusion detection method with evolutionary neural network |
| granting_institution |
Universiti Putra Malaysia |
| publishDate |
2020 |
| url |
http://psasir.upm.edu.my/id/eprint/89852/1/FSKTM%202020%2017%20ir.pdf |
| _version_ |
1747813585388568576 |