Improving Performance and Convergence Rates in Multi-Layer Feed Forward Neural Network Intrusion Detection Systems: A Review of the Literature

Improving Performance and Convergence Rates in Multi-Layer Feed Forward Neural Network Intrusion Detection Systems: A Review of the Literature

Loye Lynn Ray (University of Maryland, College Park, MD, USA) and Henry Felch (University of Maine, Orono, ME, USA)
DOI: 10.4018/ijsita.2014070102


Today's anomaly-based network intrusion detection systems (IDSs) are plagued with detecting new and unknown attacks. The review of the literature builds ideas for researching the problem of detecting these attacks using multi-layered feed forward neural network (MLFFNN) IDSs. The scope of the paper focused on a review of the literature from primarily 2008 to the present found in peer-review and scholarly journals. A key word search was used to compare and contrast the literature to find strengths, weaknesses and gaps. The significance of the research found that further work is needed to improve the performance and convergence rates of MLFFNN IDSs. This literature review contributes to the area of intrusion detection by looking at the effects of architecture, algorithms, and input data on the performance and convergence rates of MLFFNN IDSs.
Article Preview


The goal of a network intrusion detection system (IDS) is to define normal and abnormal behavior across the computer network (Kabiri & Ghorbani, 2005). Furthermore, they are constantly attacked and must be able to defend against these intrusions. Mafra, Moll, Fraga and Santin (2010) see this as a recurring problem. This research will look into devising a model for detecting these new and unknown attacks using multi-layered neural networks and advanced algorithms. However, these systems have problems that can affect their performance in detecting intrusions unless they are addressed. These include: poor accuracy, limited real-time performance, reduced scalability, can’t detect new threats and weak response (Kandeeban & Rajesh, 2011a). This research will look into solving some of these problems to improve detection of new and unknown attacks upon network systems.

However, today’s intrusion detection systems are plagued with working in a dynamic attack environment where hackers use new or variants of current threats. Improper detection of attacks can lead to the compromise of sensitive data and possible identity or money theft. A challenge for IDSs is to detect these new threats that adapt to evade current detection methods (Chandola, Banderjee & Kumar, 2009). Current signature-based detection methods cannot keep up with this changing environment (Joo, Hing & Han, 2003). This forces IDSs to adapt to changing environments by using anomaly detection methods. The common model used is an anomaly-based multi-layer feed forward neural network (MLFFNN) IDS. The MLFFNN IDS model takes in traffic data and feeds it through the network to its output without any feedback to the input. These models can adapt to learn about new and unknown intrusions according to Hua and Xiaofeng (2008). However, accurate classification of attacks by anomaly detection is affected by the architecture, input data and the algorithm used (Choudhary & Swarup, 2009). Architecture and algorithms used can affect the performance and convergence rates of anomaly-based IDSs (Choudhary & Swarup, 2009). The performance rate is the measurement of how well the IDS detects intrusions. It consists of the detection rate of how well the device discovers an abnormality and the error rate, which is when the device doesn’t correctly identify the threat. The convergence rate is a measurement of the time it takes to train the IDS. This is measured in seconds and how many times the process has to repeat itself until a certain error threshold is met. Each time the process is repeated is called an epoch. Research is ongoing to optimize MLFFNN IDS performance and convergence rates to handle these dynamic attacks. Contributing to this is the difficulty that an IDS must work correctly in unknown environments and deal with different attacks (Al-Sharafat & Naoum, 2009).

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 10: 4 Issues (2019): Forthcoming, Available for Pre-Order
Volume 9: 4 Issues (2018): 2 Released, 2 Forthcoming
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing