A Hybrid NIDS Model Using Artificial Neural Network and D-S Evidence

A Hybrid NIDS Model Using Artificial Neural Network and D-S Evidence

Chunlin Lu, Yue Li, Mingjie Ma, Na Li
DOI: 10.4018/978-1-7998-0414-7.ch027
(Individual Chapters)
No Current Special Offers


Artificial Neural Networks (ANNs), especially back-propagation (BP) neural network, can improve the performance of intrusion detection systems. However, for the current network intrusion detection methods, the detection precision, especially for low-frequent attacks, detection stability and training time are still needed to be enhanced. In this paper, a new model which based on optimized BP neural network and Dempster-Shafer theory to solve the above problems and help NIDS to achieve higher detection rate, less false positive rate and stronger stability. The general process of the authors' model is as follows: firstly dividing the main extracted feature into several different feature subsets. Then, based on different feature subsets, different ANN models are trained to build the detection engine. Finally, the D-S evidence theory is employed to integration these results, and obtain the final result. The effectiveness of this method is verified by experimental simulation utilizing KDD Cup1999 dataset.
Chapter Preview

As mentioned above, more and more researches use artificial neural network to improve the performance of IDS. According to the number of the ANN techniques used, ANN based IDS can be categorized as: Simple ANN Based IDS and Hybrid ANN Based IDS.

Simple ANN applied to IDS mainly includes: Back Propagation neural network (BPNN). Back Propagation neural network (BPNN) (Wei, Z., Hao-yu, W., Xu, Z., Yu-xin, Z., & Ai-guo, W. 2010) is used to detect intrusion behavior, due to its ability of accurate prediction and better persistence. Authors of this paper illustrate BPNN is good in detection of the known and unknown attack. But, to train the BPNN, number of the epochs required was very high which lead to very high training time. If network is over trained then it can decrease the performance, and to overcome, one has to define the early stopping condition. Some researchers have compared the effectiveness of the simple ANN based IDS with other methods such as support vector machines and neural network (SVM)(Mukkamala, S., Janoski, G., & Sung, A. 2002), intrusion IDS using self-organizing maps(SOM) (Pachghare, V. K., Kulkarni, P., & Nikam, D. M. 2009), simulated annealing neural network(SANN) (Gao, M., & Tian, J. 2009) . Simple ANN based IDS had been shown to have lower detection performance and long training time, especially in dealing with a large amount of data at a high speed.

Complete Chapter List

Search this Book: