تشخیص نفوذ در شبکه با استفاده از ترکیب شبکه‌های عصبی مصنوعی به‌صورت سلسله مراتبی

نوع مقاله : مقاله پژوهشی

نویسندگان

1 استادیار گروه مهندسی کامپیوتر، دانشکده فنی و مهندسی، دانشگاه تربت‌حیدریه، تربت‌حیدریه، ایران

2 مربی گروه کامپیوتر، دانشگاه آزاد اسلامی تربت‌حیدریه، تربت حیدریه، ایران

3 دانش آموخته کارشناسی کامپیوتر، گروه مهندسی کامپیوتر، دانشکده فنی و مهندسی، دانشگاه تربت‌حیدریه، تربت‌حیدریه، ایران

چکیده

ﺑﺎ رﺷﺪ ﻓﻨﺎوری اﻃﻼﻋﺎت، اﻣﻨﯿﺖ ﺷﺒﮑﻪ به‌عنوان ﯾﮑﯽ از ﻣﺒﺎﺣﺚ ﻣﻬﻢ و ﭼﺎﻟﺶ ﺑﺴﯿﺎر ﺑﺰرگ ﻣﻄﺮح اﺳﺖ. ﺳامانه­های ﺗﺸﺨﯿﺺ ﻧﻔﻮذ، مؤلفه اﺻﻠﯽ ﯾﮏ ﺷﺒﮑﻪ اﻣﻦ اﺳﺖ که حملاتی را که توسط فایروال­ها شناسایی نمی‌شود، تشخیص می‌دهد. این سامانه­ها با داده­های حجیم برای تحلیل مواجه هستند. بررسی مجموعه داده­های سامانه‌های تشخیص نفوذ نشان می‌دهد که بسیاری از ویژگی‌ها، غیرمفید و یا بی‌تأثیر هستند؛ بنابراین، حذف برخی ویژگی‌ها از مجموعه به‌عنوان یک راه‌کار برای کاهش حجم سربار و درنتیجه بالا بردن سرعت سیستم تشخیص، معرفی می‌شود. برای بهبود عملکرد سیستم تشخیص نفوذ، شناخت مجموعه ویژگی بهینه برای انواع حملات ضروری است. این پژوهش علاوه بر ارائه مدلی بر اساس ترکیب شبکه‌های عصبی مصنوعی برای اولین بار به‌منظور تشخیص نفوذ، روشی را برای استخراج ویژگی‌های بهینه، بر روی مجموعه داده KDD CUP 99 که مجموعه داده استاندارد جهت آزمایش روش‌های تشخیص نفوذ به شبکه‌های کامپیوتری می‌باشد، ارائه می‌نماید.

کلیدواژه‌ها


عنوان مقاله [English]

Network Intrusion Detection using a combination of artificial neural networks in a hierarchical manner

نویسندگان [English]

  • A. Maroosi 1
  • E. Zabbah 2
  • H. Ataei Khabbaz 3
1 Department of Computer Engineering, University of Torbat Heydarieh, Torbat Heydarieh, Iran
2 مربی گروه کامپیوتر، دانشگاه آزاد اسلامی تربت‌حیدریه، تربت حیدریه، ایران
3 دانش آموخته کارشناسی کامپیوتر، گروه مهندسی کامپیوتر، دانشگاه تربت‌حیدریه، تربت‌حیدریه، ایران
چکیده [English]

With the growth of information technology, network security is one of the major issues and a great challenge. Intrusion detection systems, are the main component of a secure network that detect the attacks which are not detected by firewalls. These systems have a huge load of data to analyze. Investigations show that many features are unhelpful or ineffective, so removing some of these redundant features from the feature set is a solution to reduce the amount of data and thus increase the speed of the detection system.  To improve the performance of the intrusion detection system it is essential to understand the optimal property set for all kinds of attacks. This research, in addition to presenting a method for intrusion detection based on combining neural networks, also introduces a method for extracting optimal features of the KDD CUP 99 dataset which is a standard dataset for testing computer networks intrusion detection methods.

کلیدواژه‌ها [English]

  • Artificial Neural Networks
  • Feature Selection
  • mixture of experts
  • Intrusion Detection System
[1] S. Ganapathy, K. Kulothungan, S. Muthurajkumar, M. Vijayalakshmi P. Yogesh, and A. Kannan, “ Intelligent feature selection and classification techniques for intrusion detection in networks: a survey,” EURASIP Journal on Wireless Communications and Networking , vol. 1, pp.       271-291, 2013.
[2] W. Stallings, “Cryptography and network security: principles and practices,” Pearson Education India, 2006.
[3]  M. Solanki and D. Vidya, “Intrusion Detection System by using K-Means clustering C 4.5 FNN SVM classifier,”  Int. J. Emerg. Trends Technol. Comput, vol. 3, pp. 6-16, 2014.
[4] V. Kosamkar and S. Sangita, “Improved Intrusion detection system using C4. 5 decision tree and support vector machine,”  PhD diss., Doctoral dissertation, Mumbai University, 2013.
[5]  J. Li, Y. Liu, and L. Gu, “DDoS attack detection based on neural network,” In: Aware Computing (ISAC), 2nd International Symposium on. IEEE, 2010.
[6] A. Balon-Perin and G. Björn, “Ensembles of decision trees for network intrusion detection systems,”  International Journal on Advances in Security, 2013.
[7] D. M. Farid, H. Nouria, and Z. Mohammad, “Combining naive bayes and decision tree for adaptive intrusion detection,”  arXiv preprint arXiv:1005.4496, 2010.
[8]  M. Tavallaee, E. Bagheri, W. Lu, and A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,”  In 2009 IEEE symposium on computational intelligence for security and defense applications, IEEE, 2009.
[9] J. Cannady, “Artificial neural networks for misuse detection,”  In: National information systems security conference, 1998.
[10] M. S. Hoque, M. Mukit, M. Bikas, and A. Naser, “An implementation of intrusion detection system using genetic algorithm,”  arXiv Prepr arXiv12041336, 2012.
[11] Xu. Xin and W. Xuening, “An adaptive network intrusion detection method based on PCA and support vector machines,” In International Conference on Advanced Data Mining and Applications, pp.        696-703, 2005.
[12] R. Naoum, A. L. Abdullah, and Sh. Marwan, “A Hybrid Intrusion Detection System Using Hamming and MAXNET Neural Nets Using NDIS Dataset,”  Journal of Emerging Trends in Computing and Information Sciences, vol. 4, pp. 198-203, 2013.
[13] B. C. Rhodes, A. James. Mahaffey, and D. James, “Multiple self-organizing maps for intrusion detection,” In Proceedings of the 23rd national information systems security conference, pp. 16-19, 2000.
[14] J. Feng, Y. Sui, and C. Cao, “An incremental decision tree algorithm based on rough sets and its application in intrusion detection,”  Artificial Intelligence Review 40, vol. 40, pp. 517-530, 2013.
[15] C. hou, Te. Shun, Kang K. Yen, and L. Jun, “Network intrusion detection design using feature selection of soft computing paradigms,”  International journal of computational intelligence, 2008.
 
[16]         I. Ahmad, A. B. Abdulah, A. S. Alghamdi, K. Alnfajan, and M. Hussain, “Feature subset selection for network intrusion detection mechanism using genetic eigen vectors,” In: Proceedings of 2011 International Conference on Telecommunication Technology and Applications (ICTTA 2011), 2011.##
[17] F. López, G. T. Miguel, B. Belén, A. Moreno Pérez, and J. Marcos, “Solving feature subset selection problem by a parallel scatter search,”  European Journal of Operational Research, vol. 169, pp.       477-489, 2006.##
[18] J. Yang and H. Vasant, “Feature subset selection using a genetic algorithm,” In Feature extraction, construction and selection, Springer, Boston, MA, pp. 117-136, 1998.##
[19] H. Nama and A. Seyyed, “Application of data mining techniques to detect computer network penetration,”  The first international conference on the new achievements in electrical engineering and computer science, 2010. (In persian)##
[20] M. J. Asbagh and H. Abolhassani, “Feature-Based Data Stream Clustering,” In: Computer and Information Science, ICIS 2009 Eighth IEEE/ACIS International Conference on. IEEE, 2009.##
[21]         M. Dash, K. Choi, P. Scheuermann, and H. Liu, “Feature selection for clustering-a filter solution,” In: Data Mining, ICDM Proceedings 2002 IEEE International Conference on. IEEE, 2002.##
[22] M. D. Hasan, M. AlMehedi, N. Mohammed, A. Shamim, and I. Khademul, “Feature selection for intrusion detection using random forest,”  Journal of information security, vol.7, pp. 129-140, 2016.##
[23] A. Das and S. Siva Sathya, “Association Rule Mining For Kdd Intrusion Detection Data Set,”  International Journal Of Computer Science And Informatics Issn (PRINT), pp. 2231-5292, 2012.##
[24] A. Özgür and H. Erdem, “The impact of using large training data set KDD99 on classification accuracy,” Peer J. Prepr., vol. 5, pp. 283-287, 2017.##
[25]         A. Ghadiri and N. Ghadiri, “An adaptive hybrid architecture for intrusion detection based on fuzzy clustering and RBF neural networks,” In: Communication Networks and Services Research Conference (CNSR), Ninth Annual. IEEE, 2011.##
[26] Gharehchopogh, F. Soleimanian, M. Molany, and F. Dabaghchi Mokri, “Using artificial neural network in diagnosis of thyroid disease: a case study,”  International Journal on Computational Sciences & Applications (IJCSA), 2013.##
[27] Y. Chen, A. Ajith, and Ju. Yang, “Feature selection and intrusion detection using hybrid flexible neural tree,” In International Symposium on Neural Networks, Springer, Berlin, Heidelberg, 2005.##
[28] Rafiqul, et al., “Classification of malware based on integrated static and dynamic features,”  Journal of Network and Computer Applications, vol. 36, no. 2, pp. 646-656, 2013.##
 [29]        Z. Amirkhani, M. Madani, M. H. Sadipour, and S. Sadat, “Increasing location accuracy in neural network based wireless communications systems,” Cyber Defense and Cyber Defense, vol. 3, pp. 31-38, 1394.(In persian)##
[30] N. Shone, T. N. Ngoc, V. D. Phai, and Q. Shi, “A Deep Learning Approach to Network Intrusion Detection,” In IEEE Transactions on Emerging Topics in Computational Intelligence, vol. 2, no. 1, pp. 41-50, 2018.## 
[31]         K. Siddique, Z. Akhtar, F. Aslam Khan, and Y. Kim, “KDD Cup 99 Data Sets: A Perspective on the Role of Data Sets in Network Intrusion Detection Research,”  In Computer, vol. 52, no. 2, pp. 41-51, 2019.##
[32]         O. Rashid, Z. Othman, and S. Zainudin, “Features Selection for Intrusion Detection System Based on DNA Encoding,” In: Intelligent and Interactive Computing, Lecture Notes in Networks and Systems, Springer, vol. 67, 2019.##
[33]         A. K. Ghosh, C. Michael, and M. Schatz, “A real-time intrusion detection system based on learning program behavior,” In: Proceedings of the hird International Workshop on Recent Advances in Intrusion Detection Toulouse, France, 2000.##
[34] L. Hung-Jen, L. Chun-Hung, L.Ying-Chih, and T. Kuang-Yuan, “Intrusion detection system: A comprehensive review,” Journal of Network and Computer Applications, vol. 36, pp. 16-24, 2013.##
[35]         S. Horng, M. Su, Y. Chen, T. Kao, R. Chen, and J. Lai, “A novel intrusion detection system based on hierarchical clustering and support vector machines,” Expert Syst. Appl., vol. 38, no. 1, pp. 306–313, 2011.##