Flow-Based Anomaly Detection Using Neural Network Optimized with GSA Algorithm
Author(s)
Jadidi, Zahra
Muthukkumarasamy, Vallipuram
Sithirasenan, Elankayer
Sheikhan, Mansour
Year published
2013
Metadata
Show full item recordAbstract
Abstract-Reliable high-speed networks are essential to provide quality services to ever growing Internet applications. A Network Intrusion Detection System (NIDS) is an important tool to protect computer networks from attacks. Traditional packet-based NIDSs are time-intensive as they analyze all network packets. A state-of-the-art NIDS should be able to handle a high volume of traffic in real time. Flow-based intrusion detection is an effective method for high speed networks since it inspects only packet headers. The existence of new attacks in the future is another challenge for intrusion detection. Anomaly-based ...
View more >Abstract-Reliable high-speed networks are essential to provide quality services to ever growing Internet applications. A Network Intrusion Detection System (NIDS) is an important tool to protect computer networks from attacks. Traditional packet-based NIDSs are time-intensive as they analyze all network packets. A state-of-the-art NIDS should be able to handle a high volume of traffic in real time. Flow-based intrusion detection is an effective method for high speed networks since it inspects only packet headers. The existence of new attacks in the future is another challenge for intrusion detection. Anomaly-based intrusion detection is a well-known method capable of detecting unknown attacks. In this paper, we propose a flow-based anomaly detection system. Artificial Neural Network (ANN) is an important approach for anomaly detection. We used a Multi-Layer Perceptron (MLP) neural network with one hidden layer. We investigate the use of a Gravitational Search Algorithm (GSA) in optimizing interconnection weights of a MLP network. Our proposed GSA-based flow anomaly detection system (GFADS) is trained with a flow-based data set. The trained system can classify benign and malicious flows with 99.43% accuracy. We compare the performance of GSA with traditional gradient descent training algorithms and a particle swarm optimization (PSO) algorithm. The results show that GFADS is effective in flow-based anomaly detection. Finally, we propose a four-feature subset as the optimal set of features.
View less >
View more >Abstract-Reliable high-speed networks are essential to provide quality services to ever growing Internet applications. A Network Intrusion Detection System (NIDS) is an important tool to protect computer networks from attacks. Traditional packet-based NIDSs are time-intensive as they analyze all network packets. A state-of-the-art NIDS should be able to handle a high volume of traffic in real time. Flow-based intrusion detection is an effective method for high speed networks since it inspects only packet headers. The existence of new attacks in the future is another challenge for intrusion detection. Anomaly-based intrusion detection is a well-known method capable of detecting unknown attacks. In this paper, we propose a flow-based anomaly detection system. Artificial Neural Network (ANN) is an important approach for anomaly detection. We used a Multi-Layer Perceptron (MLP) neural network with one hidden layer. We investigate the use of a Gravitational Search Algorithm (GSA) in optimizing interconnection weights of a MLP network. Our proposed GSA-based flow anomaly detection system (GFADS) is trained with a flow-based data set. The trained system can classify benign and malicious flows with 99.43% accuracy. We compare the performance of GSA with traditional gradient descent training algorithms and a particle swarm optimization (PSO) algorithm. The results show that GFADS is effective in flow-based anomaly detection. Finally, we propose a four-feature subset as the optimal set of features.
View less >
Conference Title
2013 33RD IEEE INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING SYSTEMS WORKSHOPS (ICDCSW 2013)
Subject
Other information and computing sciences not elsewhere classified