Abstract
A new intrusion detection technique to classify program behavior as normal or intrusive by using neural network and clustering pretreatment is presented in this paper. In our method, first, we divided the large samples space into subspace using k-means clustering; second, a set of neural networks are used to study the every subspace for intrusion detection separately. By this way, we can avoid some inherent problems of neural networks, such as the slow speed of convergence and the burden of computation; On the other hand, during subspace training, because program data, which are in the same subspace, have the similar behavior characters, neural networks can quickly recognize normal or anomalous area of input space; We also note that system call frequency is replaced of system call order in this method, program behavior is represented by frequencies of system calls; Experiment with 1998 DARPA BSM audit data has also shown that the method has good performance.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Sundaram, A.: An Introduction to Intrusion Detection. Special issue on computer security 2, 3–7 (1996)
Caberera, J.B.D., Ravichandran, B.: Statistical Traffic Modeling for Network Intrusion Detection. In: Proceedings of the 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems 2000, vol. 29, pp. 466–473 (2000)
Markou, M., Singh, S.: Novelty Detection: A Review.Part 2: Neural Network Based Approaches. Signal Processing 83, 2499–2521 (2003)
Axelsson, S.: Research in Intrusion Detection Systems: A Survey Technical Report. Dept. of Computer Engineering, Chalmers University of Technology, Sweden (1998); pp. 98-17, revised August 19, (1999)
Ghosh, A.K.: Detecting Anomalous and Unknown Intrusions Against Programs. In: Proceedings of IEEE 14th Annual Computer Security Applications Conference, pp. 259–267 (1998)
Sung, A.H., Mukkamala, S.: Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks. In: Proceedings of the Symposium on Applications and the Internet 2003, pp. 27–31, 209–216 (2003)
Liu, Y., Chen, K., Liao, X.F.: A Genetic Clustering Method for Intrusion Detection. Pattern Recognition 37, 927–942 (2004)
Schepers, F.: Internet Security Systems (ISS): Network-versus host-based intrusion detection. Information Security Technical Report 3, 32–42 (1998)
Bai, Y., Kobayashi, H.: Intrusion Detection Systems: Technology and Development. In: 17th International Conference on Advanced Information Networking and Applications, pp. 27–29, 710–715 (2003)
Bykova, M., Ostermann, S., Tjaden, B.: Detecting Network Intrusions via Statistical Analysis of Network Packet Characteristics. In: IEEE Southeastern Symposium on System Theory (SSST 2001), pp. 309–314 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zheng, H., Ni, L., Xiao, D. (2005). Intrusion Detection Based on MLP Neural Networks and K-Means Algorithm. In: Wang, J., Liao, XF., Yi, Z. (eds) Advances in Neural Networks – ISNN 2005. ISNN 2005. Lecture Notes in Computer Science, vol 3498. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11427469_70
Download citation
DOI: https://doi.org/10.1007/11427469_70
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25914-5
Online ISBN: 978-3-540-32069-2
eBook Packages: Computer ScienceComputer Science (R0)