Skip to main content
SpringerLink
Log in

Mining Network Traffic Data for Attacks through MOVICAB-IDS

  • Chapter
Foundations of Computational Intelligence Volume 4

Part of the book series: Studies in Computational Intelligence ((SCI,volume 204))

Abstract

This study describes an Intrusion Detection System (IDS) called MOVICAB-IDS (MObile VIsualization Connectionist Agent-Based IDS). This system is based on a dynamic multiagent architecture combining case-base reasoning and an unsupervised neural projection model to visualize and analyze the flow of network traffic data. The formulation of the underlying Intrusion Detection framework is presented in advance. The described IDS enables the most interesting projections of a massive traffic data set to be extracted and depicted through a functional and mobile visualization interface. By its advanced visualization facilities, MOVICAB-IDS allows providing an overview of the network traffic as well as identifying anomalous situations tackled by computer networks, responding to the challenges presented by traffic volume and diversity. To show the performance of the described IDS, it has been tested in different domains containing several interesting attacks and anomalous situations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Case, J., Fedor, M.S., Schoffstall, M.L., Davin, C.: Simple Network Management Protocol (SNMP). RFC-1157. (1990)

    Google Scholar 

  2. Lu, W., Traore, I.: Detecting New Forms of Network Intrusion Using Genetic Programming. Computational Intelligence 20(3), 475–494 (2004)

    Article  MathSciNet  Google Scholar 

  3. Julisch, K.: Chapter 1 - Data Mining for Intrusion Detection: A Critical Review. In: Applications of Data Mining in Computer Security. Advances in Information Security. Springer, Heidelberg (2002)

    Google Scholar 

  4. Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. In: ACM Transactions on Information and System Security (TISSEC), vol. 3(4), pp. 227–261. ACM Press, New York (2000)

    Google Scholar 

  5. Liao, Y.H., Vemuri, V.R.: Use of K-Nearest Neighbor Classifier for Intrusion Detection. Computers & Security 21(5), 439–448 (2002)

    Article  Google Scholar 

  6. Lee, W., Stolfo, S.J., Mok, K.W.: Adaptive Intrusion Detection: A Data Mining Approach. Artificial Intelligence Review 14(6), 533–567 (2000)

    Article  MATH  Google Scholar 

  7. Giacinto, G., Roli, F., Didaci, L.: Fusion of Multiple Classifiers for Intrusion Detection in Computer Networks. Pattern Recognition Letters 24(12), 1795–1803 (2003)

    Article  Google Scholar 

  8. Chebrolu, S., Abraham, A., Thomas, J.P.: Feature Deduction and Ensemble Design of Intrusion Detection Systems. Computers & Security 24(4), 295–307 (2005)

    Article  Google Scholar 

  9. Denning, D.E.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering 13(2), 222–232 (1987)

    Article  Google Scholar 

  10. Lunt, T.F.: IDES: An Intelligent System for Detecting Intruders. In: Proceedings of the Symposium: Computer Security, Threat and Countermeasures (1990)

    Google Scholar 

  11. Vaccaro, H.S., Liepins, G.E.: Detection of Anomalous Computer Session Activity. In: Liepins, G.E. (ed.) Proceedings of the 1989 IEEE Symposium on Security and Privacy, pp. 280–289 (1989)

    Google Scholar 

  12. Sebring, M., Shellhouse, E., Hanna, M., Whitehurst, R.: Expert Systems in Intrusion Detection: A Case Study. In: Proceedings of the 11th National Computer Security Conference, pp. 74–81 (1988)

    Google Scholar 

  13. Zanero, S., Savaresi, S.: Unsupervised Learning Techniques for an Intrusion Detection System. In: Proc. of the ACM Symposium on Applied Computing, pp. 412–419 (2004)

    Google Scholar 

  14. Corchado, E., Herrero, A., Sáiz, J.M.: Detecting Compounded Anomalous SNMP Situations Using Cooperative Unsupervised Pattern Recognition. In: Duch, W., Kacprzyk, J., Oja, E., Zadrożny, S. (eds.) ICANN 2005. LNCS, vol. 3697, pp. 905–910. Springer, Heidelberg (2005)

    Google Scholar 

  15. Herrero, A., Corchado, E., Sáiz, J.M.: An Unsupervised Cooperative Pattern Recognition Model to Identify Anomalous Massive SNMP Data Sending. In: Wang, L., Chen, K., S. Ong, Y. (eds.) ICNC 2005. LNCS, vol. 3610, pp. 778–782. Springer, Heidelberg (2005)

    Google Scholar 

  16. Sarasamma, S.T., Zhu, Q.M.A., Huff, J.: Hierarchical Kohonenen Net for Anomaly Detection in Network Security. IEEE Transactions on Systems Man and Cybernetics, Part B 35(2), 302–312 (2005)

    Article  Google Scholar 

  17. Mukkamala, S., Sung, A.H.: Feature Selection for Intrusion Detection Using Neural Networks and Support Vector Machines. Transportation Security and Infrastructure Protection, 33–39 (2003)

    Google Scholar 

  18. Zhang, C.L., Jiang, J., Kamel, M.: Intrusion Detection Using Hierarchical Neural Networks. Pattern Recognition Letters 26(6), 779–791 (2005)

    Article  Google Scholar 

  19. Marchette, D.J.: Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint. Information Science and Statistics. Springer, New York (2001)

    MATH  Google Scholar 

  20. Roesch, M.: Snort–Lightweight Intrusion Detection for Networks. In: Proc. of the 13th Systems Administration Conf (LISA 1999), pp. 229–238 (1999)

    Google Scholar 

  21. Muelder, C., Ma, K.L., Bartoletti, T.: Interactive Visualization for Network and Port Scan Detection. In: Zamboni, D., Kruegel, C. (eds.) RAID 2005. LNCS, vol. 3858, pp. 265–283. Springer, Heidelberg (2006)

    Google Scholar 

  22. Nyarko, K., Capers, T., Scott, C., Ladeji-Osias, K.A.: Network Intrusion Visualization with NIVA, an Intrusion Detection Visual Analyzer with Haptic Integration. In: Capers, T. (ed.) Proceedings of the 10th Symposium on Haptic Interfaces for Virtual Environment and Teleoperator Systems, 2002 (HAPTICS 2002), pp. 277–284 (2002)

    Google Scholar 

  23. Labib, K., Vemuri, V.R.: An Application of Principal Component Analysis to the Detection and Visualization of Computer Network Attacks. Annals of Telecommunications 61(1-2), 218–234 (2006)

    Google Scholar 

  24. Becker, R.A., Eick, S.G., Wilks, A.R.: Visualizing Network Data. IEEE Transactions on Visualization and Computer Graphics 1(1), 16–28 (1995)

    Article  Google Scholar 

  25. Ren, P., Gao, Y., Li, Z.C., Chen, Y., Watson, B.: IDGraphs: Intrusion Detection and Analysis Using Stream Compositing. IEEE Computer Graphics and Applications 26(2), 28–39 (2006)

    Article  Google Scholar 

  26. Ahlberg, C., Shneiderman, B.: Visual Information Seeking: Tight Coupling of Dynamic Query Filters with Starfield Displays. In: Readings in information visualization: using vision to think, pp. 244–250. Morgan Kaufmann Publishers Inc., San Francisco (1999)

    Google Scholar 

  27. Wooldridge, M., Jennings, N.R.: Agent theories, architectures, and languages: A survey. Intelligent Agents (1995)

    Google Scholar 

  28. Aamodt, A., Plaza, E.: Case-Based Reasoning - Foundational Issues, Methodological Variations, and System Approaches. AI Communications 7(1), 39–59 (1994)

    Google Scholar 

  29. Chuvakin, A.: Monitoring IDS. Information Security Journal: A Global Perspective 12(6), 12–16 (2004)

    Article  Google Scholar 

  30. Hotelling, H.: Analysis of a Complex of Statistical Variables Into Principal Components. Journal of Education Psychology 24, 417–444 (1933)

    Article  Google Scholar 

  31. Pearson, K.: On Lines and Planes of Closest Fit to Systems of Points in Space. Philosophical Magazine 2(6), 559–572 (1901)

    Google Scholar 

  32. Oja, E.: Neural networks, principal components, and subspaces. Int. Journal of Neural Systems 1, 61–68 (1989)

    Article  MathSciNet  Google Scholar 

  33. Friedman, J.H., Tukey, J.W.: A Projection Pursuit Algorithm for Exploratory Data-Analysis. IEEE Transactions on Computers 23(9), 881–890 (1974)

    Article  MATH  Google Scholar 

  34. Diaconis, P., Freedman, D.: Asymptotics of Graphical Projection Pursuit. The Annals of Statistics 12(3), 793–815 (1984)

    Article  MATH  MathSciNet  Google Scholar 

  35. Corchado, E., MacDonald, D., Fyfe, C.: Maximum and Minimum Likelihood Hebbian Learning for Exploratory Projection Pursuit. Data Mining and Knowledge Discovery 8(3), 203–225 (2004)

    Article  MathSciNet  Google Scholar 

  36. Fyfe, C., Corchado, E.: Maximum Likelihood Hebbian Rules. In: Proc. of the 10th European Symposium on Artificial Neural Networks (ESANN 2002), pp. 143–148 (2002)

    Google Scholar 

  37. Corchado, E., Fyfe, C.: Connectionist Techniques for the Identification and Suppression of Interfering Underlying Factors. Int. Journal of Pattern Recognition and Artificial Intelligence 17(8), 1447–1466 (2003)

    Article  Google Scholar 

  38. Corchado, E., Han, Y., Fyfe, C.: Structuring Global Responses of Local Filters Using Lateral Connections. Journal of Experimental & Theoretical Artificial Intelligence 15(4), 473–487 (2003)

    Article  MATH  Google Scholar 

  39. Seung, H.S., Socci, N.D., Lee, D.: The Rectified Gaussian Distribution. Advances in Neural Information Processing Systems 10, 350–356 (1998)

    Google Scholar 

  40. Kohonen, T.: The Self-Organizing Map. Proceedings of the IEEE 78(9), 1464–1480 (1990)

    Article  Google Scholar 

  41. Ritter, H., Martinetz, T., Schulten, K.: Neural Computation and Self-Organizing Maps; An Introduction. Addison-Wesley Longman Publishing Co., Inc. (1992)

    Google Scholar 

  42. Carrascosa, C., Bajo, J., Julián, V., Corchado, J.M., Botti, V.: Hybrid Multi-agent Architecture as a Real-Time Problem-Solving Model. Expert Systems with Applications: An International Journal 34(1), 2–17 (2008)

    Article  Google Scholar 

  43. Corchado, J.M., Laza, R.: Constructing Deliberative Agents with Case-Based Reasoning Technology. International Journal of Intelligent Systems 18(12), 1227–1241 (2003)

    Article  Google Scholar 

  44. Pellicer, M.A., Corchado, J.M.: Development of CBR-BDI Agents. International Journal of Computer Science and Applications 2(1), 25–32 (2005)

    Google Scholar 

  45. Case, J., Fedor, M.S., Schoffstall, M.L., Davin, C.: Simple Network Management Protocol (SNMP). RFC-1157 (1990)

    Google Scholar 

  46. Cisco Secure Consulting. Vulnerability Statistics Report (2000)

    Google Scholar 

  47. Myerson, J.M.: Identifying Enterprise Network Vulnerabilities. Int. Journal of Network Management 12(3), 135–144 (2002)

    Article  Google Scholar 

  48. Postel, J.: IAB Official Protocol Standards. RFC-1100 (1989)

    Google Scholar 

  49. Stephen, L.: The Spinning Cube of Potential Doom. Commun. ACM 47(6), 25–26 (2004)

    Article  Google Scholar 

  50. Kulsoom, A., Lee, C., Conti, G., Copeland, J.A.: Visualizing Network Data for Intrusion Detection. In: Proc. of the Sixth Annual IEEE Information Assurance Workshop - Systems, Man and Cybernetics (SMC), 2005, pp. 100–108 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Civil Engineering, University of Burgos, C/ Francisco de Vitoria s/n, 09006, Burgos, Spain

    Álvaro Herrero & Emilio Corchado

Authors
  1. Álvaro Herrero
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Emilio Corchado
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Machine Intelligence Research Labs (MIR Labs), Scientific Network for Innovation and Research Excellence, P.O. Box 2259, 98071-2259, Auburn, Washington, USA

    Ajith Abraham

  2. College of Business Administration, Quantitative and Information System Department, Kuwait University, P.O. Box 5486, 13055, Safat, Kuwait

    Aboul-Ella Hassanien

  3. Department of Computer Science, University of São Paulo,SCE - ICMSC - USP, Caixa Postal 668, 13560-970, Sao Carlos, SP, Brazil

    André Ponce de Leon F. de Carvalho

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Herrero, Á., Corchado, E. (2009). Mining Network Traffic Data for Attacks through MOVICAB-IDS. In: Abraham, A., Hassanien, AE., de Carvalho, A.P.d.L.F. (eds) Foundations of Computational Intelligence Volume 4. Studies in Computational Intelligence, vol 204. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01088-0_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-01088-0_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-01087-3

  • Online ISBN: 978-3-642-01088-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation