Skip to main content
SpringerLink
Log in

Neural Network and Artificial Immune Systems for Malware and Network Intrusion Detection

  • Chapter
Advances in Machine Learning II

Part of the book series: Studies in Computational Intelligence ((SCI,volume 263))

Abstract

Neural network techniques and artificial immune systems (AIS) have been successfully applied to many problems in the area of anomaly activity detection and recognition. The existing solutions use mostly static approaches, which are based on collection viruses or intrusion signatures. Therefore the major problem of traditional techniques is detection and recognition of new viruses or attacks. This chapter discusses the use of neural networks and artificial immune systems for intrusion and virus detection. We studied the performance of different intelligent techniques, namely integration of neural networks and AIS for virus and intrusion detection as well as combination of various kinds of neural networks in modular neural system for intrusion detection. This approach has good potential to recognize novel viruses and attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. de Castro, L.N., Timmis, J.I.: Artificial Immune Systems: A New Computational Intelligence Approach. Springer, Heidelberg (2002)

    MATH  Google Scholar 

  2. Janeway, C.A.: How the Immune System Recognizers Invaders. Scientific American 269(3), 72–79 (1993)

    Article  Google Scholar 

  3. Dasgupta, D.: Artificial immune systems and their applications. Springer, New York (1999)

    MATH  Google Scholar 

  4. Computer virus, http://en.wikipedia.org/wiki/Computer_virus

  5. Traditional antivirus solutions – are they effective against today’s threats? (2008), http://www.viruslist.com

  6. Proactive protection: a panacea for Viruses? (2008), http://www.viruslist.com

  7. de Castro, L.N., Timmis, J.I.: Artificial Immune Systems: A New Computational Intelligence Approach. Springer, Heidelberg (2002)

    MATH  Google Scholar 

  8. Janeway, C.A.: How the Immune System Recognizers Invaders. Scientific American 269(3), 72–79 (1993)

    Google Scholar 

  9. Handbook of neural network processing. CRC Press LLC, Boca Raton (2002)

    Google Scholar 

  10. Ezhov, A., Shumsky, S.: Neurocomputing and its application in economics and business, Moscow, MIPHI (1998)

    Google Scholar 

  11. Ayara, M., Timmis, J., de Lemos, L., de Castro, R., Duncan, R.: Negative selection: How to generate detectors. In: Timmis, J., Bentley, P.J. (eds.) Proceedings of the 1st International Conference on Artificial Immune Systems (ICARIS), pp. 89–98. University of Kent at Canterbury Printing Unit, Canterbury (2002)

    Google Scholar 

  12. Forrest, S., Hofmeyr, S.A.: Immunology as information processing. In: Segel, L.A., Cohen, I. (eds.) Design principles for the immune system and other distributed autonomous systems, Oxford University Press, New York (2000)

    Google Scholar 

  13. Jerne, N.K.: Clonal Selection in a Lymphocyte Network, pp. 39–48. Raven Press (1974)

    Google Scholar 

  14. Bezobrazov, S., Golovko, V.: Neural Networks for Artificial Immune Systems: LVQ for Detectors Construction. In: Proceedings of the IEEE International Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS 2007), Dortmund, Germany (2007)

    Google Scholar 

  15. Forest, S., Perelson, F., Allen, L., Cherukuri, R.: Self-Nonself Discrimination in a Computer. In: Proceedings IEEE Symposium on Research in Security and Privacy, pp. 202–212. IEEE Computer Society Press, Los Alamitos (1994)

    Google Scholar 

  16. Balthrop, J., Esponda, F., Forrest, S., Glickman, M.: Coverage and Generalization in an Artificial Immune System. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), pp. 3–10. Morgan Kaufmann Publishers, San Francisco (2002)

    Google Scholar 

  17. Hofmeyr, S., Forrest, S.: Architecture for an artificial immune system. EvolutionaryComputation 8(4), 443–473 (2000)

    Google Scholar 

  18. Hofmeyr, S.A.: An interpretative introduction to the immune system. In: Cohen, I., Segel, L. (eds.) Design principles for the immune system and other distributed autonomous systems, Oxford University Press, New York (2000)

    Google Scholar 

  19. Kohonen, T.: Self-organized Formation of Topologically Correct Feature Maps. Biological Cybernetics 43, 59–69 (1982)

    Article  MATH  MathSciNet  Google Scholar 

  20. Hagan, M.T., Demuth, H.B., Beale, M.H.: Neural Network Design, 1st edn. PWS Pub. Co. (1995)

    Google Scholar 

  21. Golovko, V.: Neural networks: training, organization and application, Moscow, IPRZHR (2001)

    Google Scholar 

  22. Kaspersky Lab: Antivirus software (2008), http://www.kaspersky.com

  23. ESET NOD32 antivirus software (2008), http://www.eset.com

  24. Kumar, S., Spafford, E.H.: A Software architecture to support misuse intrusion detection. In: Proceedings of the 18th National Information Security Conference, pp. 194–204 (1995)

    Google Scholar 

  25. Ilgun, K., Kemmerer, R.A., Porras, P.A.: State transition analysis: A rule-based intrusion detection approach. IEEE Transaction on Software Engineering 21(3), 181–199 (1995)

    Article  Google Scholar 

  26. SNORT, http://www.snort.org

  27. Lunt, T., Tamaru, A., Gilham, F., et al.: A Real-time Intrusion Detection Expert System (IDES) – final technical report. Technical report, Computer Science Laboratory, SRI International, Menlo Park, California (February 1992)

    Google Scholar 

  28. Porras, P.A., Neumann, P.G.: EMERALD: Event monitoring enabling responses to anomalous live disturbances. In: Proceedings of National Information Systems Security Conference, Baltimore, MD (October 1997)

    Google Scholar 

  29. Denning, D.E.: An intrusion-detection model. IEEE Transaction on Software Engineering 13(2), 222–232 (1987)

    Article  Google Scholar 

  30. Lee, W., Stolfo, S., Mok, K.: A data mining framework for adaptive intrusion detection. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, Los Alamos, CA, pp. 120–132 (1999)

    Google Scholar 

  31. Lee, W., Stolfo, S.: A Framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security 3(4), 227–261 (2000)

    Article  Google Scholar 

  32. Liu, Y., Chen, K., Liao, X., et al.: A genetic clustering method for intrusion detection. Pattern Recognition 37(5), 927–934 (2004)

    Article  MathSciNet  Google Scholar 

  33. Eskin, E., Rnold, A., Prerau, M., Portnoy, L., Stolfo, S.: A Geometric framework for unsupervised anomaly detection. In: Applications of Data Mining in Computer Security. Kluwer Academics, Dordrecht (2002)

    Google Scholar 

  34. Shyu, M., Chen, S., Sarinnapakorn, K., Chang, L.: A Novel Anomaly Detection Scheme Based on Principal Component Classifier. In: Proceedings of the IEEE Foundations and New Directions of Data Mining Workshop, in conjunction with the Third IEEE International Conference on Data Mining (ICDM 2003), pp. 172–179 (2003)

    Google Scholar 

  35. Kayacik, H., Zincir-Heywood, A., Heywood, M.: On the capability of an SOM based intrusion detection system. In: Proc. IEEE Int. Joint Conf. Neural Networks (IJCNN 2003), pp. 1808–1813 (2003)

    Google Scholar 

  36. Zhang, Z., Li, J., Manikopoulos, C.N., Jorgenson, J., Ucles, J.: HIDE: a Hierarchical Network Intrusion Detection System Using Statistical Preprocessing and Neural Network Classification. In: Proceedings of the 2001 IEEE Workshop on Information Assurance and Security United States Military Academy, West Point, NY, pp. 85–90 (2001)

    Google Scholar 

  37. 1999 KDD Cup Competition, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  38. Golovko, V., Ignatiuk, O., Savitsky, Y., Laopoulos, T., Sachenko, A., Grandinetti, L.: Unsupervised learning for dimensionality reduction. In: Proc. of Second Int. ICSC Symposium on Engineering of Intelligent Systems EIS 2000, University of Paisley, Scotland, pp. 140–144. ICSS Academic Press, Canada (2000)

    Google Scholar 

  39. Hawkins, S., He, H., Williams, G., Baxter, R.: Outlier Detection Using Replicator Neural Networks. In: Kambayashi, Y., Winiwarter, W., Arikawa, M. (eds.) DaWaK 2002. LNCS, vol. 2454, pp. 170–180. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  40. Golovko, V., Kochurko, P.: Some Aspects of Neural Network: Approach for Intrusion Detection. In: Kowalik, Janusz, S., Gorski, J., Sachenko, A. (eds.) Cyberspace Security and Defense: Research Issues. NATO Science Series II: Mathematics, Physics and Chemistry, vol. 196, pp. 367–382. Springer, Heidelberg (2005); VIII, p. 382

    Chapter  Google Scholar 

  41. Kochurko, P., Golovko, V.: Neural Network Approach to Anomaly Detection Improvement. In: Proc. of 8th International Conference on Pattern Recognition and Information Processing (PRIP 2005), Minsk, Belarus, May18-20, pp. 416–419 (2005)

    Google Scholar 

  42. Giacinto, G., Roli, F., Didaci, L.: Fusion of multiple classifiers for intrusion detection in computer networks. Pattern Recognition Letters 24, 1795–1803 (2003)

    Article  Google Scholar 

  43. Giacinto, G., Roli, F., Fumera, G.: Selection of image classifier. Electron 26(5), 420–422 (2000)

    Google Scholar 

  44. Golovko, V., Vaitsekhovich, L.: Neural Network Techniques for Intrusion Detection. In: Proceedings of the International Conference on Neural Networks and Artificial Intelligence (ICNNAI 2006), Brest State Technical University - Brest, pp. 65–69 (2006)

    Google Scholar 

  45. Golovko, V., Kachurka, P., Vaitsekhovich, L.: Neural Network Ensembles for Intrusion Detection. In: Proceedings of the 4th IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS 2007), Research Institute of Intelligent Computer Systems, Ternopil National Economic University and University of Applied Sciences Fachhochschule Dortmund - Dortmund, Germany, pp. 578–583 (2007)

    Google Scholar 

  46. Golovko, V., Vaitsekhovich, L., Kochurko, P., Rubanau, U.: Dimensionality Reduction and Attack Recognition using Neural Network Approaches. In: Proceedings of the Joint Conference on Neural Networks (IJCNN 2007), Orlando, FL, USA, pp. 2734–2739. IEEE Computer Society, Los Alamitos (2007)

    Chapter  Google Scholar 

  47. Oja, E.: Principal components, minor components and linear networks. Neural Networks 5, 927–935 (1992)

    Article  Google Scholar 

  48. Drucker, H., Schapire, R., Simard, P.: Improving performance in neural networks using a boosting algorithm. In: Hanson, S.J., Cowan, J.D., Giles, C.L. (eds.) Advanced in Neural Information Processing Systems, Denver, CO, vol. 5, pp. 42–49. Morgan Kaufmann, San Mateo (1993)

    Google Scholar 

  49. Freund, Y., Schapire, R.E.: A short introduction to boosting. Journal of Japanese Society for Artificial Intelligence 14(5), 771–780 (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratory of Artificial Neural Networks, Brest State Technical University, Moskovskaja str. 267, 224017, Brest, Belarus

    Vladimir Golovko, Sergei Bezobrazov, Pavel Kachurka & Leanid Vaitsekhovich

Authors
  1. Vladimir Golovko
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sergei Bezobrazov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pavel Kachurka
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Leanid Vaitsekhovich
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Computer Science, Polish Academy of Sciences, ul. Ordona 21, 01-237, Warsaw, Poland

    Jacek Koronacki  & Sławomir T. Wierzchoń  & 

  2. Woodward Hall 430C, University of North Carolina, 9201 University City Blvd., N.C. 28223, Charlotte, USA

    Zbigniew W. RaÅ›

  3. Systems Research Institute, Polish Academy of Sciences, ul.Newelska 6, 01-447, Warsaw, Poland

    Janusz Kacprzyk

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Golovko, V., Bezobrazov, S., Kachurka, P., Vaitsekhovich, L. (2010). Neural Network and Artificial Immune Systems for Malware and Network Intrusion Detection. In: Koronacki, J., Raś, Z.W., Wierzchoń, S.T., Kacprzyk, J. (eds) Advances in Machine Learning II. Studies in Computational Intelligence, vol 263. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-05179-1_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-05179-1_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-05178-4

  • Online ISBN: 978-3-642-05179-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation