Skip to main content
SpringerLink
Log in

Divided two-part adaptive intrusion detection system

  • Published:
Wireless Networks Aims and scope Submit manuscript

Abstract

The main objective of this paper is to design a more complete intrusion detection system solution. The paper presents an efficient approach for reducing the rate of alerts using divided two-part adaptive intrusion detection system (DTPAIDS). The proposed DTPAIDS has a high degree of autonomy in tracking suspicious activity and detecting positive intrusions. The proposed DTPAIDS is designed with the aim of reducing the rate of detected false positive intrusion through two achievements. The first achievement is done by implementing adaptive self-learning neural network in the proposed DTPAIDS to gives it the ability to be automatic adaptively system based on Radial Basis Functions (RBF) neural network. The second achievement is done through dividing the proposed intrusion detection system IDS into two parts. The first part is IDS1, which is installed in the front of firewall and responsible for checking each entry user’s packet and deciding if the packet considered is an attack or not. The second is IDS2, which is installed behind the firewall and responsible for detecting only the attacks which passed the firewall. This proposed approach for IDS exhibits a lower false alarm rate when detects novel attacks. The simulation tests are conducted using DARPA 1998 dataset. The experimental results show that the proposed DTPAIDS [1] reduce false positive rate, [2] detects intrusion occurrence sensitively and precisely, [3] accurately self–adapts diagnoser model, thus improving its detection accuracy.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Similar content being viewed by others

References

  1. Symantec-Internet Security threat report highlights (Symantec.com), http://www.prdomain.com/companies/Symantec/newreleases/Symantec_internet_205032.htm.

  2. Ulvila, J., & Gaffney, J. (2003). Evaluation of intrusion detection systems. Journal of Research of the National Institute of Standards and Technology, 108(6), 453–473.

    Article  Google Scholar 

  3. Guofei, G., Fogla, P., Dagon, D., Lee, W., & Skoric, B. (2006). Measuring intrusion detection capability: an information-theoretic approach. In proceedings of the, computer and communications security, pp. 90–101.

  4. Durst, R., Champion, T., & Witten, B. (1999). Testing and evaluating computer intrusion detection systems. Communications of the ACM, 42(7), 53–61.

    Article  Google Scholar 

  5. Linda, O., Vollmer, T., & Manic, M. (2009). Neural network based intrusion detection system for critical infrastructures, IJCNN’09, international joint INNS-IEEE conference on neural networks, Atlanta, Georgia, pp. 15–23.

  6. Drum, R. (2006). IDS and IPS placement for network protection, CISSP, pp. 152–160.

  7. Zhou, J., Carlson, A. J., & Bishop, N. (2005). Verify results of network intrusion alerts using lightweight protocol analysis, computer security applications conference IEEE computer society, pp. 52–60.

  8. Hooper, E. (2006). An intelligent detection and response strategy to false positives and network attacks. In proceedings of the fourth IEEE international Workshop on information assurance, University of London, Royal Holloway, United Kingdom, IEEE Computer Society Press, pp. 12–31.

  9. Al-Allouni, H., Shaarawy, M., & Taha, I. (2003). An intrusion detection approach to computer networks, Technical report, Department of Computer Engineering, Military Technical College, pp. 90–120.

  10. Georgios, P, & Sokratis, K. (2009). Reducing false positives in intrusion detection systems, Department of Computer Science and Biomedical Informatics, University of Central Greece, available on Science Direct Search.

  11. Lippmann, R., Haines, J. W., & Fried, D. J. (2000). The 1999 DARPA Off-line intrusion detection evaluation. The International Journal of Computer and Telecommunications Networking, 34(4), 579–595.

    Google Scholar 

  12. Kurose, J., & Ross, K. (2001). Computer networking: A top-down approach featuring the internet. Boston: Addison-Wesley.

    Google Scholar 

  13. Saaty, T. L., (2000). Fundamentals of decision making and priority theory with the analytic hierarchy process, 2nd edn, RWS Publications, Pittsburgh, PA. 478 pp., ISBN 0-9620317-6-3.

  14. Alghamdi, A. S. (2009). Evaluating defense architecture frameworks for C4I system using analytic hierarchy process. Journal of Computer Science, 5(12), 1075–1081.

    Article  Google Scholar 

  15. Forman, E. H., & Gass, S. I. The analytical hierarchy process-an exposition. Operations Research 49, 469–487, doi:10.1287/opre.49.4.469.11231.

  16. Bhushan, N., & Rai, K. (2004). Strategic decision making: Applying the analytic hierarchy process. Springer, London, ISBN: 1-8523375-6-7, p. 171.

  17. Ahmad, I., Abdullah, A. B., Alghamdi, A. S. (2009). Application of artificial neural network in detection of DOS attacks. In proceedings of the 2nd international conference on security of information and Networks (Famagusta, North Cyprus, October 06–10, 2009). SIN ‘09. ACM, New York, NY, pp. 229–234.

  18. Javitz, H. S., & Valdes, A. (1993). The NIDES statistical component: Description and justification, SRI International.

  19. Kai, H., Zhengwei, Q., & Liu, B. (2009). Network anomaly detection based on statistical approach and time series analysis, waina, pp. 205–211, 2009 IEEE international conference on advanced information networking and applications workshops, Bradford, United Kingdom, May 26–May 29, ISBN: 978-0-7695-3639-2.

  20. Lee, W., Stolfo, S. J., & Mok, K. W. (1999). A data mining framework for building intrusion detection models. Proceedings of the 20th IEEE symposium on security and privacy, Oakland, CA.

  21. Lee, W., & Stolfo, S. J. (1998). Data mining approaches for Intrusion detection system. Proceedings of the 7th USENIX security symposium, San Antonio, TX.

  22. Portier, B., & Froment, J. (2000). Data mining techniques for Intrusion detection,” Data mining term paper, The University of Texas, Spring 2000.

  23. Marin, J., Ragsdale, D., & Surdu, J. (2001). A hybrid approach to the profile creation and intrusion detection, DARPA information survivability conference and exposition (DISCEX II’01), Vol I.

  24. Shieh, S.-P. & Gligor, V. D. (1997). On a patter-oriented model for intrusion detection, IEEE transactions on knowledge and data engineering, Vol. 9, No. 4.

  25. Shieh, S. -P., & Gligor, V. D. (1991). A pattern-oriented intrusion detection system and its applications. Proceedings of IEEE symposium research in security and privacy. Oakland, CA. pp. 327–342.

  26. Kumar, S. (1995). Classification and detection of computer intrusions, Ph.D. dissertation, Purdue University.

  27. Ilgun, R., Kemmerer, A., & Porras, P. A. (1995). State transition analysis: A rule- based intrusion detection approach, IEEE transactions on software engineering, pp. 181–199.

  28. Lindqvist, U., & Porras, P. A. (1999). Detecting computer and network misuse through the production based expert system toolset (P-BEST). Proceedings of the 1999 IEEE symposium on security and privacy, Oakland, California.

  29. Lindqvist, U., & Porras, P. A. (2001). Expert -BSM: A hostbased intrusion detection solution for sun solaris. Proceedings of the 17th annual computer security applications conference, pp. 240–251, New Orleans, Louisiana Dec. 10–14, published by the IEEE Computer Society.

  30. Golovko, V., & Kochurko, P. (2005). Intrusion recognition using neural networks, IEEE workshop on intelligent data acquisition and advanced computing systems: Technology and applications, Sofia, Bulgaria, pp. 108–111, 5–7 September.

  31. Zhong, J., Li, Z., Feng, Y., & Ye, C. (2006). Intrusion detection based on adaptive RBF neural network. IEEE proceedings of the sixth international conference on intelligent systems design and applications, pp. 1081–1084.

  32. Montazer, G. A., Sabzevari, R., & Khatir, H. G. (2007). Improvement of learning algorithms for RBF neural networks in a helicopter sound identification system. Neurocomputing, 71(1–3), 167–173.

    Article  Google Scholar 

  33. Kruegel, C., Robertson, W., & Vigna, G. (2004). Using alert verification to identify successful intrusion attempts (pp. 80–89). Munchen: K.G. Saur Verlag.

    Google Scholar 

  34. Alfantookh, A. (2006). DoS attacks intelligent detection using neural networks. Journal of King Saud University, 18(12), 27–45.

    Google Scholar 

  35. Kruegel, C., Toth, T., & Kirda, E. (2008). Anomaly intrusion detection system. International Journal of Computer Science and Network Security, 8(8), 258–264.

    Google Scholar 

  36. Vollmer, T., & Manic, M. (2009). Human interface for cyber security anomaly detection systems. Second IEEE conference on human system interaction, Catania, Italy, pp. 121–129.

  37. Julisch, K. (2003). Clustering intrusion detection alarms to support root cause analysis. TISSEC, 6(4), 443–471.

    Article  Google Scholar 

  38. Ranum, M. J. (2003). False positives: A user’s guide to making sense of IDS alarms, ICSA Labs IDSC.

  39. Pietraszek, T. (2004). Using adaptive alert classification to reduce false positives in intrusion detection,” RAID, Vol. 3224 of LNCS, Springer, pp. 102–124.

  40. Hooper, E. (2006). An intelligent detection and response strategy to false positives and network attacks. In proceedings of the fourth IEEE international workshop on information assurance, University of London, Royal Holloway, United Kingdom, IEEE Computer Society Press, pp. 12–31.

  41. Georgios, P., & Sokratis, K. (2009). Reducing false positives in intrusion detection systems, Deptartment of Computer Science and Biomedical Informatics, University of Central Greece, Science Direct Search.

  42. Al-Allouni, H., Shaarawy, M., & Taha, I. (2003). An intrusion detection approach to computer networks. Technical report, Deptartmet of Computer Engineering, Military Technical College, pp. 90–120.

  43. Kurose, J., & Ross, K. (2001). Computer networking: A top-down approach featuring the internet. Boston: Addison-Wesley.

    Google Scholar 

  44. Lippmann, R., Haines, J., & Fried, D. (2000). Analysis and results of the 1999 DARPA off-line intrusion detection evaluation. Proceedings of the 3rd international workshop on recent advances in intrusion detection, pp. 162–182.

  45. Levin, I. (2000). KDD classifier learning contest. SIGKDD Explorations, ACM, SIGKDD, pp. 67–75.

  46. Bolzoni, D., Crispo, B., & Etalle, S. (2007). An architecture for alert verification in network intrusion detection systems. 21st large installation system administration conference, pp. 141–152.

  47. Kayacik, H., Heywood, A., & Heywood, I. (2006). A hierarchical SOM based intrusion detection system. Technical report, Faculty of Computer Science, Dalhousie University, pp. 11–150.

  48. Golovko, V., & Vaitsekhovich, L. (2009). Intrusion detection in TCP/IP networks using immune systems paradigm and neural network detectors. PhD thesis, Brest State Technical University, Brest, Belarus, pp. 15–169.

Download references

Author information

Authors and Affiliations

  1. Deptartment of Computer Science and Engineering, Faculty of Electronic Engineering, Minufiya University, Menouf, 32952, Egypt

    Nawal A. Elfeshawy & Osama S. Faragallah

Authors
  1. Nawal A. Elfeshawy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Osama S. Faragallah
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Osama S. Faragallah.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Elfeshawy, N.A., Faragallah, O.S. Divided two-part adaptive intrusion detection system. Wireless Netw 19, 301–321 (2013). https://doi.org/10.1007/s11276-012-0467-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11276-012-0467-7

Keywords

Search

Navigation