Search results

The task of internet intrusion detection is to detect anomalous network connections caused by intrusive activities. There have been many intrusion detection schemes proposed, most of which apply both normal and intrusion data to construct classifiers. However, normal data and intrusion data are often seriously imbalanced because intrusive connection data are usually difficult to collect. Internet intrusion detection can be considered as a novelty detection problem, which is the identification of new or unknown data, to which a learning system has not been exposed during training. This paper aims to address this issue.

In this paper, a novelty detection‐based intrusion detection system is proposed by combining the self‐organizing map (SOM) and the kernel auto‐associator (KAA) model proposed earlier by the first author. The KAA model is a generalization of auto‐associative networks by training to recall the inputs through kernel subspace. For anomaly detection, the SOM organizes the prototypes of samples while the KAA provides data description for the normal connection patterns. The hybrid SOM/KAA model can also be applied to classify different types of attacks.

Using the KDD CUP, 1999 dataset, the performance of the proposed scheme in separating normal connection patterns from intrusive connection patterns was compared with some state‐of‐art novelty detection methods, showing marked improvements in terms of the high intrusion detection accuracy and low false positives. Simulations on the classification of attack categories also demonstrate favorable results of the accuracy, which are comparable to the entries from the KDD CUP, 1999 data mining competition.

The hybrid model of SOM and the KAA model can achieve significant results for intrusion detection.

The purpose of this paper is to solve the shortage of the existing methods for the prediction of network security situations (NSS). Because the conventional methods for the prediction of NSS, such as support vector machine, particle swarm optimization, etc., lack accuracy, robustness and efficiency, in this study, the authors propose a new method for the prediction of NSS based on recurrent neural network (RNN) with gated recurrent unit.

This method extracts internal and external information features from the original time-series network data for the first time. Then, the extracted features are applied to the deep RNN model for training and validation. After iteration and optimization, the accuracy of predictions of NSS will be obtained by the well-trained model, and the model is robust for the unstable network data.

Experiments on bench marked data set show that the proposed method obtains more accurate and robust prediction results than conventional models. Although the deep RNN models need more time consumption for training, they guarantee the accuracy and robustness of prediction in return for validation.

In the prediction of NSS time-series data, the proposed internal and external information features are well described the original data, and the employment of deep RNN model will outperform the state-of-the-arts models.