Document Sample
IJAIEM-2014-04-30-115 Powered By Docstoc
					 International Journal of Application or Innovation in Engineering & Management (IJAIEM)
                     Web Site: Email:
Volume 3, Issue 4, April 2014                                                                            ISSN 2319 - 4847

          Attacks classification in Network Intrusion
                Detection System Using ANN
          Dr.A.P. Adsul1,Pooja Danke2 ,Meghana Jagdale3,Kuldeep Chaudhari4,Samarth Jadhav5
                                               Sinhgad Institute Of Technology And Science

Nowadays with the dramatic growth in communication and computer networks, security has become a critical subject for
computer systems. A good way to detect the algorithms, methods and applications are created and implemented to solve the
problem of detecting the attacks in intrusion detection systems. Most methods detect attacks and categorize in two groups, normal
or threat. This work presents a new approach of intrusion detection system based on artificial neural network. This work utilizes a
Multi-Layer Perceptron (MLP) for intrusion detection system. The designed system will detect the attacks and classify them in six
groups with the two hidden layers of neurons in the neural network.

Keywords: Artificial Neural Networks (ANN), Intrusion Detection System (IDS), MLP, Network Security.

Today because of existence of Internet and highly increase in usages of computers and Internet by people, companies and
governments doing their works and the dependency of systems to computer networks, as a result the security plays an
essential role to prevent the attacks. The highly connected computing world has also equipped the intruders and hackers
with new facilities for their destructive purposes. To detect malicious, illegal activities and brief attack description we
needed efficient intrusion detection system. The system designed in this work usage the artificial neural network to
minimize false positive and false negative alarms and improves the detection rate of attacks. For real time detection we
are considering ICMP packets only.
Artificial Neural Network (ANN) is the network of individual neurons. Each neuron in a neural network acts as an
independent processing element. Each processing element (neuron) is fundamentally a summing element followed by an
activation function. The most successful application of neural network is classification or categorization and pattern
recognition. There are two types of learning Supervise and Unsupervised. Multilayer Perceptron is well known
architecture of supervised learning. The MLP is employed for Pattern Recognition problems.

2. System Architecture
The figure 2.1 illustrates the architecture of the attack classification system. In this the Packet Monitor module monitors
network stream real time and capture packets to serve for the data source of the NIDS. In the pre-processing phase,
network traffic collected and processed for use as input to system. The Feature Extractor module extracts feature vector
from the network packets (connection records) and submits the feature vector to classifier module. The function of
Classifier module is to analyse the network stream and to draw a conclusion whether intrusion happens or not. When
detecting intrusion happens, Decision module will send a warning message to user.

                                                   Figure 2.1: System Architecture

Volume 3, Issue 4, April 2014                                                                                       Page 397
 International Journal of Application or Innovation in Engineering & Management (IJAIEM)
                     Web Site: Email:
Volume 3, Issue 4, April 2014                                                                        ISSN 2319 - 4847

The Knowledgebase module serves for the training samples of the classifier phase. The artificial neural network can work
effectively only when it has been trained correctly and sufficiently. The intrusion samples can be perfected under user
participation, so the capability of the detection can improve continually.
Attacks Classification: There are at least four different known categories of computer attacks including denial of service
(DOS) attack, user to root (U2R) attack, remote to user (R2L) attack and probing attacks. Six types of attacks are
considered: Smurf, Teardrop, Satan, Guest, Warezclient. These six attack types are selected from four different attack
categories (denial of service, probing, user to root and remote to user) to check for the ability of the intrusion detection
system to identify attacks from different categories.

3. System Implementation and Result

The section describes the detailing of the attack detection system as well as the result obtained from it.
3.1 Home page and File Select

                                                   Figure 3.1: File Select

Input to system is given in text and arff format. After that data labelling is done. Data is labelled according to normal and
attack packet as +1 and -1 as last bit position.

3.2 MLP Output

                                                  Figure 3.3: MLP Output

Volume 3, Issue 4, April 2014                                                                                  Page 398
 International Journal of Application or Innovation in Engineering & Management (IJAIEM)
                     Web Site: Email:
Volume 3, Issue 4, April 2014                                                                  ISSN 2319 - 4847

Table is shown with output count and categories of attacks.

3.4 Detection

                                                   Figure 3.4: Detection

Table is shown with Detection rate, false positive alarm rate and false negative alarm rate.

3.5 Detection Chart

                                               Figure 3.5: Detection Chart

Chart shows percentage of detection rate of attacks and false alarm.
X axis: Poles of Detection and False alarm.
Y axis: Percentage rate

3.6 Real time detection

                                              Figure 3.6:Real time Detection

Volume 3, Issue 4, April 2014                                                                         Page 399
 International Journal of Application or Innovation in Engineering & Management (IJAIEM)
                     Web Site: Email:
Volume 3, Issue 4, April 2014                                                                    ISSN 2319 - 4847

System detects the attack from another system which pings to home system.

4. Conclusion
Using Artificial Neural Network we have designed Network Intrusion Detection System. There is use of Multi-Layer
Perceptron for learning purpose and Aprori Algorithm for rule creation. By end we able to detect and classify attack into
Denial of Service (DoS), Probe, User to Root(U2R), Remote to User(R2L) categories with greater efficiency.

This research paper cannot be considered complete without mentioning Prof. Dr. A. P. Adsul. We wish to express true
sense of gratitude towards her valuable contribution .We are grateful to her for constant encouragement and guidance in
the fulfilment of this activity.

[1] James Cannady, “Artificial neural networks for misuse detection”, Proceedings of the 1998 National Systems
     Security Conference (NISSC’98), Arlington, VA, 1998.
[2] J. Ryan, M. Lin, and R. Miikulainen, “Intrusion Detection with Neural Networks”, AI Approaches to Fraud and Risk
     Management: Papers from the 1997 AAAI Workshop, Providence, pp.72-79, 1997.
[3] Srinivas Mukkamala, “Intrusion Detection using neural Networks and support vector machine”, Proceedings of the
     2002 IEEE International Honolulu, HI, 2002.
[4] Mukherjee B., Heberlein L.T., Levitt K.N., “Network Intrusion Detection”. IEEE Network. Pp.28-42, 1994.
[5] Kabiri P., Ghorbani A. “A Research in intrusion detection and response – a survey”. International Journal of
     Network Security, 2005.
[6] Helman P., Ghorbani A. “A Research in intrusion Detection “In Proceedings of the Fifth Computer Security
     Foundations Workshop pp.114-120, 1992.
[7] Anderson D.,Frivold T.,Valdes “Next Generation Intrusion Detection Expert System (NIDES) A Summary”. SRI
     International Technical Report SRI-CSL-95-07,1995.
[8] P. Garcia-Teodoroa., J. Diaz-Verdejoa., G. Macia-Fernandeza., E. Vazquezb. “Anomaly based network Intrusion
     Detection: Techniques, systems and Challenges” Elsevier, 2009.
[9] Sergios Theodorios and Konstantinos Koutroumbas “Pattern Recognition” Cambridge: Academic press 1999.
[11] Mohommad Reza Norouzian, Sobhan Merati “Classifying Attacks in Network Intrusion Detection System Based on
     Artificial Neural Network” at ICACT, 2011.

Volume 3, Issue 4, April 2014                                                                              Page 400

Shared By: