Parallel analysis for lightweight network incident detection using nonlinear adaptive systems

The rapid increasing of security incidents imposes a great burden on Internet users and system administrators. In this paper we discuss a parallel analysis for lightweight network incident detection using nonlinear adaptive systems. We run AID (anomaly intrusion detection) and MID (misuse intrusion detection) systems in parallel. Two detectors generate binary output misuse = {YES/NO} and anomaly = {YES/NO}. Then, we can determine whether we need to perform network or security operation. We apply clustering algorithm for AID and classification algorithm for MID. The nonlinear adaptive system is trained for running MID and AID in parallel. Proposed parallel system is more lightweight and simple to operate even if the number of incident patterns is increased. Experimental results in the case where false positive is frequently caused show that our method is functional with a recognition rate of attacks less than 10%, while finding the anomaly status. Also, performance evaluation show that proposed system can work with reasonable CPU utilization compared with conventional serial search based system.