What defines an intruder? An intelligent approach

All attacks in a computer network begin with an intruder´s action of affecting the services provided to legitimate users. Hence, intrusion detection is vital for preserving integrity, confidentiality, and availability in a computer network. Intrusion detection faces many challenges, such as the need for large amount of data to discriminate between intruders and non-intruders, and the overlapping of user behavior to that of the intruders. This paper aims to target both of these challenges, by employing a distributed intrusion prevention system based on the Binary Partitle Swarm Optimization (BPSO) and Probabilistic Neural Network (PNN) algorithms. Such a system is capable of: 1) locally classifying actions as intruder or non-intruder type, and 2) consulting neighbors for casting a majority vote, upon finding high ambiguity on a decision. The algorithm uses an evolutionary computation approach to select the best features that can help classify intruders, while using fewer amounts of data. Furthermore, the approach uses concepts from semi-supervised learning to improve and adapt over time, to any network infrastructure. To demonstrate the viability of the proposed approach, a random set of data has been selected from the KDD-99 dataset. Such a set contained capture data from both users and attackers. Results have been compared with traditional data mining algorithms from previous work, demonstrating that such a system can have high accuracy, while maintaining a low false alarm rate.