DocumentCode
3244918
Title
The Power of Temporal Pattern Processing in Anomaly Intrusion Detection
Author
Al-Subaie, M. ; Zulkernine, Mohammad
Author_Institution
Queen´s Univ., Kingston
fYear
2007
fDate
24-28 June 2007
Firstpage
1391
Lastpage
1398
Abstract
A clear deficiency in most of todays anomaly intrusion detection systems (AIDS) is their inability to distinguish between a new form of legitimate normal behavior and a malicious attack based on known previous normal behaviors. This deficiency is known as the lack of generalization ability. The lack of generalization ability of the present AIDS results mainly in two direct consequences. As a first consequence, the current AIDS are capable of detecting neither new sophisticated attacks nor slight variations of known attacks launched against computing systems. The high rate of false positive and false negative alerts generated by the current AIDS is the second consequence. Many research initiatives that utilize machine learning techniques including neural networks have been proposed to overcome the lack of generalization. Unfortunately, most of such research initiatives have intrinsically focused on utilizing static techniques, that perform structural pattern recognition. Temporal pattern processing techniques have not gained much attention in this arena. In this research, we present a novel anomaly intrusion detection system based on recurrent neural networks (RNN) which is a temporal pattern processing technique. We show that RNN can efficiently discriminate novel intrusive behaviors while recognizing new normal behaviors. Thus, they reduce the false positive and negative alarms, and address the lack of generalization problem associated with the current AIDS. The ability of RNN to generalize normal as well as intrusive behavior outperforms Multilayer Perceptron (MLP) neural network, a structural pattern recognition technique, in a significant way.
Keywords
learning (artificial intelligence); pattern recognition; recurrent neural nets; security of data; anomaly intrusion detection; generalization ability; machine learning techniques; malicious attack; recurrent neural networks; structural pattern recognition; temporal pattern processing; Acquired immune deficiency syndrome; Communications Society; Intrusion detection; Machine learning; Multi-layer neural network; Multilayer perceptrons; Neural networks; Pattern recognition; Recurrent neural networks; Research initiatives;
fLanguage
English
Publisher
ieee
Conference_Titel
Communications, 2007. ICC '07. IEEE International Conference on
Conference_Location
Glasgow
Print_ISBN
1-4244-0353-7
Type
conf
DOI
10.1109/ICC.2007.234
Filename
4288905
Link To Document