Octopus-IIDS: An anomaly based intelligent intrusion detection system

The intrusion detection systems (IDS) are designed to identify unwanted attempts at manipulating, accessing or disabling of computer systems, mainly through a network, such as the Internet. Additionally, the IDSs can perform other functions like intrusion prevention (IPS), including proactive functions. A recurrent problem in intrusion detection systems is the difficulty to distinguish legitimate access from attacks. A lot of conventional IDSs are signature based, although they do not identify variations of these attacks nor new attacks. This paper presents an intrusion detection system model based on the behavior of network traffic through the analysis and classification of messages. Two artificial intelligence techniques named Kohonen neural network (KNN) and support vector machine (SVM) are applied to detect anomalies. These techniques are used in sequence to improve the system accuracy, identifying known attacks and new attacks, in real time. The paper also makes an analysis of the features used to classify data in order to define which of them are really relevant for each class of attack defined in our experiments.