Biomedical Engineering Reference
In-Depth Information
neural network approach to improve the alert throughput of a network and making it
attack prohibitive using IDS. For evolving and testing intrusions, the KDD CUP 99
dataset were used. Stefano Zanero proposed a novel architecture which implements
a network-based anomaly detection system using unsupervised learning algorithms.
They described how the pattern recognition features of a self-organizing Map
algorithm can be used for intrusion detection purposes on the payload of TCP
network World Journal of Science and Technology 2012, 2(3):127-133 131
packets.
Liberios Vokorokos presented IDS and design architecture of intrusion
detection based on neural network self-organizing map. Result of the designed
architecture is simulation in real conditions.
IDS and AIS Background
This section gives a brief introduction to two distinct fields of study—IDS and
AIS, setting the background to and defining the terminology used in the sections
that follow.
Intrusion Detection System
An IDS constantly monitors actions in a certain environment and decides whether
they are part of a possible hostile attack or a legitimate use of the environment.
The environment may be a computer, several computers connected in a network,
or the network itself. The IDS analyzes various kinds of information about actions
emanating from the environment and evaluates the probability that they are
symptoms of intrusions. Such information includes, for example, configuration
information about the current state of the system, audit information describing the
events that occur in the system (e.g., event log in Windows XP), or network traffic.
Several measures for evaluating IDS have been suggested [
12
-
15
]. These mea-
sures include accuracy, completeness, performance, efficiency, fault tolerance,
timeliness, and adaptivity. The more widely used measures are:
The TP rate, that is, the percentage of intrusive actions (e.g., error-related
pages) detected by the system, false positive (FP) rate which is the percentage of
normal actions (e.g., pages viewed by normal users) the system incorrectly iden-
tifies as intrusive, and accuracy which is the percentage of alarms found to rep-
resent abnormal behavior out of the total number of alarms. In the current research,
TP, FP, and Accuracy measures were adopted to evaluate the performance of the
new methodology. There are IDS that simply monitor and alert, and there are IDS
that perform an action or actions in response to a detected threat. We will cover
each of these briefly.
Search WWH ::
Custom Search