微信服务号

微信订阅号

2025-4-6- 23
Home > Archive>Volume 19, Issue 4, 2008 >993-1003
PDF HTML XML Export Cite reminder
Large-Scale Network Intrusion Detection Algorithm Based on Distributed Learning
Author:
Affiliation:

  • Article
    • | |
  • Metrics
    • |
  • Reference [27]
    • |
  • Related [20]
    • |
  • Cited by [14]
    • | |
  • Comments
    Abstract:

    As Internet bandwidth is increasing at an exponential rate, it's impossible to keep up with the speed of networks by just increasing the speed of processors. In addition, those complex intrusion detection methods also further add to the pressure on network intrusion detection system (NIDS) platforms, and then the continuous increasing speed and throughput of network pose new challenges to NIDS. In order to make NIDS effective in Gigabit Ethernet, the ideal policy is to use a load balancer to split the traffic and forward them to different detection sensors, and these sensors can analyze the splitting data in parallel. If the load balancer is required to make each slice containing all the necessary evidence to detect a specific attack, it has to be designed complicatedly and becomes a new bottleneck of NIDS. To simplify the load balancer, this paper puts forward a distributed neural network learning algorithm. By using the learning algorithm, a large data set can be split randomly and each slice data is handled by an independent neural network in parallel. The first experiment tests the algorithm's learning ability on the benchmark of circle-in-the-square and compares it with ARTMAP (adaptive resonance theory supervised predictive mapping) and BP (back propagation) neural network; the second experiment is performed on the KDD'99 Data Set which is a standard intrusion detection benchmark. Comparisons with other approaches on the same benchmark show that it can perform detection at a high detection speed and low false alarm rate.

    Reference
    [1]Song H,Lockwood JW.Efficient packet classification for network intrusion detection using FPGA.In:Wilton S,ed.Proc.of the 13th Int'l Symp.on Field-Programmable Gate Arrays.New York:ACM Press,2005.238-245.
    [2]Baker.ZK,Prasanna VK.A methodology for synthesis of efficient intrusion detection systems on FPGAs.In:Pocek KL,ed.Proc.of the 12th Annual IEEE Symp.on Field-Programmable Custom Computing Machines.Washington:IEEE Computer Society,2004.135-144.
    [3]Tian DX,Liu YH,Li YL,Tang Y.Fast matching algorithm and conflict detection for packet filter rules.Journal of Computer Research and Development,2005,42(7):1128-1135 (in Chinese with English abstract).
    [4]Tuck N,Sherwood T,Calder B,Varghese G.Deterministic memory-efficient string matching algorithms for intrusion detection.In:Li VOK,ed.Proc.of the 23rd Conf.of the IEEE Communications Society.Piscataway:IEEE Press,2004.2628-2639.
    [5]Tan L,Sherwood T.A high throughput string matching architecture for intrusion detection and prevention.In:Hill MD,ed.Proc.of the 32nd Int'l Symp.on Computer Architecture.Washington:IEEE Computer Society,2005.112-122.
    [6]Mukkamala S,Sung AH,Abraham A.Intrusion detection using an ensemble of intelligent paradigms.Journal of Network and Computer Applications,2005,28(2):167-182.
    [7]Lee H,Chung Y,Park D.An adaptive intrusion detection algorithm based on clustering and kernel-method.In:Ng WK,ed.Proc.of the 10th Pacific-Asia Conf.on Knowledge Discovery and Data Mining.Berlin,Heidelberg:Springer-Verlag,2006.603-610.
    [8]Xu X,Wang X.An adaptive network intrusion detection method based on PCA and support vector machines.In:Li X,ed.Proc.of the 1st Int'l Conf.on Advanced Data Mining and Applications.Berlin,Heidelberg:Springer-Verlag,2005.696-703.
    [9]Aggarwal CC,Yu PS.An effective and efficient algorithm for high-dimensional outlier detection.The Int'l Journal on Very Large Data Bases,2005,14(2):211-221.
    [10]Rawat S,Pujari AK,Gulati VP.On the use of singular value decomposition for a fast intrusion detection system.Electronic Notes in Theoretical Computer Science,2006,142(3):215-228.
    [11]Kruegel C,Valeur F,Vigna G,Kemmerer R.Stateful intrusion detection for high-speed networks.In:Abadi M,ed.Proc.of the IEEE Symp.on Security and Privacy.Washington:IEEE Computer Society,2002.285-294.
    [12]Lai H,Cai S,Huang H,Xie J,Li H.A parallel intrusion detection system for high-speed networks.In:Jakobsson M,ed.Proc.of the Applied Cryptography and Network Security:2nd Int'l Conf.Berlin,Heidelberg:Springer-Verlag,2004.439-451.
    [13]Jiang W,Song H,Dai Y.Real-Time intrusion detection for high-speed networks.Computers & Security,2005,24(4):287-294.
    [14]Charitakis I,Anagnostakis KG,Markatos E.An active traffic splitter architecture for intrusion detection.In:Kotsis G,ed.Proc.of the 11th IEEE/ACM Int'l Symp.on Modeling,Analysis and Simulation of Computer Telecommunications Systems.Washington:IEEE Computer Society,2003.238-241.
    [15]Schaelicke L,Wheeler K,Freeland C.SPANIDS:A scalable network intrusion detection loadbalancer.In:Valero M,ed.Proc.of the 2nd Conf.on Computing Frontiers.New York:ACM Press,2005.315-322.
    [16]Giraud-Carrier C,Vilalta R,Brazdil P.Introduction to the special issue on meta-learning.Machine Learning,2004,54(3):187-193.
    [17]Fan W,Wang H,Yu P,Stolfo S.A framework for scalable cost-sensitive learning based on combing probabilities and benefits.In:Grossman RL,ed.Proc.of the 2nd SIAM Int'l Conf.on Data Mining.Philadelphia:SIAM Press,2002.437-453.
    [18]Yamanishi K.Distributed cooperative Bayesian learning strategies.In:Freund Y,ed.Proc.of the 10th Annual Conf.on Computational Learning Theory.New York:ACM Press,1997.250-262.
    [19]Chan PK,Stolfo SJ.Toward scalable learning with non-uniform class and cost distributions:A case study in credit card fraud detection.In:Rakesh A,ed.Proc.of the 4th Int'l Conf.on Knowledge Discovery and Data Mining.Menlo Park:AAAI Press,1998.164-168.
    [20]Chan PK,Fan W,Prodromidis AL,Stolfo SJ.Distributed data mining in credit card fraud detection.IEEE Intelligent Systems,1999,14(6):67-74.
    [21]Sung B,Jerzy B.A decision tree algorithm for distributed data mining:Towards network intrusion detection.LNCS 3046,Berlin,Heidelberg:Springer-Verlag,2004.206-212.
    [22]Liu YH,Tian DX,Wang AM.ANNIDS:Intrusion detection system based on artificial neural network.In:Cloete I,ed.Proc.of the 2nd Int'l Conf.on Machine Learning and Cybernetics.Washington:IEEE Computer Society,2003.1337-1342.
    [23]Tian DX,Liu YH,Wei D.ARTNIDS:A network intrusion detection system based on adaptive resonance theory.Chinese Journal of Computers,2005,28(11):1882-1889 (in Chinese with English abstract).
    [24]Geman S,Bienenstock E,Doursat R.Neural networks and the bias/variance dilemma.Neural Computation,1992,4(1):1-58.
    [25]Bishop CM.Training with noise is equivalent to Tikhonov regularization.Neural Computation,1995,7(11):108-115.
    [26]Carpenter GA,Grossberg S,Markuzon N,Reynolds JH,Rosen DB.Fuzzy ARTMAP:A neural network architecture for incremental supervised learning of analog multidimensional maps.IEEE Trans.on Neural Networks,1992,3(5):698-713.
    [27]Folino G,Pizzuti C,Spezzano G.GP ensemble for distributed intrusion detection systems.In:Singh S,ed.Proc.of the 3rd Int'l Conf.on Advanced in Pattern Recognition.Berlin,Heidelberg:Springer-Verlag,2005.54-62.
    Comments
    Comments
    分享到微博
    Submit
Get Citation

刘衍珩,田大新,余雪岗,王 健.基于分布式学习的大规模网络入侵检测算法.软件学报,2008,19(4):993-1003

Copy
Share
Article Metrics
  • Abstract:5352
  • PDF: 7446
  • HTML: 0
  • Cited by: 0
History
  • Received:March 29,2007
  • Revised:June 14,2007
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the first2033425Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063