Affiliation:
1. School of Electrical Engineering, Belgrade
Abstract
Computer systems and networks suffer due to rapid increase of attacks, and in
order to keep them safe from malicious activities or policy violations, there
is need for effective security monitoring systems, such as Intrusion
Detection Systems (IDS). Many researchers concentrate their efforts on this
area using different approaches to build reliable intrusion detection
systems. Flow-based intrusion detection systems are one of these approaches
that rely on aggregated flow statistics of network traffic. Their main
advantages are host independence and usability on high speed networks, since
the metrics may be collected by network device hardware or standalone probes.
In this paper, an intrusion detection system using two neural network stages
based on flow-data is proposed for detecting and classifying attacks in
network traffic. The first stage detects significant changes in the traffic
that could be a potential attack, while the second stage defines if there is
a known attack and in that case classifies the type of attack. The first
stage is crucial for selecting time windows where attacks, known or unknown,
are more probable. Two different neural network structures have been used,
multilayer and radial basis function networks, with the objective to compare
performance, memory consumption and the time required for network training.
The experimental results demonstrate that the designed models are promising
in terms of accuracy and computational time, with low probability of false
alarms.
Publisher
National Library of Serbia
Cited by
31 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献