Neural Network based Intrusion Detection Systems

Recent Intrusion Detection Systems (IDSs) which are used to monitor real-time attacks on computer and network systems are still faced with problems of low detection rate, high false positive, high false negative and alert flooding. This paper present a Neural Network-based approach that combined supervised and unsupervised learning techniques designed to correct some of these problems. The design is divided into two phases namely: Training and Detection. In the training phase, Multiple Self–Organizing Map algorithm (SOM) was constructed to capture a number of different input patterns, discover significant features in these patterns and learn how to classify input. Sigmoid Activation Function (SAF) was used to transform the input into a reasonable value (0, 1). The learning weights were randomly assigned in the range (-1, +1) to obtain the output consistent with the training. SAF was represented using a hyperbolic tangent in order to increase the learning speed and make learning efficient. Momentum and adaptive learning rates were introduced to significantly improve the performance of the back-propagation neural network. The trained lattice of neuron was used as input in the back propagation for the real-time monitoring and detection of intrusive activities. The design was implemented in Visual Basic.Net. An evaluation was carried out using Network Traffic data collected from Defence Advanced Research Projects Agency dataset consisting of normal and intrusive traffic. The training model was performed by means of Root Mean Square (RMS) error analysis using learning rate of 0.70, 4 input layers, 8 hidden layers and 2 output layers. The evaluation result of the new design showed a promising and improved technique when compared with the recent and best known related work.