By Topic

The Power of Temporal Pattern Processing in Anomaly Intrusion Detection

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Al-Subaie, M. ; Queen's Univ., Kingston ; Zulkernine, M.

A clear deficiency in most of todays anomaly intrusion detection systems (AIDS) is their inability to distinguish between a new form of legitimate normal behavior and a malicious attack based on known previous normal behaviors. This deficiency is known as the lack of generalization ability. The lack of generalization ability of the present AIDS results mainly in two direct consequences. As a first consequence, the current AIDS are capable of detecting neither new sophisticated attacks nor slight variations of known attacks launched against computing systems. The high rate of false positive and false negative alerts generated by the current AIDS is the second consequence. Many research initiatives that utilize machine learning techniques including neural networks have been proposed to overcome the lack of generalization. Unfortunately, most of such research initiatives have intrinsically focused on utilizing static techniques, that perform structural pattern recognition. Temporal pattern processing techniques have not gained much attention in this arena. In this research, we present a novel anomaly intrusion detection system based on recurrent neural networks (RNN) which is a temporal pattern processing technique. We show that RNN can efficiently discriminate novel intrusive behaviors while recognizing new normal behaviors. Thus, they reduce the false positive and negative alarms, and address the lack of generalization problem associated with the current AIDS. The ability of RNN to generalize normal as well as intrusive behavior outperforms Multilayer Perceptron (MLP) neural network, a structural pattern recognition technique, in a significant way.

Published in:

Communications, 2007. ICC '07. IEEE International Conference on

Date of Conference:

24-28 June 2007