research centers


Search results: Found 1

Listing 1 - 1 of 1
Sort by

Article
Development an Anomaly Network Intrusion Detection System Using Neural Network

Authors: Elaf Sabah Abbas --- Hamid M. Ali --- Kais Said Al-Sabbagh
Journal: Journal of Engineering مجلة الهندسة ISSN: 17264073 25203339 Year: 2012 Volume: 18 Issue: 12 Pages: 1325-1334
Publisher: Baghdad University جامعة بغداد

Loading...
Loading...
Abstract

Most intrusion detection systems are signature based that work similar to anti-virus but they are unable to detect the zero-day attacks. The importance of the anomaly based IDS has raised because of its ability to deal with the unknown attacks. However smart attacks are appeared to compromise the detection ability of the anomaly based IDS. By considering these weak points the proposed system is ‎developed to overcome them.‎The proposed system is a development to the well-known payload anomaly detector (PAYL). By combining two stages with the PAYL ‎detector, it gives good detection ability and acceptable ratio of false ‎positive. The proposed system improve the models recognition ability in the ‎PAYL detector, for a filtered unencrypted HTTP subset traffic of ‎DARPA 1999 data set, from 55.234% in the PAYL system alone to ‎‎99.94% in the proposed system; due to the existence of the neural ‎network self-organizing map (SOM). In addition SOM decreases the ‎ratio of false positive from 44.676% in the PAYL system alone to ‎‎5.176% in the proposed system.The proposed system provides 80% detection ability of smart worms that are meant to invade the PAYL detector in the PAYL system alone, due to the existence of the randomization stage in the proposed system.

معظم ال(Intrusion Detection Systems)هي من نوع (Signature based) والتي تعمل بشكل مشابه الى مضادات الفايروسات ولكنها غير قادرة على التعرف على الهجمات التى تظهر لاول مره (الهجمات غير المدرجه في قاعده بياناتها) وقد ظهرت اهميه ال(anomaly based IDS) .تم تطوير النظام المقترح للتغلب على نقاط الضعف المذكوه سابقا.النظام المقترح هو تطوير الى نظام ال (PAYL) المعروف. بدمج مرحلتين مع كاشف ال(PAYL) يتم الحصول على قدره كشف جيده ونسبه ايجابيه كاذبه (False positive) الى 99.94% في النظام المقترح ، نتيجه لوجود الشبكه العصبيه. وكذلك قلل وجود ال (SOM) ال (False positive) من 44.676% في ال (PAYL system alone ) الى 5.176% في النظام المقترح .بسبب وجود مرحلة ال (randomization ) اظهر النظام المقترح قابليه على اكتشاف ال (smart worms) والمصممه لغزو كاشف ال ( PAYL) في ال (PAYL system alone ) بنسبة 80%.

Listing 1 - 1 of 1
Sort by
Narrow your search

Resource type

article (1)


Language

Arabic and English (1)


Year
From To Submit

2012 (1)