| With the development of computer and computer networks, network-based computer systems play increasingly vital roles in modern society. In addition to intrusion prevention techniques, such as user authentication and authorization, encryption, and defensive programming, intrusion detection is often used as another wall to protect computer systems. The intrusion detection field has grown considerably in the last few years, and a large number of intrusion detection systems (IDS) have been developed to address different needs. Intrusion detection is clearly necessary with the growing number of computer systems being connected to networks. Intrusion-detection techniques can be classified into two categories: misuse detection and anomaly detection. Misuse detection looks for signatures of known attacks, and any matched activity is considered as an attack. They use patterns of known attacks or weak spots of the system to match and identify known intrusions. Misuse detection can detect known attacks effectively, though it usually cannot accommodate unknown attacks. Anomaly detection models a user's behaviors, and any significant deviation from the normal behaviors is considered the result of an attack. In this paper, we present a new system based on artificial neural network for detecting network intrusions. Clustering is a major tool used in a number of applications, such as analyzing gene expression data, data mining, image processing, web mining, hypothesis generation, hypothesis testing, prediction based on groups and so on. Competitive learning neural network is the main method for clustering analysis. To solve the problems in the competitive layer, an added and deleted competitive neural network is proposed in this paper. Its unsupervised learning method is based on the Hebbian postulate and a new competitive learning method is adopted. The main idea of learning is that the similarity level decides the rewarded and penalized rate. To overcome the dead units problems it adds new neuron when it is necessary to constitute a new cluster. After learning, another important task of it is detecting whether there are wrong clusters, if it finds one, it will delete the cluster and combine its elements with the cluster which is the most similar cluster to the wrong cluster, and thus the result of clustering is more accurate. Since network package is layered, we use adaptive resonance theory to study the package and a similar Hamming distance method is adopted in the detection, which is effective in reducing false positive errors and false negative errors. The bottleneck of package filter method is produced due to a large number of filter rules need to be checked. In this paper a fast matching algorithm...
|
PDF Full Text Request