Instantaneous Intrusion Detection System

Abstract

The security of computer networks is a critical issue. Deficiencies within these networks makes them venerable to malicious actions that compromise the integrity, confidentiality or availability of the resources. The major problems with current intrusion detection systems (IDS) is the speed and accuracy of detection. The current neural network based intrusion detection systems requires offline training and are unable to detect new or unknown attacks in real time. In our thesis we present a faster neural network based hybrid intrusion detection system which can detect known and unknown patterns in real time. The hybrid system utilizes the CC4 instantaneously trained neural network as an anomaly based IDS to detect unknown class of attacks and a two layered feed forward neural network as a misuse based IDS to detect known attacks, Furthermore, the hybrid system classifies attacks into classes. The hybrid IDS has three components, a CC4 IDS which is used as an anomaly based IDS to detect unknown attacks, a two-layer feed-forward Levenberg-Marquardt training algorithm based IDS which is used as a misuse base IDS and the Post Processing Unit. The outputs of the respective IDSs are processed at the Post Processing Unit and based on the output the class of attack is determined. Results shows the hybrid system is capable of detecting known attacks class with 90-92% accuracy and with less than 3% of false positive and false negative rates. The hybrid system detects new or unknown attacks with an accuracy of 80-83%. The hybrid system is also able to detect new attacks in 1 iteration, thereby making it applicable for real time intrusion detection.