A hybrid artificial neural network model (hop field-som with conscience)‎ for effective network intrusion detection system

مقدم أطروحة جامعية

al-Rashdan, Wisam Kurdi Ayid

مشرف أطروحة جامعية

Naum, Riyad Shakir

أعضاء اللجنة

al-Shaykh, Asim A. R.
al-Dabbas, Umar Ṣuhaib
Kanan, Raid Karim

الجامعة

الأكاديمية العربية للعلوم المالية و المصرفية

الكلية

كلية نظم و تكنولوجيا المعلومات

القسم الأكاديمي

قسم نظم المعلومات الحاسوبية

دولة الجامعة

الأردن

الدرجة العلمية

دكتوراه

تاريخ الدرجة العلمية

2011

الملخص الإنجليزي

The main function of any Intrusion Detection Systems is to protect the system, analyze and predict the behaviors of users.

As the number of attacks has been increased and their intrusion behaviors cause a great damage of systems, developing a fast and robust Intrusion Detection System becomes a necessity.

In this research work, we build four methods through four experiments and then we choose the more accrued one.

We study the possible use of the Hybrid Artificial Neural Networks (supervised and unsupervised) learning capabilities to classify and / or detecting network intrusions from the KDDCup'99 dataset, the intrusion detection problem is considered as a pattern recognition one, the Artificial Neural Network must learn to differentiate between normal and abnormal patterns (DoS, Prob., R2L, U2R) very well.

Since Artificial Neural Networks suffers from the high computation intensity and the long training cycles, we propose a new learning schema consisting of three cooperative phases by using an 1- Enhanced k-means clustering algorithm in Phase-1 "clustering phase", a Hybrid Artificial Neural Network (Hopfield and Coonan-SOM with Conscience Function) in Phase-2 "training phase" and a Multi-Class Support Vector Machines (5-Classes) in Phase-3 "testing phase", in order to enhance False positive Rate, Error Rate and Accuracy Rate and to get a new generation of vectors that we can add to the training dataset.

This technique is independent of the dataset and structures employed, and can be used with any real values training dataset because our proposed system includes a data preprocessing unit.

Our proposed system is shown to be capable of learning attacks and normal behaviors from the training data and make accurate predictions on the test data.

According to the obtained results, it can be asserted that substantial improvements of the Intrusion Detection Systems performance are feasible, even if other classification methods can perform better.

In terms of future work, more work must be performed to find an optimal way to determine the number of used clusters, most significant feature and selected samples of each class.

A statistical study of the information distribution in each class seems to be a good appropriate approach.

The experiments will compare the results with different methods and show that method-D and Support Vector Machine schema could improve the False Positive Rate, Error Rate and Accuracy.

التخصصات الرئيسية

تكنولوجيا المعلومات وعلم الحاسوب

الموضوعات

• الشبكات العصبية(الحاسبات الإلكترونية)

عدد الصفحات

163

قائمة المحتويات

• APA
• MLA
• AMA

لغة النص

الإنجليزية

نوع البيانات

رسائل جامعية

رقم السجل

BIM-306727