A novel intrusion detection mode based on understandable neural network trees

Abstract

Several data mining techniques such as Hidden Markov Model (HMM), artificial neural network, statistical techniques and expert systems are used to model network packets in the field of intrusion detection. In this paper a novel intrusion detection mode based on understandable Neural Network Tree (NNTree) is presented. NNTree is a modular neural network with the overall structure being a Decision Tree (DT), and each non-terminal node being an Expert Neural Network (ENN). One crucial advantage of using NNTrees is that they keep the non-symbolic model ENN’s capability of learning in changing environments. Another potential advantage of using NNTrees is that they are actually “gray boxes” as they can be interpreted easily if the number of inputs for each ENN is limited. We showed through experiments that the trained NNTree achieved a simple ENN at each non-terminal node as well as a satisfying recognition rate of the network packets dataset. We also compared the performance with that of a three-layer backpropagation neural network. Experimental results indicated that the NNTree based intrusion detection model achieved better performance than the neural network based intrusion detection model.