An integrated intrusion detection system by using multiple neural networks

Abstract

Neural networks approach is one of the most promising methodologies for intrusion detection in network security. An integrated intrusion detection system (IIDS) scheme based on multiple neural networks is proposed. The approaches used in IIDS include principal component neural networks, growing neural gas networks and principal component self-organizing map networks. By the abilities of classification and clustering analysis of the above methods, IIDS can be adapted to both anomaly and misuse detections for intrusive outsiders. The training stage is a mixture of supervised manner and unsupervised one. Furthermore, IIDS uses the buffering and spoofing principles of address resolution protocol (ARP) to capture and refuse the insider intruders trying to log on a local area network (LAN). Therefore, IIDS is able to detect the intrusions/attacks both from the outer Internet and an inner LAN. Experiments are carried out to illustrate the performance of the proposed intrusion detection system by using the KDD CUP 1999 Intrusion Detection Evaluation dataset.