Intrusion Detection System Based on Pattern Recognition.

Abstract

Artificial intelligence has been developed to be able to solve difficult problems that involve huge amounts of data and that require rapid decision-making in most branches of science and business. Machine learning is one of the most prominent areas of artificial intelligence, which has been used heavily in the last two decades in the field of network security, especially in Intrusion Detection Systems (IDS). Pattern recognition is a machine learning method applied in medical applications, image processing, and video processing. In this article, two layers' IDS is proposed. The first layer classifies the network connection according to the used service. Then, a minimum number of features that optimize the detection accuracy of malicious activities on that service are identified. Using those features, the second layer classifies each network connection as an attack or normal activity based on the pattern recognition method. In the training phase, two multivariate normal statistical models are created: the normal behavior model and the attack behavior model. In the testing and running phases, a maximum likelihood estimation function is used to classify a network connection into attack or normal activity using the two multivariate normal statistical models. The experimental results prove that the proposed IDS has superiority over related IDSs for network intrusion detection. Using only four features, it successfully achieves DR of 97.5%, 0.001 FAR, MCC 95.7%, and 99.8% overall accuracy.