Large-scale network intrusion detection based on distributed learning algorithm

被引:9
作者
Tian, Daxin [1 ]
Liu, Yanheng [1 ]
Xiang, Yang [2 ]
机构
[1] Jilin Univ, Coll Comp Sci & Technol, Changchun 130012, Peoples R China
[2] Cent Queensland Univ, Sch Management & Informat Syst, Rockhampton, Qld 4702, Australia
基金
中国国家自然科学基金; 新加坡国家研究基金会;
关键词
Intrusion detection system; Distributed learning; Neural network; Network behavior; NEURAL-NETWORK;
D O I
10.1007/s10207-008-0061-2
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
As network traffic bandwidth is increasing at an exponential rate, it's impossible to keep up with the speed of networks by just increasing the speed of processors. Besides, increasingly complex intrusion detection methods only add further to the pressure on network intrusion detection (NIDS) platforms, so the continuous increasing speed and throughput of network poses new challenges to NIDS. To make NIDS usable in Gigabit Ethernet, the ideal policy is using a load balancer to split the traffic data and forward those to different detection sensors, which can analyze the splitting data in parallel. In order to make each slice contains all the evidence necessary to detect a specific attack, the load balancer design must be complicated and it becomes a new bottleneck of NIDS. To simplify the load balancer this paper put forward a distributed neural network learning algorithm (DNNL). Using DNNL a large data set can be split randomly and each slice of data is presented to an independent neural network; these networks can be trained in distribution and each one in parallel. Completeness analysis shows that DNNL's learning algorithm is equivalent to training by one neural network which uses the technique of regularization. The experiments to check the completeness and efficiency of DNNL are performed on the KDD'99 Data Set which is a standard intrusion detection benchmark. Compared with other approaches on the same benchmark, DNNL achieves a high detection rate and low false alarm rate.
引用
收藏
页码:25 / 35
页数:11
相关论文
共 25 条
[21]  
Tuck N, 2004, IEEE INFOCOM SER, P2628
[22]   Towards the automatic generation of mobile agents for distributed intrusion detection system [J].
Wang, YX ;
Behera, SR ;
Wong, J ;
Helmer, G ;
Honavar, V ;
Miller, L ;
Lutz, R ;
Slagell, M .
JOURNAL OF SYSTEMS AND SOFTWARE, 2006, 79 (01) :1-14
[23]   Automating experiments using semantic data on a bioinformatics grid [J].
Wroe, C ;
Goble, C ;
Greenwood, M ;
Lord, P ;
Miles, S ;
Papay, J ;
Payne, T ;
Moreau, L .
IEEE INTELLIGENT SYSTEMS, 2004, 19 (01) :48-55
[24]   An active splitter architecture for intrusion detection and prevention [J].
Xinidis, K ;
Charitakis, I ;
Antonatos, S ;
Anagnostakis, KG ;
Markatos, EP .
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2006, 3 (01) :31-44
[25]   Intrusion detection system for high-speed network [J].
Yang, W ;
Fang, BX ;
Liu, B ;
Zhang, HL .
COMPUTER COMMUNICATIONS, 2004, 27 (13) :1288-1294