Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Network-Based Anomaly Detection Using an Elman Network

  • Conference paper
Networking and Mobile Computing (ICCNMC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 3619))

Included in the following conference series:

Abstract

An intrusion detection model based on Elman network is proposed to detect anomalies in network traffic. The model applies an Elman network for anomaly detection in order to provide the detector with an internal memory and therefore necessary dynamic characteristics. Unlike the existing applications of Artificial Neural Networks to detect intrusion that extract a set of attributes from only the packet headers but discard the packet payload, the present model adopts the concept of clustering the payload to alleviate information loss by retaining part of the information related to the packet payload. The model has been applied to DARPA IDS Evaluation dataset and the results demonstrate that with the two unique features, the model can identify not only intra-packet anomalies, but also inter-packet sequence anomalies.

This work is supported by National Natural Science Foundation of China under grants No.90412010.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Lee, W., Stolfo, S., Chan, P.K.: Learning patterns from unix process execution traces for intrusion detection. In: Proc. of AAAI 1997 Workshop on AI Methods in Fraud and Risk Management (1997)

    Google Scholar 

  2. Vigna, G., Kemmerer, R.A.: Netstat: A network-based intrusion detection approach. In: Proc. of the 1998 Annual Computer Security Applications Conference (ACSAC 1998), Los Alamitos, CA, December 1998, pp. 25–34. IEEE Computer Society, Los Alamitos (1998)

    Google Scholar 

  3. Porras, P.A., Neumann, P.G.: Emerald: Event monitoring enabling responses to anomalous live disturbances. In: Proc. of the 20th National Information Systems Security Conference, October 1997, pp. 353–365 (1997)

    Google Scholar 

  4. Ghosh, A.K., Wanken, J., Charron, F.: Detecting anomalous and unknown intrusions against programs. In: Proc. of the 1998 Annual Computer Security Applications Conference (ACSAC 1998) (December 1998)

    Google Scholar 

  5. Labib, K., Vemuri, R.: TNSOM: A real-time network-based intrusion detection system using self-organizing maps, Technical report, Dept. of Applied Science, University of California, Davis (2002)

    Google Scholar 

  6. Lunt, T.F.: IDES: an intelligent system for detecting intruders. In: Proc. of the Symposium: Computer Security, Threat and Countermeasures, Rome, Italy (November 1990)

    Google Scholar 

  7. Pan, Z., Chen, S.: Hybrid Neural Network and C4.5 for Misuse Detection. In: Proc. of the 2nd International Conference on Machine Learning and Cybernetics, Xi’an (November 2003)

    Google Scholar 

  8. Debar, H., Dorizzi, B.: An Application of a Recurrent Network to an Intrusion Detection System. In: Proc. of DARPA Information Survivability Conference and Exposition, vol. 2, pp. 12–26 (2000)

    Google Scholar 

  9. Ryan, J., Lin, M., Miikkulainen, R.: Intrusion Detection with Neural Networks. In: Proc. of the 1997 Conference on Advances in neural information processing systems, Menlo Park, CA, pp. 72–79 (1997)

    Google Scholar 

  10. Lee, S.C., Heinbuch, D.V.: Training a Neural-Network Based Intrusion Detector to Recognize Novel Attacks. Information Assurance and Security, 40–46 (2000)

    Google Scholar 

  11. Rhodes, B., Mahaffey, J., Cannady, J.: Multiple Self-Organizing Maps for Intrusion Detection. In: Proc. of the 2000 National Information Systems Security Conference, Baltimore (2000)

    Google Scholar 

  12. Girardin, L., Brodbeck, D.: A Visual Approach for Monitoring Logs. In: Proc. of the 12th System Administration Conference (LISA 1998), Boston, MA, December 1998, pp. 299–308 (1998)

    Google Scholar 

  13. Cannady, J.: Artificial Neural Networks for Misuse Detection. In: Proc. of the 1998 National Information Systems Security Conference (NISSC 1998), Arlington, VA, October 1998, pp. 443–456 (1998)

    Google Scholar 

  14. Han, J., Kamber, M.: Data Mining: concepts and techniques. Morgan Kaufmann, San Francisco (2000)

    Google Scholar 

  15. Sabhnani, M.R., Serpen, G.: Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context. In: Proc. of International Conference on Machine Learning: Models, Technologies and Applications, Las Vegas, pp. 209–215 (2003)

    Google Scholar 

  16. Gusella, R.: A Measurement Study of Diskless Workstation Traffic on an Ethernet. IEEE Transactions on Communications (September 1990)

    Google Scholar 

  17. Werbos, P.: Backpropagation through time, what it does and how do it. Proc. of the IEEE 78(10), 1550–1560 (1990)

    Article  Google Scholar 

  18. Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection: using neural networks and support vector machines. In: Proc. of the 2002 International Joint Conference on Neural Networks (IJCNN 2002), pp. 770–789 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Cluster and Grid Computing Lab, Huazhong University of Science and Technology, Wuhan, 430074, China

    En Cheng, Hai Jin, Zongfen Han & Jianhua Sun

Authors
  1. En Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hai Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zongfen Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jianhua Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. National Laboratory for Parallel and Distributed Processing, NUDT, 410073, Changsha, Hunan, China

    Xicheng Lu

  2. Department of Radiology, State University of New York at Stony Brook, L-4, 120 Health Sciences Center, 11793-8460, Stony Brook, New York,  

    Wei Zhao

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cheng, E., Jin, H., Han, Z., Sun, J. (2005). Network-Based Anomaly Detection Using an Elman Network. In: Lu, X., Zhao, W. (eds) Networking and Mobile Computing. ICCNMC 2005. Lecture Notes in Computer Science, vol 3619. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11534310_51

Download citation

  • DOI: https://doi.org/10.1007/11534310_51

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-28102-3

  • Online ISBN: 978-3-540-31868-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation