Call for Paper - January 2015 Edition
IJCA solicits original research papers for the January 2015 Edition. Last date of manuscript submission is December 20, 2014. Read More

A Review of Anomaly based Intrusion Detection Systems

Print
PDF
International Journal of Computer Applications
© 2011 by IJCA Journal
Number 7 - Article 5
Year of Publication: 2011
Authors:
V. Jyothsna
V. V. Rama Prasad
10.5120/3399-4730

V Jyothsna and Rama V V Prasad. Article: A Review of Anomaly based Intrusion Detection Systems. International Journal of Computer Applications 28(7):26-35, August 2011. Full text available. BibTeX

@article{key:article,
	author = {V. Jyothsna and V. V. Rama Prasad},
	title = {Article: A Review of Anomaly based Intrusion Detection Systems},
	journal = {International Journal of Computer Applications},
	year = {2011},
	volume = {28},
	number = {7},
	pages = {26-35},
	month = {August},
	note = {Full text available}
}

Abstract

With the advent of anomaly-based intrusion detection systems, many approaches and techniques have been developed to track novel attacks on the systems. High detection rate of 98% at a low alarm rate of 1% can be achieved by using these techniques. Though anomaly-based approaches are efficient, signature-based detection is preferred for mainstream implementation of intrusion detection systems. As a variety of anomaly detection techniques were suggested, it is difficult to compare the strengths, weaknesses of these methods. The reason why industries don’t favor the anomaly-based intrusion detection methods can be well understood by validating the efficiencies of the all the methods. To investigate this issue, the current state of the experiment practice in the field of anomaly-based intrusion detection is reviewed and survey recent studies in this. This paper contains summarization study and identification of the drawbacks of formerly surveyed works.

Reference

  • M. Bahrololum and M. Khaleghi, “Anomaly Intrusion Detection System Using Hierarchical Gaussian Mixture Model” IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.8, August 2008
  • Jiankun Hu and Xinghuo Yu, “A Simple and Efficient Hidden Markov Model Scheme for Host-Based Anomaly Intrusion Detection” IEEE Network Journal, Volume 23 Issue 1, January/February 2009
  • R. Nakkeeran, T. Aruldoss Albert and R.Ezumalai, “Agent Based Efficient Anomaly Intrusion Detection System in Ad-hoc networks” IACSIT International Journal of Engineering and Technology Vol. 2, No.1, February, 2010
  • Jiong Zhang and Mohammad Zulkernine, “Anomaly Based Network Intrusion Detection with Unsupervised Outlier Detection” IEEE International Conference on Communications, 2006.
  • Ahmed Awad E. Ahmed, and Issa Traore, “Anomaly Intrusion Detection based on Biometrics”, IEEE Workshop on Information Assurance 2005
  • Vijay Bhuse, Ajay Gupta, “Anomaly Intrusion Detection in Wireless Sensor Networks” ACM Journal of High Speed Networks, 2006
  • Hossein M. Shirazi,”Anomaly Intrusion Detection System Using Information Theory, K-NN and KMC Algorithms”, Australian Journal of Basic and Applied Sciences, 3(3): 2581-2597, 2009
  • Dayu Yang, Alexander Usynin, and J. Wesley Hines, “Anomaly-Based Intrusion Detection for SCADA Systems” IAEA Technical Meeting on Cyber Security of NPP I&C and Information systems, Idaho Fall, ID, Oct. 2006
  • M.Thangavel, Dr. P.Thangaraj and K.Saravanan, “Defend against Anomaly Intrusion Detection using SWT Mechanism” IACSIT, 2010
  • Miao Wang, Cheng Zhang and Jingjing, “Native API Based Windows Anomaly Intrusion Detection Method Using SVM” IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, 2006
  • Manikopoulos.C and Papavassiliou.S, “Network Intrusion and Fault Detection: A Statistical Anomaly Approach” IEEE Communications, 2002. 12Jeyanthi Hall, Michel Barbeau, Evangelos Kranakis, “Using Mobility Profiles for Anomaly-based Intrusion Detection in Mobile Networks” IEEE Conference, 2005.
  • Hazem M. El-Bakry, Nikos MastorakisA, “Real-Time Intrusion Detection Algorithm for Network Security,WSEAS Transactions on communications, Issue 12, Volume 7, December 2008.
  • Debar.H, Dacier.M and Wespi.A, “A Revised Taxonomy of Intrusion-Detection Systems” Annales des Telecommunications 55(7–8) (2000) 361–378
  • Allen.J, Christie.A, Fithen.W, McHugh.J, Pickel.J, Stoner.E, “State of the practice of intrusion detection technologies” Technical Report CMU/SEI-99TR- 028, Carnegie-Mellon University - Software Engineering Institute (2000).
  • Roesch.M, “Snort - Lightweight Intrusion Detection for Networks” 13th USENIX Conference on System Administration, USENIX Association (1999) 229–238
  • Sourcefire: Snort Network Intrusion Detection System web site (1999) URL http://www.snort.org.
  • Wang. K and Stolfo.S.J, “Anomalous Payload-Based Network Intrusion Detection” 7th Symposium on Recent Advances in Intrusion Detection, Volume 3224 of LNCS., Springer-Verlag (2004) 203–222
  • Bolzoni.D, Zambon.E., Etalle.S, Hartel.P, “POSEIDON: a 2-tier Anomaly based Network Intrusion Detection System”IEEE International Workshop on Information Assurance, IEEE Computer Society Press (2006) 144–156.
  • B. Pfahringer, "Winning the KDD99 Classification Cup: Bagged Boosting," in SIGKDD Explorations, 2000.
  • I. Levin, "KDD-99 Classifier Learning Contest: LLSoft’s Results Overview" SIGKDD Explorations, 2000.
  • V. Miheev, Vopilov.A and Shabalin.I., "The MP13 Approach to the KDD’99 Classifier Learning Contest" SIGKDD Explorations, 2000.
  • Y. Freund, Schapire.R. , "Experiments with a new boosting algorithm" Thirteenth International Conference on Machine Learning, Italy, 1996.
  • Q. Yang, Li, F., "Support Vector Machine for Intrusion Detection Based on LSI Feature Selection," Intelligent Control and Automation, WCICA, 2006.
  • 25 J. C. Platt, "Sequential minimal optimization: A fast algorithm for training support vector machines" Advances in Kernel Method: Support Vector Learning, 1998.
  • F. E. Osuna, R., Girosi, F., "Improved training algorithm for support vector machines," IEEE NNSP’97, 1997.
  • Y. Yao, Wei, Y., Gao, F.X., Yu, G. , "Anomaly Intrusion Detection Approach Using Hybrid MLP/CNN Neural Network," Sixth International Conference on Intelligent Systems Design and Applications (ISDA'06) Washington, DC, USA 2006.
  • 28A. Zaknich, "Introduction to the modified probabilistic neural network for general signal processing applications" IEEE Transactions on Signal Processing, vol. 46, 1998.
  • D. F. Specht, "Probabilistic Neural Network," International Journal of Neural Networks, vol. 3, pp. 109-118, 1990
  • L. Khan, M. Awad, B. Thuraisingham, “A new intrusion detection system using support vector machines and hierarchical clustering,” The International Journal on Very Large Data Bases, vol. 15,Issue 4, October 2007
  • Min Yang, Da-peng Chen, Xiao-Song Zhang, “Anomaly Detection Based On Contiguous Expert Voting Algorithm” IEEE,2009
  • Vasilis A. Sotiris, Peter W. Tse, and Michael G. Pecht, “Anomaly Detection Through a Bayesian Support Vector Machine” IEEE Transactions on Reliability, June 2010.
  • Zhenghong Xiao, Chuling Liu, Chaotian Chen, “An Anomaly Detection Scheme Based on Machine Learning for WSN” IEEE International Conference on Information Science and Engineering,2009
  • Yunlu Gong; Mabu, S.; Ci Chen; Yifei Wang; Hirasawa, K, “Intrusion detection system combining misuse detection and anomaly detection using Genetic Network Programming” ICCAS-SICE, 2009
  • Li-li Liu and Yuan Liu, “ MQPSO Based on Wavelet Neural Network for Network Anomaly Detection” 5th International Conference on Wireless Communications, Networking and Mobile Computing, 2009.
  • Jian Xu Jing You Fengyu Liu, “A fuzzy rules based approach for performance anomaly detection” IEEE 2005.
  • D. Dasgupta, “Artificial Immune Systems and Their Applications” Springer, 1999
  • S. A. Hofmeyr, S. Forrest, “Architecture for an artificial immune system” IEEE Trans. on Evolutionary Computation, vol. 8, N4, 2000, pp. 443-473
  • Sokolov, A.M., Int. Res. & Training Center of Informational Technol. & Syst., Kiev, Ukraine, Proceedings of the International Joint Conference on Neural Networks, 2003
  • E. Hart, P. Ross, J. Nelson, “Producing robust schedules via an artificial immune system” IEEE International Conference on Evolutionary Computing, May 1998, pp. 464-469
  • D. Dasgupta, ”An artificial immune system as a multiagent decision support system” IEEE International Conference on Systems, Man and Cybernetics, Oct. 1998, pp. 3816-3820
  • A. Gardner, A. Krieger, G. Vachtsevanos, and B. Litt, “One-class novelty detection for seizure analysis from intracranial EEG,” J. Machine Learning Research (JMLR), vol. 7, pp. 1025–1044, Jun. 2006
  • D. Barbar´a, C. Domeniconi and J. Rogers, “Detecting outliers using transduction and statistical testing” ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD), Philadelphia, PA, Aug. 2003.
  • J. Ma and S. Perkins, “Online novelty detection on temporal sequences” ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD), Washington, DC, Aug. 2003.
  • A. Ihler, J. Hutchins, and P. Smyth, “Adaptive event detection with time-varying Poisson processes” ACM SIGKDD Int. Conf. on Knowledge Discovery and Data Mining (KDD), Philadelphia, PA, Aug. 2006.
  • A. Munoz and J. Moguerza, “Estimation of high-density regions using one-class neighbor machines” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 28, no. 3, pp. 476–480, Mar. 2006.
  • L. N. de Castro, F. J. Von Zuben, “Learning and Optimization Using the Clonal Selection Principle” IEEE Transactions on Evolutionary Computation, vol. 6, No3, June 2002, pp. 239-251
  • Jeyanthi Hall , Michel Barbeau , Evangelos Kranakis, “Anomaly-based intrusion detection using mobility profiles of public transportation users” IEEE Wireless and Mobile Computing, Networking and Communications 2005
  • Ramkumar Chinchani, Aarthie Muthukrishnan, Madhusudhanan Chandrasekaran and Shambhu Upadhyaya, “RACOON: Rapidly Generating User Command Data for Anomaly Detection from Customizable Templates” 20th Conference of IEEE Computer Society, 2004
  • Wei Wang; Xiaohong Guan; Xiangliang Zhang, “Profiling program and user behaviors for anomaly intrusion detection based on non-negative matrix factorization” 43rd IEEE Conference on Decision and Control, 2004. Issue Date: 14-17 Dec. 2004, On page(s): 99 - 104 Vol.1
  • Tich Phuoc Tran, Pohsiang Tsai, Tony Jan, “A Multi-expert Classification Framework with Transferable Voting for Intrusion Detection” Seventh International Conference on Machine Learning and Applications Publisher, IEEE Computer Society,2008.