DoS attacks intelligent detection using neural networks

Abstract

The potential damage to computer networks keeps increasing due to a growing reliance on the Internet and more extensive connectivity. Intrusion detection systems (IDSs) have become an essential component of computer security to detect attacks that occur despite the best preventative measures. A problem with current intrusion detection systems is that they have many false positive and false negative events. Most of the existing Intrusion detection systems implemented nowadays depend on rule-based expert systems where new attacks are not detectable. In this paper, a possible application of Neural Networks is presented as a component of an intrusion detection system. An intrusion detection system called Denial of Service Intelligent Detection (DoSID) is developed. The type of Neural Network used to implement DoSID is feed forward which uses the backpropagation learning algorithm. The data used in training and testing is the data collected by Lincoln Labs at MIT for an intrusion detection system evaluation sponsored by the U.S. Defense Advanced Research Projects Agency (DARPA). Special features of connection records have been identified to be used in DoS (Denial-of-Service) attacks. Several experiments have been conducted to test the ability of the neural network to distinguish known and unknown attacks from normal traffic. Results show that normal traffic and know attacks are discovered 91% and 100% respectively. Also it has been shown in the final experiment that the false negative of the system has been reduced considerably.