An Online Anomaly-Detection Neural Networks-based Clustering for Adaptive Intrusion Detection Systems

Abstract

In the evolving nature of today’s world of network security, threats have become more and more sophisticated. Although different security solutions such as firewalls and antivirus software have been deployed to protect systems, external attackers are still capable of intruding into computer networks. This is where intrusion detection systems come into play as an additional security layer.

Despite the large volume of research conducted in the field of intrusion detection, finding a perfect solution of intrusion detection systems for critical applications is still a major challenge. This is mainly due to the continuous emergence of security threats which can bypass the outdated intrusion detection systems.

The main objective of this thesis is to propose an adaptive design of intrusion detection systems which offers the capability of detecting known and novel attacks and being updated according to new trends of data patterns provided by security experts in a cost-effective manner. The proposed intrusion detection system uses an anomaly-based technique and is constructed on the basis of Extreme Learning Machine method which is a variant of neural networks. In this work, two novel approaches are also proposed to enhance the speed of partial updates for the learning model according to new information fed into the system. The performance of the proposed intrusion detection system is evaluated as a network-based solution using NSL-KDD data set. The evaluation results indicate that the system provides an average detection rate of 81 % while having a false positive rate of 3 % in detecting known and novel attacks. In addition, the obtained results show that the system is capable of adapting to the new input information and data injected into the system by a human security expert.