I. J.

Computer Network and Information Security, 2019, 4, 19-25

Published Online April 2019 in MECS (http://www.mecs-press.org/)
DOI: 10.5815/ijcnis.2019.04.03

A Feed-Forward and Pattern Recognition ANN

Model for Network Intrusion Detection
Ahmed Iqbal, Shabib Aftab
Department of Computer Science, Virtual University of Pakistan
E-mail: ahmedeqbal@gmail.com, shabib.aftab@gmail.com

Received: 10 February 2019; Accepted: 24 February 2019; Published: 08 April 2019

Abstract—Network security is an essential element in the administrator that there is a suspected possible intrusion.
day-to-day IT operations of nearly every organization in Therefore, we can say that IDSs are proactive systems
business. Securing a computer network means rather than a reactive system [2]. There are two different
considering the threats and vulnerabilities and arrange the types of intrusion detection mechanism: 1) host-based, 2)
countermeasures. Network security threats are increasing network based. Each kind has different methods to defend
rapidly and making wireless network and internet and secure the network data, and each of them has its
services unreliable and insecure. Intrusion Detection own pros and cons [3]. The host-based intrusion detection
System plays a protective role in shielding a network system examines the internal data of the computer
from potential intrusions. In this research paper, Feed network, while network-based instruction detection
Forward Neural Network and Pattern Recognition Neural system examines data transmission between different
Network are designed and tested for the detection of computer networks [4]. Majority of researchers have
various attacks by using modified KDD Cup99 dataset. In recommended the use of KDD Cup99 dataset to predict
our proposed models, Bayesian Regularization and network attacks. Most of the proposed methods failed to
Scaled Conjugate Gradient, training functions are used to ensure high performance in detection rate. Some
train the Artificial Neural Networks. Various researchers have used all 41 available features of this
performance measures such as Accuracy, MCC, R- dataset for detection which could lead to misclassification
squared, MSE, DR, FAR and AROC are used to evaluate and also require much time to build the model [5]. On the
the performance of proposed Neural Network Models. other hand some of the researchers have selected the
The results have shown that both the models have optimum subsets of features using feature selection
outperformed each other in different performance techniques to improve the performance. This paper
measures on different attack detections. compares Pattern Recognition and Feed-Forward Neural
network on intrusion detection and explores that which
Index Terms—Intrusion detection, Security, Anomaly model delivers excellent results in term of Accuracy,
detection, Intrusion Detection System, NSL-KDD, Neural MCC, R-squared, MSE, DR, FAR and AROC. The
Networks. remaining paper is organized as follows: Section II
presents the related work. Section III and IV presents the
used KDD dataset and share some details of different
I. INTRODUCTION intrusion attacks respectively. Section V presents
Artificial Neural Network model. Section VI discusses
In computer networks, an intrusion means to steal, alter, various performance measures, used to evaluate the
destroy or gain access to or make unauthorized use of a proposed model. The experimental results are presented
network system [1]. With the phenomenal growth of in section VII. Conclusion is described in section VIII.
internet technology, network security has become a
critical part of information security. Information Security
is the basic concern of computing because many types of
II. RELATED WORKS
attacks are increasing day by day. Therefore, it is
essential for network administrators to detect these kinds Many researchers have been working on classification
of attacks before they can occur. Many techniques and models using machine learning techniques in many areas
frameworks have been proposed for network instruction such as sentiment classification [6,7,8,9,10,11] Rainfall
detection by providing high-speed intrusion detection predication [12,13] and Network instruction detection
mechanism. An Intrusion Detection System (IDS) is a [14,15,16,17,18,19,20,21]. Some of the studies which
mechanism to detect and prevent intrusive activities. It is have contributed in intrusion detection systems are
considered a significant part in any information system discussed here. In [14] a mutual info-based algorithm is
which defends the network from any kind of potential proposed and analytically chosen as the best feature for
intrusions. Usually the IDS do no not practically perform the classifications. The proposed algorithm can also parse
any action against attackers to prevent the attack; its main a linear and nonlinear dependent data features. The result
feature is to send an alert request to the network shows that the algorithm shares few other important

Copyright © 2019 MECS I.J. Computer Network and Information Security, 2019, 4, 19-25
20 A Feed-Forward and Pattern Recognition ANN Model for Network Intrusion Detection

features for LSSVM-IDS to get better accuracy results We have selected the normal dataset (without feature
and low computation cost as compared to previous selection) and merged training and test data into one
methods. Researchers in [15] reviewed different single file for each attack type. The merged datasets used
vulnerabilities in cloud computing systems and presented in this research is available at [41]. This dataset was also
a collective instruction detection system to improve the pre-processed by using feature-coding. Furthermore,
privacy and security of the big data. Researchers in [16] categorical feature encoding was used to change the
presented a T-IDS, built on a novel randomized data categories to numeric values, and nominal field will then
portioned learning approach; it consists of a compact be represented in numerical categories instead of text.
network feature selection technique, feature sets, and Nominal file represents certain classes, e.g., TCP, ICMP,
multiple randomized meta-learning techniques. This UDP or hostnames, etc. After the feature-coding process,
presented approach has successfully gained 99 percent data features are displayed in the table.
accuracy and 21 second training time on botnet dataset.
In [17], the research objective is to decrease the duration Table 1. KDD Dataset Description
of active-time of the instruction detection system without
Name of the
adjusting their effectiveness. For validation, they files
Features Description
proposed a model to reflect the interaction between
intrusion detection systems as a multiplayer cooperative
game where few players are practically conflicting, and KDD_DDoS.csv
some have feasible cooperative goals. [18] proposed a
framework comprising of access control detection,
protocol whitelisting, and multi-parameter-based KDD_Probe.csv
detection. The SCADA-specific instruction detection
system is applied, and results are validated by permanent
and realistic cyber-physical test-bed and data from real
500kV smart substation. Researchers in [19] proposed an KDD_R2L.csv
approach on how traffic can be distributed to multiple
IDS in order to improve prediction the of network
KDD_U2R.csv
intrusions as well as to balance the load. The clustering-
based approach is presented, which distribute flows
reported by the routing information and flow data rate. The training and test dataset both consist of 41 features
Many experiments show that the presented scheme labeled as normal traffic or specific attack types. The
quickly detects attacks and deliver a better balance of labels or classes of KDD data are further divided into two
traffic loads. In [20], researchers presented an IDS categories which represent attack or no attack accordingly.
Internet of Things approach by using a suppressed fuzzy
clustering-based algorithm and PCA scheme. The results
show that as compared to past methods, this method IV. TYPES OF INTRUSIONS
generates better results. Researchers in [21] presented The KDD Cup 1999 modified dataset contains the
Spark-Chi-SVM scheme for the intrusion detection. The following four attack classes (Table. 1):
Researchers has adopted ChiSqSelector for the feature
selection and developed an IDS technique by applying A). Denial-of-service Attack
SVM based classifier on Apache Spark Big Data platform. It was 1999 when a new kind of attack was discovered
The result shows that Spark-Chi-SVM approach delivers which is later known as Distributed Denial-of-service
better performance and decrease training time for the Big attack [24]. A substantial amount of commerce,
data. Researchers in [22] proposed a new hybrid model educational and even government websites suffered from
that can be used to estimate the intrusion scope threshold this attack. DDoS attacker attempts to flood the network
degree based on the network transaction data’s optimal and prevents the network traffic. Sometimes, the attacker
features that were made available for training According tries to disrupt a particular individual from accessing a
to results the presented technique showed 99.81% and required service. Hackers mostly attack by using DDoS
98.56% results for the binary class and multi-class for anything ranging from pranks to revenge against some
datasets respectively. corporations to express their anger or political activism
[25].
III. KDD CUP 1999 DATA B). Probe Attack
The KDD dataset is shared by MIT Lincoln Lab, and is Probing is another type of attack in which hackers
widely used by many researchers during the past few mostly scan targeted network computers to trace out
years [23]. The experimental dataset used in our research potential vulnerabilities and weaknesses that may later be
work is a modified version of the KDD CUP99 data [40]. useful to exploit in the hope of attacking or
We have used four datasets (one for each attack type). compromising the entire system. Generally, Probing
Two types of datasets for each attack are available (1: attacks are used in machine learning or data mining, e.g.,
with feature selection and 2: without feature selection). portsweep, mscan, saint, and nmap [26].

Copyright © 2019 MECS I.J. Computer Network and Information Security, 2019, 4, 19-25
 A Feed-Forward and Pattern Recognition ANN Model for Network Intrusion Detection 21

network should contain vectors of all zero values except

C). Remote to Local Attack
for one in element i, where i is the actual class they are
In Remote to local attacks, the attacker tries to get access representing.
on the computers without having any account Remote to
C). Back Propagation Algorithm
local intrusions are considered one of the most difficult
attacks to detect in the network because they involve Back Propagation Algorithm is one of the highly
network level and host level features. So, diverse adopted learning methods for Artificial Neural Network.
knowledge and technique are required to detect R2L Back Propagation refers to the broad family of Neural
attacks in the network [27]. Networks, where the architecture consists of multiple
interconnected sets of layers. Back Propagation is
D). User to Root Attack
supervised learning algorithm for training an ANN that
The User to Root attack mostly requires semantic attempts to reduce the errors gradually [32]. For
information that is critical to capture at early stages. performance comparison, mostly MSE and Cross-
Mostly, these types of attacks targeted the content-based Entropy measured are used. The two frequently adopted
applications. In U2R attacks, the attacker begins with learning functions of the Backpropagation algorithm are
access privilege of normal user and later become a super discussed below.
user or administrator to exploit the vulnerability of the
network system [28].

V. ARTIFICIAL NEURAL NETWORK MODEL

The Artificial Neural Network is an interconnected set
of units or neurons that use computational model for
information-processing. A simple Neural Network
contains three-layers; the first layer is known as an input
layer of neurons, followed by the middle layer, and
finally with outputs from the final layer of neurons.
Artificial Neural Network can learn rapidly from
experiences as well as from complex nonlinear problems
[29]. Recently, many artificial network models have been
reported as an effective way to detect intrusion in
computer networks. In this research paper, we have
proposed Feed-forward and Pattern recognition Neural
network models for intrusion detection in the computer
network.
A). Feed-Forward Network
The Feed-Forward network consists of multi-layered
neurons. The first layer of neural network consists of
neurons, having extremely applied input signals. Other
layers receive their inputs only from their previous layer
of network along with one bias signal source. Feed-
Forward Network can be used in various problems, such
as ECG abnormality detection, speech recognition, Fig.1. Proposed Model for Network Intrusion Detection
sentiment classification, balancing task, sensor signal
processing, plant control etc. However, feed forward
tasks are further divided into two classes: function a) Bayesian Regularization
approximation and pattern classification. In this research, In this research, a Feed-Forward Neural Network is
we will primarily concentrate on pattern classification trained by using Bayesian Regularization function. BR
[30]. algorithm works similarly to Levenberg Marquardt
B). Pattern Recognition optimization in a sense that it minimizes squared errors
and weights and finds out the optimal combination so that
Pattern recognition is considered as one of the hot Neural Network can outperform [33]. In most of the
research areas in machine learning domain. Mostly, problems, Bayesian Regularization training function
Pattern Recognition Neural Networks are used for gives more accurate results when compared to other
handwritten character recognition and image training algorithms.
classification. The Pattern recognition neural networks
are similar to feedforward ANN that can be train to b) Scaled Conjugate Gradient
classify inputs data according to their target labels [31]. In our proposed model, Pattern Recognition Neural
In Matlab, The target data for these types of neural Network is trained by Scaled Conjugate Gradient training

Copyright © 2019 MECS I.J. Computer Network and Information Security, 2019, 4, 19-25
22 A Feed-Forward and Pattern Recognition ANN Model for Network Intrusion Detection

function. Scaled Conjugate Gradient training algorithm is In the confusion matrix, Accuracy is the measurement
using step size scaling mechanism; this technique reduces rate of correct classifications. Accuracy is calculated by
time consumption and line search per learning iteration. taking the ratio of correct prediction to total number of
Most researchers agree that the Conjugate Gradient predictions. Accuracy can be expressed as:
Method is a well-suited training function to deal with
large scale problems in an efficient way [34]. TP  TN
Accuracy  (5)
TP  TN  FP  FN
VI. PERFORMANCE METRICS
This research used many accuracy measures to VII. RESULTS & DISCUSSION
evaluate the performance of the used ANN models which
The purpose of this research is to analyze the
are discussed as follows.
2
performance of Feed Forward Artificial Neural Network
R-squared ( R ) is known as the coefficient of FFANN and Pattern Recognition Artificial Neural
determination. It is a statistical measure to overview that Network (PRANN) on the detection of various network
how close enough the data is to be fitted within the attacks. All experiments are conducted in MATLAB
regression line. The R-squared value of the test data is 2018. In Feed-forward and Pattern Recognition neural
measured to determine how much the used technique fits network, 10 neurons were used with a single hidden layer.
the data. R-squared > 0.9 is treated as good fit [35]. The input layer of the Artificial Network has a total
Mean Squared Error (MSE) is the average of squared number of neurons equal to a total number of features or
error that is used as loss function for least squares attributes in a given dataset. In the final output layer of
regressions. MSE is the sum of the squared difference the ANN, two neurons are used which belong to the class
among predicated and actual targets, divided by the as attack or no attack modules accordingly. The Feed-
number of data points [36]. Forward Neural Network is trained by using Bayesian
Regularization training function, and Pattern Recognition

MSE 
 (t i o i )2
(1)
Neural Network is trained by Scaled Conjugate Gradient
training function. The dataset is divided into three
n
different parts: 70% of training data, 15% of validation
data, and 15% of test dataset. The experiential results of
The Area Under Curve (AUC) is mostly measured to
proposed approaches are presented in Table 2 in terms of
compare different ROC curves. The high value of AUC
Accuracy, MCC, R-squared, and MSE for U2R attacks.
indicates that the classifier is producing more accurate
predictions. AUC provides an aggregate measure of Table 2. Results for Root Attack (U2R)
performance across all possible classification thresholds.
AROC is the area under ROC curve. It is a single number Model Accuracy MCC R-squared MSE
summary of the performance [37]. FFANN 99.8356 0.9967 0.9902 0.0050
Detection Rate (DR) indicates the ratio among total
PRANN 99.6712 0.9934 0.9941 0.0029
number of intrusions detected by the system (True
Positive) to a total number of intrusions present in the
dataset [38]. The highest Accuracy and MCC are obtained by
FFANN Model. However, PRANN outperformed in
TP terms of R-squared and MSE.
DR  (2)
TP  FN Table 3. Results for Denial of Service Attack (DoS)

False Alarm Rate (FAR) is the measurement of Model Accuracy MCC R-squared MSE
performance which indicates the rate of samples FFANN 99.7429 0.9949 0.9927 0.0036
misclassified and a total number of typical association PRANN 98.7952 0.9759 0.9807 0.0096
show in the dataset.
Table 3 shows the results obtained from both the
FP
FAR  (3) models (FFANN, PRANN) regarding the detection of
TN  FP Denial of Service Attack (DoS). FFANN outperformed in
all measured (Accuracy, MCC, R-squared, and MSE).
Mathew’s Correlation Coefficient (MCC) is also
considered as one of the widely used performance Table 4. Results for Probing Attack
measure metric. It is defined as the ratio between the
Model Accuracy MCC R-squared MSE
observed and predicted binary classifications [39].
FFANN 98.8345 0.9767 0.9790 0.0104
TN  TP  FN  FP
MCC  (4) PRANN 98.9232 0.9785 0.9826 0.0086
( FP  TP)( FN  TP)(TN  FP)(TN  FN )

Copyright © 2019 MECS I.J. Computer Network and Information Security, 2019, 4, 19-25
 A Feed-Forward and Pattern Recognition ANN Model for Network Intrusion Detection 23

Table 4 shows the results obtained from both models PRANN is 0.9999 for U2R and lowest score is 0.9953 for
(FFANN, PRANN) and reflects that PRANN performed R2L. By using FFANN model, highest AROC sore
better in all measures. 0.9998 is recorded for DoS and lowest score 0.9977 is
recorded for R2L.
Table 5. Results for Remote to Local Attack (R2L)

Model Accuracy MCC R-squared MSE

FFANN 98.0742 0.9615 0.9673 0.0161

PRANN 96.6225 0.9325 0.9474 0.0256

Table 5 shows the results obtained from both models

and shows that the highest Accuracy, MCC, R-squared,
and MSE is obtained by FFANN Model.
A). DR Comparison Results
Fig 2 shows the DR measures of classifiers used in this
research. With FFANN, we got highest with 0.9987 score Fig.4. Comparison of the AROC
for U2R and lowest with 0.9777 for R2L. However, in the
PRANN model, highest DR is recorded with score 0.9960
for U2R and lowest 0.9668 for R2L.
VIII. CONCLUSION
Network security is a wide term to define. In its
broader sense, we can say that it means to protect the
confidential information or data which is stored on the
network. Many organizations want to detect the intrusion
in the network before they can be under attacked or to
experience the loss of confidential data. To help in this
case, various intrusion detection systems have been
proposed and developed along with a large number of
published literatures. This research paper proposes Feed-
Forward and Pattern Recognition Neural Network models
with Bayesian Regularization and Scaled Conjugate
Fig.2. Comparison of the DR Results Gradient training functions to detect intrusion in the
network. Both networks out performed each other in
different performance measures on different intrusion
B). FAR Comparison Results attacks. This research can be used as a baseline for further
Fig 3 shows the FAR measures of each classifier used comparisons as well as for future innovations for
in this research. PRANN reflected the highest score with performance improvements. Both the used networks
0.0356 for R2L and the lowest with 0.0033 for U2R. In should be further tuned and used for more diverse
the FFANN model, highest FAR is recorded with 0.0197 intrusion datasets.
score for R2L and lowest with 0.0018 score for U2R.
REFERENCES
[1] R. Tewatia, A. Mishra, “Introduction to Intrusion
Detection System: Review,” Int. J. Sci. Technol. Res., vol.
4, no. 05, MAY 2015.
[2] S. Mukkamala, G. Janoski, A. Sung, “Intrusion Detection:
Support Vector Machines and Neural Networks,” IEEE
Xplore, 2002.
[3] R. Beghdad, “Efficient deterministic method for detecting
new U2R attacks,” Comput. Commun., vol. 32, no. 6, pp.
1104–1110, 2009.
[4] M. Sazzadul Hoque, “An Implementation of Intrusion
Detection System Using Genetic Algorithm,” Int. J. Netw.
Secur. Its Appl., vol. 4, no. 2, pp. 109–120, 2012.
[5] J. McHugh, “Testing Intrusion detection systems: a
Fig.3. Comparison of the FAR Results
critique of the 1998 and 1999 DARPA intrusion detection
system evaluations as performed by Lincoln Laboratory,”
C). AROC Comparison Results ACM Trans. Inf. Syst. Secur., vol. 3, no. 4, pp. 262–294,
2000.
Fig 4 shows the areas under ROC curves of both the [6] M. Ahmad, S. Aftab, and I. Ali, “Sentiment Analysis of
classifiers used in this research. The highest score with Tweets using SVM,” Int. J. Comput. Appl., vol. 177, no. 5,

Copyright © 2019 MECS I.J. Computer Network and Information Security, 2019, 4, 19-25
24 A Feed-Forward and Pattern Recognition ANN Model for Network Intrusion Detection

pp. 25–29, 2017. 13, no. 12, 2017.

[7] M. Ahmad, S. Aftab, I. Ali, and N. Hameed, “Hybrid [25] M. S. Galina Mikhaylova, “The ‘Anonymous’ Movement:
Tools and Techniques for Sentiment Analysis: A Hacktivism as an Emerging Form of Political
Review,” Int. J. Multidiscip. Sci. Eng., vol. 8, no. 3, 2017 Participation,” Graduate Council of Texas State
[8] M. Ahmad and S. Aftab, “Analyzing the Performance of University, 2014.
SVM for Polarity Detection with Different Datasets,” Int. [26] S. Paliwal and R. Gupta, “Denial-of-Service, Probing &
J. Mod. Educ. Comput. Sci., vol. 9, no. 10, pp. 29–36, Remote to User (R2L) Attack Detection using Genetic
2017. Algorithm,” Int. J. Comput. Appl., vol. 60, no. 19, pp.
[9] M. Ahmad, S. Aftab, M. Salman, N. Hameed, I. Ali, and 975–8887, 2012.
Z. Nawaz, “SVM Optimization for Sentiment Analysis,” [27] M. Sabhnani and G. Serpen, “KDD feature set complaint
Int. J. Adv. Comput. Sci. Appl., vol. 9, no. 4, 2018. heuristic rules for R2L attack detection,” Proc. Int. Conf.
[10] M. Ahmad, S. Aftab, and S. S. Muhammad, “Machine Secur. Manag., vol. 1, pp. 310–316, 2003.
Learning Techniques for Sentiment Analysis: A Review,” [28] F. Mozneb and A. Farzan, “The Use of Intelligent
Int. J. Multidiscip. Sci. Eng., vol. 8, no. 3, p. 27, 2017. Algorithms to Detect Attacks In,” vol. 3, no. 9, pp. 579–
[11] M. Ahmad, S. Aftab, M. Salman, and N. Hameed, 584, 2014.
“Sentiment Analysis using SVM: A Systematic Literature [29] V. Sze, Y. Chen, T. Yang, and J. Emer, “Efficient
Review,” Int. J. Adv. Comput. Sci. Appl., vol. 9, no. 2, processing of deep neural networks: A tutorial and
2018. survey”, Mar. 2017.
[12] S. Aftab, M. Ahmad, N. Hameed, M. Salman, I. Ali, and [30] O. I. Abiodun, A. Jantan, A. E. Omolara, K. V. Dada, N.
Z. Nawaz, “Rainfall Prediction in Lahore City using Data A. E. Mohamed, and H. Arshad, “State-of-the-art in
Mining Techniques,” Int. J. Adv. Comput. Sci. Appl., vol. artificial neural network applications: A survey,” Heliyon,
9, no. 4, 2018. vol. 4, no. 11. Elsevier Ltd, p. e00938, 2018.
[13] S. Aftab, M. Ahmad, N. Hameed, M. Salman, I. Ali, and [31] M. S. Piotr Gaj, Andrzej Kwiecień, Computer Networks:
Z. Nawaz, “Rainfall Prediction using Data Mining 24th International Conference, CN 2017, Lądek Zdrój,
Techniques: A Systematic Literature Review,” Int. J. Adv. Poland, June 20–23, 2017, Proceedings. Springer, 2017.
Comput. Sci. Appl., vol. 9, no. 5, 2018. [32] A.K. Jain, J. Mao, and K.M. Mohiuddin, ªArtificial Neural
[14] M. A. Ambusaidi, X. He, P. Nanda, and Z. Tan, “Building Networks: A Tutorial, Computer, pp. 31-44, Mar. 1996.
an intrusion detection system using a filter-based feature [33] K. Gopalakrishnan, “Effect of training algorithms on
selection algorithm,” IEEE Trans. Comput., vol. 65, no. neural networks aided pavement diagnosis,” Int. J. Eng.
10, pp. 2986–2998, 2016. Sci. …, vol. 2, no. 2, pp. 83–92, 2010.
[15] Z. Tan et al., “Enhancing big data security with [34] M. Fodslette Møller, “A scaled conjugate gradient
collaborative intrusion detection,” IEEE Cloud Comput., algorithm for fast supervised learning,” Neural Networks,
vol. 1, no. 3, pp. 27–33, 2014. vol. 6, pp. 525–533, 1993.
[16] O. Y. Al-Jarrah, O. Alhussein, P. D. Yoo, S. Muhaidat, K. [35] J. Bourquin, H. Schmidli, P. Van Hoogevest, and H.
Taha, and K. Kim, “Data Randomization and Cluster- Leuenberger, “Comparison of artificial neural networks
Based Partitioning for Botnet Intrusion Detection,” IEEE (ANN) with classical modelling techniques using different
Trans. Cybern., vol. 46, no. 8, pp. 1796–1806, 2016. experimental designs and data from a galenical study on a
[17] N. Marchang, R. Datta, and S. K. Das, “A novel approach solid dosage form,” Eur. J. Pharm. Sci., vol. 6, no. 4, pp.
for efficient usage of intrusion detection system in mobile 287–300, 1998.
Ad Hoc networks,” IEEE Trans. Veh. Technol., vol. 66, [36] K. Das, J. Jiang, and J. N. K. Rao, “Mean squared error of
no. 2, pp. 1684–1695, 2017. empirical predictor,” Ann. Stat., vol. 32, no. 2, pp. 818–
[18] Y. Yang, H. Q. Xu, L. Gao, Y. B. Yuan, K. McLaughlin, 840, 2004.
and S. Sezer, “Multidimensional Intrusion Detection [37] T. Fawcett, “An introduction to ROC analysis,” Pattern
System for IEC 61850-Based SCADA Networks,” IEEE Recognit. Lett., vol. 27, no. 8, pp. 861–874, 2006.
Trans. Power Deliv., vol. 32, no. 2, pp. 1068–1078, 2017. [38] M. A. Jabbar, R. Aluvalu, and S. S. Reddy, “RFAODE: A
[19] T. Ha, S. Yoon, A. C. Risdianto, J. W. Kim, and H. Lim, Novel Ensemble Intrusion Detection System,” Procedia
“Suspicious flow forwarding for multiple intrusion Comput. Sci., vol. 115, pp. 226–234, 2017.
detection systems on software-defined networks,” IEEE [39] S. Boughorbel, F. Jarray, and M. El-Anbari, “Optimal
Netw., vol. 30, no. 6, pp. 22–27, 2016. classifier for imbalanced data using Matthews Correlation
[20] X. Z. and X. W. Liqun Liu, Bing Xu2*, “An intrusion Coefficient metric,” PLoS One, vol. 12, no. 6, pp. 1–17,
detection method for internet of things based on 2017.
suppressed fuzzy clustering,” J. Wirel. Commun. Netw., [40] “NSLKDD-Dataset.” [Online]. Available:
2018. https://github.com/InitRoot/NSLKDD-Dataset. [Accessed:
[21] S. M. Othman, F. M. Ba-Alwi, N. T. Alsohybe, and A. Y. 02-April-2019].
Al-Hashida, “Intrusion detection model using machine [41] “Modified NSLKDD-Dataset.” [Online]. Available:
learning algorithm on Big Data environment,” J. Big Data, https://github.com/ahmedeqbal/Modified-NSL-KDD-
vol. 5, no. 1, 2018. Dataset-1. [Accessed: 02-Apr-2019].
[22] S. Aljawarneh, M. Aldwairi, and M. B. Yassein,
“Anomaly-based intrusion detection system through
feature selection analysis and building hybrid efficient
model,” J. Comput. Sci., vol. 25, pp. 152–160, 2018. Authors’ Profiles
[23] “KDD Cup 1999 Data.” [Online]. Available:
http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Ahmed Iqbal is a student of MS Computer
[Accessed: 19-Jan-2019]. Science with the specialization of Software
[24] T. Mahjabin, Y. Xiao, G. Sun, and W. Jiang, “A survey of engineering in Virtual University of Pakistan.
distributed denial-of-service attack, prevention, and He received the degree, Master of Information
mitigation techniques,” Int. J. Distrib. Sens. Networks, vol. Technology (MIT) from Virtual University of

Copyright © 2019 MECS I.J. Computer Network and Information Security, 2019, 4, 19-25
 A Feed-Forward and Pattern Recognition ANN Model for Network Intrusion Detection 25

Pakistan in 2016. His research interest includes Software

Engineering and Data Mining.

Shabib Aftab received MS Degree in

Computer Sciences from COMSATS Institute
of Information Technology Lahore, Pakistan.
He is serving as Lecturer Computer Sciences at
Virtual University of Pakistan. His research
areas include Data Mining and Software
Process Improvement.

How to cite this paper: Ahmed Iqbal, Shabib Aftab,"A Feed-Forward and Pattern Recognition ANN Model for
Network Intrusion Detection", International Journal of Computer Network and Information Security(IJCNIS), Vol.11,
No.4, pp.19-25, 2019.DOI: 10.5815/ijcnis.2019.04.03

Copyright © 2019 MECS I.J. Computer Network and Information Security, 2019, 4, 19-25