Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Intelligent Cyber Defense System Using Artificial Neural Network and Immune System Techniques

  • Conference paper
  • First Online:
Information and Communication Technologies in Education, Research, and Industrial Applications (ICTERI 2016)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 783))

Abstract

Over the past few decades, the application of Artificial Immune Systems (AIS) and Artificial Neural Networks (ANN) has been growing rapidly in different domains. We sincerely believe that integration of these both techniques can allow constructing the Intelligent Cyber Defense System. In this paper an original method for detecting the network attacks and malicious code is described. The method is based on main principles of AIS where immune detectors have an ANN’s structure. The main goal of proposed approach is to detect previously unknown (novel) cyber-attack (malicious code, intrusion detection, etc.). The proposed Intelligent Cyber Defense System can improve the reliability of intrusion detection in computer systems and, as a result, it may reduce financial losses of companies from cyber attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Center for Internet Security. http://cisecurity.org

  2. Cybercrime in the world. http://www.tadviser.ru/index.php (in Russian)

  3. Symantec it estimated the annual losses from cybercrime at $ 114 billion. http://www.companion.ua/articles/content?id=162264 (in Russian)

  4. Forbes experts have chosen the most high-profile cyber attacks recently. http://www.securitylab.ru/news/444700.php (in Russian)

  5. Unuchek, R., Garnaeva, M., Makrushin, D., Sinitsyn, F., Liskin, A.: IT threat evolution Q3 2016. Statistics. https://securelist.com/analysis/quarterly-malware-reports/76513/it-threat-evolution-q3-2016-statistics

  6. Worm.Win32.Stuxnet. https://threats.kaspersky.com/en/threat/Worm.Win32.Stuxnet

  7. Shiels, M.: Cyber-sabotage and espionage top 2011 security fears. http://www.bbc.co.uk/news/technology-12056594

  8. W32.Koobface. http://www.symantec.com/security_response/writeup.jsp?docid=2008-080315-0217-99

  9. IBM X-Force 2012: Trend and Risk Report. https://www.ibm.com/ibm/files/I218646H25649F77/Risk_Report.pdf

  10. Naraine, R.: Duqu FAQ. http://www.securelist.com/en/blog/208193178/Duqu_FAQ

  11. Kaspersky Security Bulletin. Malware Evolution 2011 (2011). http://securelist.com/analysis/kaspersky-security-bulletin/36494/kaspersky-security-bulletin-malware-evolution-2011/

  12. KDD Cup 1999 Data (1999). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  13. Tavallaee, M., Bagheri, E., Lu, W., et al.: A detailed analysis of the KDD CUP 99 data set. In: Proceedings of the IEEE Symposium on Computational Intelligence in Security and Defense Applications (CISDA 2009), pp. 1–8 (2009). doi:10.1109/CISDA.2009.5356528

  14. Lia, L.B., Chang, R.I., Kouh, J.S.: Detecting network intrusions using signal processing with query-based sampling filter. EURASIP J. Adv. Sig. Process., Article ID 735283, 1–8 (2009). Hindawi Publishing Corporation

    Google Scholar 

  15. Laheeb, M.I.: Anomaly network intrusion detection system based on distributed time-delay neural network. J. Eng. Sci. Technol. 5(4), 457–471 (2010)

    Google Scholar 

  16. Cannady, J.: Artificial neural networks for misuse detection. In: Proceedings of the 21st National Information Systems Security Conference, Arlington, VA, USA, 5–8 October 1998, pp. 368–381 (1998)

    Google Scholar 

  17. Chen, W.H., Hsu, S.H., Shen, H.P.: Application of SVM and ANN for intrusion detection. Comput. Oper. Res. 32(10), 2617–2634 (2005)

    Article  MATH  Google Scholar 

  18. Mukkamalaa, S., Sung, A.H., Abraham, A.: Intrusion detection using an ensemble of intelligent paradigms. J. Network Comput. Appl. 28(2), 167–182 (2005)

    Article  Google Scholar 

  19. Lorenzo-Fonseca, I., Maciá-Pérez, F., Mora-Gimeno, F.J., Lau-Fernández, R., Gil-Martínez-Abarca, J.A., Marcos-Jorquera, D.: Intrusion detection method using neural networks based on the reduction of characteristics. In: Cabestany, J., Sandoval, F., Prieto, A., Corchado, J.M. (eds.) IWANN 2009. LNCS, vol. 5517, pp. 1296–1303. Springer, Heidelberg (2009). doi:10.1007/978-3-642-02478-8_162

    Chapter  Google Scholar 

  20. Kang, B.-D., Lee, J.-W., Kim, J.-H., Kwon, O.-H., Seong, C.-Y., Park, S.-M., Kim, S.-K.: A mutated intrusion detection system using principal component analysis and time delay neural network. In: Wang, J., Yi, Z., Zurada, J.M., Lu, B.-L., Yin, H. (eds.) ISNN 2006. LNCS, vol. 3973, pp. 246–254. Springer, Heidelberg (2006). doi:10.1007/11760191_36

    Chapter  Google Scholar 

  21. Grediaga, Á., Ibarra, F., García, F., Ledesma, B., Brotóns, F.: Application of neural networks in network control and information security. In: Wang, J., Yi, Z., Zurada, J.M., Lu, B.-L., Yin, H. (eds.) ISNN 2006. LNCS, vol. 3973, pp. 208–213. Springer, Heidelberg (2006). doi:10.1007/11760191_31

    Chapter  Google Scholar 

  22. Zhang, C., Jiang, J., Kamel, M.: Comparison of BPL and RBF network in intrusion detection system. In: Wang, G., Liu, Q., Yao, Y., Skowron, A. (eds.) RSFDGrC 2003. LNCS, vol. 2639, pp. 466–470. Springer, Heidelberg (2003). doi:10.1007/3-540-39205-X_79

    Chapter  Google Scholar 

  23. Kohonen, T.: The self organizing map. Proc. Inst. Electr. E1ectronics Eng. 78, 1464–1480 (1990)

    Google Scholar 

  24. Cannady, J.: Applying CMAC-based online learning to intrusion detection. In: Proceedings of the International Joint Conference on Neural Networks, (IJCNN 2000), IEEE-INNS-ENNS, vol. 5, pp. 405–410 (2000)

    Google Scholar 

  25. Debar, H., Becker, M., Siboni, D.: A neural network component for an intrusion detection system. In: Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 240–250 (1992)

    Google Scholar 

  26. Cheng, E., Jin, H., Han, Z., Sun, J.: Network-based anomaly detection using an elman network. In: Lu, X., Zhao, W. (eds.) ICCNMC 2005. LNCS, vol. 3619, pp. 471–480. Springer, Heidelberg (2005). doi:10.1007/11534310_51

    Chapter  Google Scholar 

  27. Höglund, A.J., Hätönen, K., Sorvari, A.S.: A computer host-based user anomaly detection system using the self-organizing map. In: Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks (IJCNN 2000), vol. 5, pp. 411–416 (2000)

    Google Scholar 

  28. Ramadas, M., Ostermann, S., Tjaden, B.: Detecting anomalous network traffic with self-organizing maps. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 36–54. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45248-5_3

    Chapter  Google Scholar 

  29. Sarasamma, S.T., Zhu, Q.A., Huff, J.: Hierarchical Kohonen net for anomaly detection in network security. IEEE Trans. Syst. Man Cybern. Part B 35(2), 302–312 (2005)

    Article  Google Scholar 

  30. Jirapummin, C., Wattanapongsakorn, N., Kanthamanon, P.: Hybrid neural networks for intrusion detection system. In: Proceedings of the International Technical Conference on Circuits/Systems, Computers and Communications, Thailand, pp. 928–931 (2002)

    Google Scholar 

  31. Horeis, T.: Intrusion detection with neural networks – Combination of self-organizing maps and radial basis function networks for human expert integration, Technical report. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.106.191&rep=rep1&type=pdf

  32. Chimphlee, W., Abdullah, A.H., Sap, M.N.M.: Anomaly-based intrusion detection using fuzzy rough clustering. In: Proceedings of the International Conference in Hybrid Information Technology (ICHIT 2006), vol. 1, pp. 329–334 (2006)

    Google Scholar 

  33. Dickerson, J.E., Juslin, J., Koukousoula, J., Dickerson, J.A. Fuzzy intrusion detection. In: Proceedings of the 20th International Conference of the North American Fuzzy Information Society (NAFIPS 2001) and Joint the 9th IFSA World Congress, 3, Vancouver, Canada, vol. 3, pp. 1506–1510 (2001)

    Google Scholar 

  34. Forrest, S., Perelson, A., Allen, L., Cherukuri, R.: Self-nonself discrimination in a computer. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 202–212 (1994)

    Google Scholar 

  35. Forrest, S., Hofmeyr, S., Somayaji, A.: Computer Immunology. Commun. ACM 40(10), 88–96 (1997)

    Article  Google Scholar 

  36. Hofmeyr, S., Forrest, S.: Immunity by design. In: Proceeding of the Genetic and Evolutionary Computation Conference (GECCO 1999), pp. 1289–1296 (1999)

    Google Scholar 

  37. Burnet, F.: The Clonal Selection Theory of Acquired Immunity. Cambridge University Press, Cambridge (1959)

    Google Scholar 

  38. Burnet, F.: Clonal selection and after. In: Bell, G., Perelson, A., Pimbley, G. (eds.) Theoretical Immunology, pp. 63–85. Marcel Dekker Inc., New York (1978)

    Google Scholar 

  39. Jerne, N.: Towards a network theory of the immune system. Ann. Immunology (Inst. Pasteur) 125C, 373–389 (1974)

    Google Scholar 

  40. Greensmith, J., Whitbrook, A., Aickelin, U.: Artificial immune systems. In: Handbook of Metaheuristics, 2nd edn., vol. 14, pp. 421–448. Springer, New York (2010)

    Google Scholar 

  41. Greensmith, J., Aickelin, U.: The deterministic dendritic cell algorithm. In: Bentley, P.J., Lee, D., Jung, S. (eds.) ICARIS 2008. LNCS, vol. 5132, pp. 291–302. Springer, Heidelberg (2008). doi:10.1007/978-3-540-85072-4_26

    Chapter  Google Scholar 

  42. Coico, R., Sunshine, G., Benjamini, E.: Immunology: A Short Course. Wiley-Liss (2003)

    Google Scholar 

  43. Murphy, K., Travers, P., Walport, M.: Janeway’s Immunobiology. Garland Science, 7th edn. (2008)

    Google Scholar 

  44. Stibor, T., Mohr, P., Timmis, J., Eckert, C.: Is negative selection appropriate for anomaly detection? In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO 2005), pp. 321–328. Springer (2005)

    Google Scholar 

  45. Harmer, P., Williams, P., Gunsch, G., Lamont, G.: An artificial immune system architecture for computer security applications. IEEE Trans. Evol. Comput. 6(3), 252–280 (2002)

    Article  Google Scholar 

  46. Balthrop, J., Esponda, F., Forrest, S., Glickman, M.: Coverage and generalization in an artificial immune system. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO 2002), pp. 3–10 (2002)

    Google Scholar 

  47. Stibor, T., Bayarou, K., Eckert, C.: An investigation of r-chunk detector generation on higher alphabets. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO 2004), pp. 299–307 (2004)

    Google Scholar 

  48. Gonzales, F., Dasgupta, D., Gomez, J.: The effect of binary matching rules in negative selection. In: Proceedings of the Genetic and Evolutionary Computation Conference (GECCO 2003), pp. 198–209 (2003)

    Google Scholar 

  49. Kim, J., Bentley, P., Aickelin, U., et al.: Immune system approaches to intrusion detection – A review. Natural Comput. 6(4), 413–466 (2007). Springer

    Article  MATH  MathSciNet  Google Scholar 

  50. Haykin, S.: Neural Networks: A Comprehensive Foundation, p. 842. Prentice Hall, Upper Saddle River (1999)

    Google Scholar 

  51. Golovko, V., Bezobrazov, S., Kachurka, P., Vaitsekhovich, L.: Neural network and artificial immune systems for malware and network intrusion detection. In: Koronacki, J., Raś, Z.W., Wierzchoń, S.T., Kacprzyk, J. (eds.) Advances in Machine Learning II. SCI, vol. 263, pp. 485–513. Springer, Heidelberg (2010)

    Google Scholar 

  52. Komar, M., Golovko, V., Sachenko, A., Bezobrazov, S.: Development of neural network immune detectors for computer attacks recognition and classification. In: Proceedings of the 7th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS-2013), Berlin, Germany, vol. 2, pp. 665–668 (2013)

    Google Scholar 

  53. Komar, M., Sachenko, A., Golovko, V., Bezobrazov, S.: Method of detection of computer attacks by the neural network artificial immune system, Pat. Number 109640 Ukraine (2015) (in Ukrainian)

    Google Scholar 

  54. Komar, M., Sachenko, A., Bezobrazov, S., Golovko, V., Intelligent cyber defense system. In: Proceedings of the 12th International Conference on ICT in Education, Research and Industrial Applications. Integration, Harmonization and Knowledge Transfer (ICTERI 2016), Kyiv, Ukraine, 21–24 June, pp. 534–549. CEUR-WS.org (2016)

    Google Scholar 

  55. Scholz, M., Fraunholz, M., Selbig, J.: Nonlinear principal component analysis: neural network models and applications. In: Gorban, A.N., Kégl, B., Wunsch, D.C., Zinovyev, A.Y. (eds.) Principal Manifolds for Data Visualization and Dimension Reduction, pp. 44–67. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  56. Komar, M., Golovko, V., Sachenko, A., Bezobrazov S.: Intelligent system for detection of networking intrusion. In: Proceedings of the 6th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS-2011), Prague, vol. 1, pp. 74–377. Czech Republic (2011)

    Google Scholar 

  57. Hinton, G., Osindero, S., Teh, Y.: A fast learning algorithm for deep belief nets. Neural Comput. 18, 1527–1554 (2006)

    Article  MATH  MathSciNet  Google Scholar 

  58. Bengio, Y.: Learning deep architectures for AI. Found. Trends Mach. Learn. 2(1), 1–127 (2009)

    Article  MATH  MathSciNet  Google Scholar 

  59. Golovko, V., Kroshchanka, A., Rubanau, U., Jankowski, S.: A learning technique for deep belief neural networks. In: Golovko, V., Imada, A. (eds.) ICNNAI 2014. CCIS, vol. 440, pp. 136–146. Springer, Cham (2014). doi:10.1007/978-3-319-08201-1_13

    Chapter  Google Scholar 

  60. Sachenko A., Komar M.: Intrusion detection system based on neural networks. Zeszyty Naukowe. Organizacja i Zarządzanie, Politechnika Śląska 68, 377–386 (2014)

    Google Scholar 

  61. Fawcett, T.: Using rule sets to maximize ROC Performance. In: Proceedings of the IEEE International Conference on Data Mining (ICDM–2001), Los Alamitos, pp. 131–138 (2001)

    Google Scholar 

Download references

Acknowledgements

This work is running under a grant by the Ministry of Education and Sciences, Ukraine, 2016–2017 as well as it’s supported by the Belarusian State Research Program “Informatics and Space”, 2011–2015.

Author information

Authors and Affiliations

  1. Research Institute for Intelligent Computer Systems, Ternopil National Economic University, Ternopil, Ukraine

    Myroslav Komar & Anatoliy Sachenko

  2. Silesian University of Technology, Zabrze, Poland

    Anatoliy Sachenko

  3. Brest State Technical University, Brest, Belarus

    Sergei Bezobrazov & Vladimir Golovko

Authors
  1. Myroslav Komar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anatoliy Sachenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sergei Bezobrazov
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vladimir Golovko
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Myroslav Komar .

Editor information

Editors and Affiliations

  1. Western Sydney University , Penrith, New South Wales, Australia

    Athula Ginige

  2. Institute of Applied Informatics, Alpen-Adria-Universität Klagenfurt , Klagenfurt, Austria

    Heinrich C. Mayr

  3. University of Crete , Heraklion, Greece

    Dimitris Plexousakis

  4. Zaporozhye National University , Zaporozhye, Zaporiz'ka, Ukraine

    Vadim Ermolayev

  5. Taras Shevchenko National University of Kyiv , Kiev, Ukraine

    Mykola Nikitchenko

  6. V.N. Karazin Kharkiv National University , Kharkiv, Ukraine

    Grygoriy Zholtkevych

  7. Kherson State University , Kherson, Ukraine

    Aleksander Spivakovskiy

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Komar, M., Sachenko, A., Bezobrazov, S., Golovko, V. (2017). Intelligent Cyber Defense System Using Artificial Neural Network and Immune System Techniques. In: Ginige, A., et al. Information and Communication Technologies in Education, Research, and Industrial Applications. ICTERI 2016. Communications in Computer and Information Science, vol 783. Springer, Cham. https://doi.org/10.1007/978-3-319-69965-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69965-3_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69964-6

  • Online ISBN: 978-3-319-69965-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation