| Author(s) | Abdulkader A. Alfantookh |
| Affiliation | Department of Computer Science, College of Computer & Information Sciences, King Saud University, P.O. Box 51178, Riyadh 11543, Saudi Arabia fantookh@ksu.edu.sa |
| Title | DoS Attacks Intelligent Detection Using Neural Networks |
| Source | Journal of King Saud University. Computer & Information Sciences. Volume 18, No 1. (2006/1426) |
| Abstract | The potential damage to computer networks keeps increasing due to a growing reliance on the Internet and more extensive connectivity. Intrusion detection systems (IDSs) have become an essential component of computer security to detect attacks that occur despite the best preventive measures. A problem with current intrusion detection systems is that they have many false positive and false negative events. Most of the existing intrusion detection systems implemented nowadays depend on rule-based expert systems where new attacks are not detectable. In this paper, a possible application of Neural Networks is presented as a component of an intrusion detection system. An intrusion detection system called Denial of Service Intelligent Detection (DoSID) is developed. The type of Neural Network used to implement DoSID is feed forward which uses the backpropagation learning algorithm. The data used in training and testing is the data collected by Lincoln Labs at MIT for an intrusion detection system evaluation sponsored by the U.S. Defense Advanced Research Projects Agency (DARPA). Special features of connection records have been identified to be used in DoS (Denial-of-Service) attacks. Several experiments have been conducted to test the ability of the Neural Network to distinguish known and unknown attacks from normal traffic. Results show that normal traffic and known attacks are discovered 91% and 100% respectively. Also, it has been shown in the final experiment that the false negative of the system has been reduced considerably. Keywords: Intrusion detection, Neural Network, Anomaly detection, Network-based detection, Denial-of-Service |
