Keywords : Intrusion Detection


Use the Brute_Force Pattern Matching Algorithm for Misuse Intrusion Detection System

Haleema Essa Sulaiman

AL-Rafidain Journal of Computer Sciences and Mathematics, 2019, Volume 13, Issue 1, Pages 68-85
DOI: 10.33899/csmj.2020.163510

Security issues, like network intrusion and viruses, have been increased widely with the growth of computer applications and networks. Therefore, it becomes necessary to develop methods to protect information from malicious attacks within the different environments. One of these methods is to use intrusion detection system for the detection of different interventions.
The research was presented a way to detect misuse intrusion (Misuse Detection System), as was performed classification of events, which will be either the events of Normal Events or Intrusion Events. This classification process has been based on one of the String Pattern matching Algorithms, which is Brute_Force algorithm.
Brute_Force algorithm   is used after making a comparison between this algorithm and another two algorithm (Knuth – Morris – Pratt String Matching and Boyer-Moore Algorithm).
Data processed in the work is taken from the KDD list. The written version of this data, which will be similar to the data format in the comma separated values files (CSV), This data has been converted to tables and then a comparison between these tables is made for the purpose of categorizing events based on the algorithm mentioned above. Java language has been used in this work as one of the most powerful programming languages, has been the adoption of Eclipse environment to write Java classes used in the work.
 

Using Artificial Intelligence Techniques For Intrusion Detection System

Manar Y. Ahmed; Bayda I. Khaleel

AL-Rafidain Journal of Computer Sciences and Mathematics, 2013, Volume 10, Issue 1, Pages 157-175
DOI: 10.33899/csmj.2013.163433

Along with the development and growth of the internet network, and the rapid expansion of World Wide Web and local network systems have changed the computing world in the last decade. Nowadays, as more people make use of the internet, their computers and the valuable data in their computer system contain become more exposed to attackers. Therefore, there is an increasing need to protect computer and network from attacks and unauthorized access. Such that network intrusion classification and detection systems to prevent unlawful accesses. This work has taken the advantage of classification and detection abilities of Artificial Intelligent Techniques AITs algorithms to recognize intrusion(attack) and also detect new attacks. These algorithms are used to multi classifier and binary classifier for network intrusion and detect it, AITs such as unsupervised and supervised fuzzy clustering algorithms ( Fuzzy C-Mean FCM, Gustafson-Kessel GK, and Possibilistic C-Means PCM ), was applied to classify intrusion into 23 classes according to the subtype of attack. The same dataset classifies it into 5 classes according to the type of attacks (Normal, DoS, Probe, U2R, R2L). And also classifies this dataset into 2 classes (Normal, and Attack), one for normal traffic and another for attack, also these algorithms are used to detect intrusion.
Other techniques were used which are artificial neural network (ANN) represented by counter propagation neural network (CPN) which is hybrid learning (supervised and unsupervised) that is applied to classify intrusion into 23, 5 and 2 class(es) and used it to detect the network intrusions, and then we combined fuzzy c-mean with two layers Kohonen layer and Grossberg layer for counter propagation neural network to produce the proposed approach or system that called it fuzzy counter propagation neural network (FCPN) were applied it to classify network intrusion into 23, 5 and 2 class(es) and detect the intrusion. DARPA 1999 (Defense Advanced Research Project Agency) dataset which is represented by Knowledge Discovery and Data mining (KDD) cup 99 dataset was used for both training and testing. This research evaluates the performance of the approaches that are used that obtained high classification and detection rate with low false alarm rate. The performance of the proposed approach FCPN is the best if it is compared with the other approaches that are used and with previous works. Finally, in this research comparisons are made between the results obtained from the application of these algorithms on this dataset and the FCPN is the best approach that is implemented into Laptop where, CPU 2.27GH and RAM are 2.00 GB.
 

Principle Components Analysis and Multi Layer Perceptron Based Intrusion Detection System

Najla B. Ibraheem; Muna M. T. Jawhar; Hana M. Osman

AL-Rafidain Journal of Computer Sciences and Mathematics, 2013, Volume 10, Issue 1, Pages 127-135
DOI: 10.33899/csmj.2013.163430

Security has become an important issue for networks. Intrusion detection technology is an effective approach in dealing with the problems of network security. In this paper, we present an intrusion detection model based on PCA and MLP. The key idea is to take advantage of different feature of  NSL-KDD data set and choose the best feature of  data, and using  neural network for classification of  intrusion detection. The new model has ability to recognize an attack from normal connections. Training and testing data were obtained from the complete NSL-KDD intrusion detection evaluation data set.
 

Practical Comparison Between Genetic Algorithm and Clonal Selection Theory on KDD Dataset

Najlaa Badie Aldabagh; Mafaz Muhsin Khalil

AL-Rafidain Journal of Computer Sciences and Mathematics, 2010, Volume 7, Issue 3, Pages 121-140
DOI: 10.33899/csmj.2010.163917

This paper compares between two models: Common Genetic algorithm and  the new Clonal selection theory in the field of Intrusion Detection. Genetic algorithms (GA) which is a model of genetic evolution, while Clonal selection theory (CST) is from models of the natural immune system NIS,  the two models are from two different fields of Artificial Intelligence AI but they have portion of shared operations and objectives. The comparison to be done by applying the two models on some records of Knowledge Discovery and Data mining tools which is known by the name KDD data sets (its records the data of the interring packets to the computer system from the internet), to produce population ( in case of GA) or antibodies (in case of CST) can recognize these abnormal records.