دانلود رایگان مقاله انگلیسی سیستم های تشخیص نفوذ هوشمند با استفاده از شبکه های عصبی مصنوعی - الزویر 2018

Abstract

This paper presents a novel approach to detection of malicious network traffic using artificial neural networks suitable for use in deep packet inspection based intrusion detection systems. Experimental results using a range of typical benign network traffic data (images, dynamic link library files, and a selection of other miscellaneous files such as logs, music files, and word processing documents) and malicious shell code files sourced from the online exploit and vulnerability repository exploitdb [1], have shown that the proposed artificial neural network architecture is able to distinguish between benign and malicious network traffic accurately. The proposed artificial neural network architecture obtains an average accuracy of 98%, an average area under the receiver operator characteristic curve of 0.98, and an average false positive rate of less than 2% in repeated 10-fold cross-validation. This shows that the proposed classification technique is robust, accurate, and precise. The novel approach to malicious network traffic detection proposed in this paper has the potential to significantly enhance the utility of intrusion detection systems applied to both conventional network traffic analysis and network traffic analysis for cyber–physical systems such as smart-grids.

4. Conclusions and further work

The intelligent intrusion detection system outlined in this paper significantly improves upon the performance of signature based detection methods by utilising an artificial neural network classifier for the identification of shellcode patterns in network traffic. The ANN based classifier not only achieves perfect sensitivity on the test dataset (identifying all instances of shellcode), it also exhibits excellent precision (minimising the number of false positives identified). The performance of the proposed approach was then further evaluated with respect to the false positive rate by testing on an extremely large (400,000 samples) set of benign network traffic file content — where the proposed approach achieved a false positive rate of less than 2%. Minimising the false positive rate is a major concern for the application of network intrusion systems in the real-world, as high levels of false positives result in an extremely poor signalto-noise ratio and often render the system useless.

The research presented in this paper describes an offline approach to detecting shellcode patterns within data. Work is currently ongoing to integrate the approach proposed in this paper into online network intrusion detection systems and to test on real-time network data, with further real-time optimisations for live network traffic an active area of development. Another area identified for further work is the application of the intelligent approach to intrusion detection outlined here to other areas of network security such as the detection of cross-site scripting attacks and SQL injection attacks on web applications.