RT-UNNID: A practical solution to real-time network-based intrusion detection using unsupervised neural networks

To link to full-text access for this article, visit this link: http://dx.doi.org/10.1016/j.cose.2006.05.003 Byline: Morteza Amini, Rasool Jalili, Hamid Reza Shahriari Abstract: With the growing rate of network attacks, intelligent methods for detecting new attacks have attracted increasing interest. The RT-UNNID system, introduced in this paper, is one such system, capable of intelligent real-time intrusion detection using unsupervised neural networks. Unsupervised neural nets can improve their analysis of new data over time without retraining. In previous work, we evaluated Adaptive Resonance Theory (ART) and Self-Organizing Map (SOM) neural networks using offline data. In this paper, we present a real-time solution using unsupervised neural nets to detect known and new attacks in network traffic. We evaluated our approach using 27 types of attack, and observed 97% precision using ART nets, and 95% precision using SOM nets. Author Affiliation: Department of Computer Engineering, Sharif University of Technology, Azadi Avenue, Tehran, Iran Article History: Received 25 April 2005; Revised 4 April 2006; Accepted 18 May 2006