1 Introduction
2 Related work
2.1 Intrusion detection technology
2.2 Artificial neural network technology
2.2.1 Basic principles of neurons
2.2.2 The basic structure of artificial neural networks
2.3 Typical model of artificial neural network
2.3.1 Hopfield Network
2.3.2 Back propagation network
2.3.3 Adaptive resonance theory (ART)
2.3.4 Learning vector quantization network
3 Methods
3.1 System design
3.2 Selection of neural network types
3.3 BP network design
Duration | Protocol type | Serve type | Link status | SR byte | RS byte | Land | Wrong frame | Urgent |
4 Experience
Sample type | Normal | Neptune | Udpstorm | Process Table | Back |
Number of samples | 54,669 | 400 | 2000 | 1232 | 689 |
Sample type | Apache2 | Teardrop | Warezmaster | Shprocesstable | POD |
Number of samples | 1500 | 90 | 215 | 1111 | 584 |
Sample type | Smurf | Selfping | Mailbomb | Warezclient | Syslogd |
Number of samples | 112 | 137 | 200 | 50 | 1 |
Sample type | Crshiis | Tcpreset | Land | Dosnuke | |
Number of samples | 4 | 6 | 1 | 9 |
Number of neurons | 15 | 17 | 20 | 22 | 25 |
Number of training | 454 | 308 | 226 | 79 | 49 |
Final error | 0.002918 | 0.002930 | 0.002997 | 0.002995 | 0.002980 |
Type of data | Number of Neurs | ||||
---|---|---|---|---|---|
15 (%) | 17 (%) | 20 (%) | 22 (%) | 25 (%) | |
Neptune | 97.50 | 95.50 | 97.50 | 96.00 | 98.25 |
Process table | 39.04 | 36.12 | 38.47 | 30.08 | 43.10 |
Back | 86.50 | 76.34 | 81.86 | 70.25 | 87.52 |
APache2 | 90.40 | 62.20 | 84.93 | 59.53 | 95.95 |
Teardrop | 76.67 | 44.44 | 68.89 | 38.895 | 78.89 |
Warezmaster | 53.48 | 48.37 | 52.56 | 46.51 | 59.07 |
Sshprocesstable | 62.47 | 53.11 | 60.22 | 50.45 | 65.08 |
POD | 99.49 | 98.46 | 99.32 | 97.95 | 99.49 |
Smurf | 31.25 | 34.82 | 32.14 | 39.29 | 23.21 |
Mailbomb | 26.50 | 18.50 | 22.50 | 16.00 | 28.50 |
Udpstorm | 0 | 0 | 0 | 0 | 0 |
Selfping | 0 | 0 | 0 | 0 | 0 |
Warezsilent | 0 | 0 | 0 | 0 | 0 |
Syslogd | 0 | 0 | 0 | 0 | 0 |
Crashiis | 0 | 0 | 0 | 0 | 0 |
Land | 0 | 0 | 0 | 0 | 0 |
Dosnuke | 0 | 0 | 0 | 0 | 0 |