Testing CAB-IDS Through Mutations: On the Identification of Network Scans (original) (raw)

Abstract

This study demonstrates the ability of powerful visualization tools (based on the use of connectionist models) to identify network intrusion attempts in an effective and reliable manner. It presents a novel technique to test and evaluate a previously developed network-based intrusion detection system (IDS). This technique applies mutant operators and is intended to test IDSs using numerical data sets. It should be made clear that some mutations were discarded as they did not all provide real life situations. As an application example of the proposed testing model, it has been specially applied to the identification of network scans and mutations of these. The tested Connectionist Agent-Based IDS (CAB-IDS) is used as a method to investigate the traffic which travels along the analysed network, detecting anomalous traffic patterns. The specific tests performed in this study were based on the mutation of one or several variables analysed by CAB-IDS.

Preview

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

1. Goldring, T.: Scatter (and Other) Plots for Visualizing User Profiling Data and Network Traffic. In: ACM Workshop on Visualization and Data Mining for Computer Security, pp. 119–123 (2004)
   Google Scholar
2. Muelder, C., Ma, K.-L., Bartoletti, T.: Interactive Visualization for Network and Port Scan Detection. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 265–283. Springer, Heidelberg (2006)
   Chapter Google Scholar
3. Abdullah, K., Lee, C., Conti, G., Copeland, J.A.: Visualizing Network Data for Intrusion Detection. In: IEEE Workshop on Information Assurance and Security, pp. 100–108 (2002)
   Google Scholar
4. Herrero, A., Corchado, E., Sáiz, J.M.: Identification of Anomalous SNMP Situations Using a Cooperative Connectionist Exploratory Projection Pursuit Model. In: Gallagher, M., Hogan, J.P., Maire, F. (eds.) IDEAL 2005. LNCS, vol. 3578, pp. 187–194. Springer, Heidelberg (2005)
   Chapter Google Scholar
5. Corchado, E.S., Herrero, Á., Sáiz, J.M.: Detecting Compounded Anomalous SNMP Situations Using Cooperative Unsupervised Pattern Recognition. In: Duch, W., Kacprzyk, J., Oja, E., Zadrożny, S. (eds.) ICANN 2005. LNCS, vol. 3697, pp. 905–910. Springer, Heidelberg (2005)
   Google Scholar
6. Corchado, E., Herrero, A., Sáiz, J.M.: A Feature Selection Agent-Based IDS. In: First European Symposium on Nature-Inspired Smart Information Systems (2005)
   Google Scholar
7. Ranum, M.J.: Experiences Benchmarking Intrusion Detection Systems. NFR Security (2001)
   Google Scholar
8. Vigna, G., Robertson, W., Balzarotti, D.: Testing Network-Based Intrusion Detection Signatures Using Mutant Exploits. In: ACM Conference on Computer and Communication Security (ACM CCS), pp. 21–30 (2004)
   Google Scholar
9. Wooldridge, M.: Multiagent Systems: A Modern Approach to Distributed Artificial Intelligence, Gerhard Weiss (1999)
   Google Scholar
10. Friedman, J., Tukey, J.: A Projection Pursuit Algorithm for Exploratory Data Analysis. IEEE Transaction on Computers 23, 881–890 (1974)
    Article MATH Google Scholar
11. Hyvärinen, A.: Complexity Pursuit: Separating Interesting Components from Time Series. Neural Computation 13(4), 883–898 (2001)
    Article MATH Google Scholar
12. Corchado, E., Han, Y., Fyfe, C.: Structuring Global Responses of Local Filters Using Lateral Connections. Journal of Experimental and Theoretical Artificial Intelligence 15(4), 473–487 (2003)
    Article MATH Google Scholar
13. Corchado, E., Fyfe, C.: Connectionist Techniques for the Identification and Suppression of Interfering Underlying Factors. International Journal of Pattern Recognition and Artificial Intelligence 17(8), 1447–1466 (2003)
    Article Google Scholar
14. Corchado, E., Corchado, J.M., Sáiz, L., Lara, A.: Constructing a Global and Integral Model of Business Management Using a CBR System. In: Luo, Y. (ed.) CDVE 2004. LNCS, vol. 3190, pp. 141–147. Springer, Heidelberg (2004)
    Chapter Google Scholar
15. Corchado, E., MacDonald, D., Fyfe, C.: Maximum and Minimum Likelihood Hebbian Learning for Exploratory Projection Pursuit. In: Data Mining and Knowledge Discovery, vol. 8(3), pp. 203–225. Kluwer Academic Publishers, Dordrecht (2004)
    Google Scholar
16. Fyfe, C., Corchado, E.: Maximum Likelihood Hebbian Rules. In: European Symposium on Artificial Neural Networks, pp. 143–148 (2002)
    Google Scholar
17. Seung, H.S., Socci, N.D., Lee, D.: The Rectified Gaussian Distribution. Advances in Neural Information Processing Systems 10, 350–356 (1998)
    Google Scholar
18. Oja, E.: Neural Networks, Principal Components and Subspaces. International Journal of Neural Systems 1, 61–68 (1989)
    Article MathSciNet Google Scholar
19. Hätönen, K., Höglund, A., Sorvari, A.: A Computer Host-Based User Anomaly Detection System Using the Self-Organizing Map. In: International Joint Conference of Neural Networks, pp. 411–416 (2000)
    Google Scholar
20. Zanero, S., Savaresi, S.M.: Unsupervised Learning Techniques for an Intrusion Detection System. In: ACM Symposium on Applied Computing, pp. 412–419 (2004)
    Google Scholar
21. Marty, R.: Thor: A Tool to Test Intrusion Detection Systems by Variations of Attacks. ETH Zurich. Diploma Thesis (2002)
    Google Scholar

Download references

Author information

Authors and Affiliations

1. Department of Civil Engineering, University of Burgos, Spain
   Emilio Corchado, Álvaro Herrero & José Manuel Sáiz

Authors

1. Emilio Corchado
2. Álvaro Herrero
3. José Manuel Sáiz

Editor information

Editors and Affiliations

1. School of Design, Engineering and Computing, Bournemouth University, UK
   Bogdan Gabrys
2. Centre for SMART Systems, School of Environment and Technology, University of Brighton, BN2 4GJ, Brighton, UK
   Robert J. Howlett
3. School of Electrical and Information Engineering, Knowledge Based Intelligent Engineering Systems Centre, University of South Australia, SA, 5095, Mawson Lakes, Australia
   Lakhmi C. Jain

Rights and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Corchado, E., Herrero, Á., Sáiz, J.M. (2006). Testing CAB-IDS Through Mutations: On the Identification of Network Scans. In: Gabrys, B., Howlett, R.J., Jain, L.C. (eds) Knowledge-Based Intelligent Information and Engineering Systems. KES 2006. Lecture Notes in Computer Science(), vol 4252. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11893004\_56

Download citation

• .RIS
• .ENW
• .BIB
• DOI: https://doi.org/10.1007/11893004\_56
• Publisher Name: Springer, Berlin, Heidelberg
• Print ISBN: 978-3-540-46537-9
• Online ISBN: 978-3-540-46539-3
• eBook Packages: Computer ScienceComputer Science (R0)Springer Nature Proceedings Computer Science

Publish with us