Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

This is an Open Access publication published under CSC-OpenAccess Policy.


Top researchers from over 74 countries worldwide have trusted us because of quality publications.

United States of America
United Kingdom
Saudi Arabia
Implementation of Echostate Network in NIDS
Meera Gandhi, S.K. Srivatsa
Pages - 73 - 86     |    Revised - 15-02-2008     |    Published - 30-02-2008
Volume - 2   Issue - 1    |    Publication Date - February 2008  Table of Contents
Echo state network, Intrusion detection, misuse detection, neural networks, computer security
Identifying instances of network attacks by comparing current activity against the expected actions of an intruder has become an important. Most current approaches to misuse detection involve the use of rule-based expert systems to identify indications of known attacks. Artificial neural networks provide the potential to identify and classify network activity based on limited, incomplete, and nonlinear data sources. Transmission of data over the internet keeps on increasing, which needs to protect connected systems also increasing. Intrusion Detection Systems (IDSs) are the latest technology used for this purpose. Although the field of IDSs is still developing, the systems that do exist are still not complete, in the sense that they are not able to detect all types of intrusions. Some attacks which are detected by various tools available today cannot be detected by other products, depending on the types and methods that they are built on. In this work, an artificial neural network using echo state network algorithm has been used to implement the IDS. This paper proposes an approach to implement recurrent echo state network real time IDS. Twenty four packet information both normal and intrusion have been considered for training. Testing has been done with new sets of packet information. The result of intrusion detection (ID) is very close to 90%. The topology of the echo state network is (41 X 20 X 1). The network converged with 24 iterations. However, very huge amount of packets are to be evaluated to know the complete performance of the developed system.
1 Google Scholar 
2 Academic Journals Database 
3 ScientificCommons 
4 Academic Index 
5 CiteSeerX 
6 iSEEK 
7 Socol@r  
8 ResearchGATE 
9 Bielefeld Academic Search Engine (BASE) 
10 Scribd 
11 WorldCat 
12 SlideShare 
14 PdfSR 
1 Rumelhart, D. E., Hinton, G. E., & Williams, R. J. (1986). Learning internal representations by error propagation. In D. E. Rumelhart, J. L. McClelland, & the PDP Research Group (Eds.), Parallel distributed processing: Explorations in the microstructure of cognition (Vol.1, pp. 318- 362).
2 Denning, Dorothy. (February, 1987). An Intrusion-Detection Model. IEEE Transactions on Software Engineering, Vol. SE-13, No. 2.
3 Lippmann.R.P,; AN Introduction to computing with neural nets;IEEE Transactions on ASSP Mag. 35,4(2) 4-22, 1987.
4 Fox, Kevin L., Henning, Rhonda R., and Reed, Jonathan H. (1990). A Neural Network Approach Towards Intrusion Detection. In Proceedings of the 13th National Computer Security Conference.
5 HIROSE,Y., YAMSHITA,K., AND HIJIYA,S., 1991, Back-propagation algorithm which varies the number of hidden units, Neural Networks, Vol.4, No.1, pp-61-66.
6 Debar, H. & Dorizzi, B. (1992). An Application of a Recurrent Network to an Intrusion Detection System. In Proceedings of the International Joint Conference on Neural Networks. pp. ( II)478-483.
7 Debar, H., Becke, M., & Siboni, D. (1992). A Neural Network Component for an Intrusion Detection System. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy.
8 Hammerstrom, Dan. (June, 1993). Neural Networks At Work. IEEE Spectrum. pp. 26- 53.
9 BERSHAD, N.J., SHYNK, J.J., AND FEINTUCH, P.L., 1993, Statistical analysis of the single-layer-back-propagation algorithm: Part-I-Mean weight behaviour, IEEE Trans. on Acoustics, Speech and Signal Processing, Vol.41, No.2, pp.573-582.
10 BERSHAD, N.J., SHYNK, J.J., AND FEINTUCH, P.L., 1993, Statistical analysis of the single-layer back-propagation algorithm: Part-II-NMSE and classification performance, IEEE Transactions on Acoustics, Speech and Signal Processing, Vol.41, No.2, pp.583- 591.
11 Helman, P. and Liepins, G., (1993). Statistical foundations of audit trail analysis for the detection of computer misuse, IEEE Trans. on Software Engineering, 19(9):886-901.
12 Ilgun, K. (1993). USTAT: A Real-time Intrusion Detection System for UNIX. In Proceedings of the IEEE Symposium on Research in Security and Privacy. pp. 16-28.
13 Denault, M., Gritzalis, D., Karagiannis, D., and Spirakis, P. (1994). Intrusion Detection: Approach and Performance Issues of the SECURENET System. In Computers and Security Vol. 13, No. 6, pp. 495-507
14 Frank, Jeremy. (1994). Artificial Intelligence and Intrusion Detection: Current and Future Directions. In Proceedings of the 17th National Computer Security Conference.
15 Mukherjee, B., Heberlein, L.T., Levitt, K.N. (May/June, 1994). Network Intrusion Detection. IEEE Network. pp. 28-42.
16 Chung, M., Puketza, N., Olsson, R.A., & Mukherjee, B. (1995) Simulating Concurrent Intrusions for Testing Intrusion Detection Systems:Parallelizing. In Proceedings of the 18th NISSC. pp. 173-183.
17 Cramer, M., et al. (1995). New Methods of Intrusion Detection using Control-Loop Measurement. In Proceedings of the Technology in Information Security Conference (TISC) ’95. pp. 1-10.
18 Kohonen, T. (1995) Self-Organizing Maps. Berlin: Springer.
19 Staniford-Chen, S. (1995, May 7). Using Thumbprints to Trace Intruders. UC Davis.
20 Tan, K. (1995). The Application of Neural Networks to UNIX Computer Security. In Proceedings of the IEEE International Conference on Neural Networks, Vol.1 pp. 476 – 481.
21 Ghost, A.K., et al. (September 27, 1997). “Detecting Anomalous and Unknown Intrusions Against Programs in Real-Time”. DARPA SBIR Phase I Final Report. Reliable Software Technologies.
22 Porras, P. & Neumann, P. (1997). EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In Proceedings of the 20th NISSC.
23 Puketza, N., Chung, M., Olsson, R.A. & Mukherjee, B. (September/October, 1997). A Software Platform for Testing Intrusion Detection Systems. IEEE Software, Vol. 14, No. 5
24 Ryan, J., Lin, M., and Miikkulainen, R. (1997). Intrusion Detection with Neural Networks. AI Approaches to Fraud Detection and Risk Management: Papers from the 1997 AAAI Workshop (Providence, Rhode Island), pp. 72-79. Menlo Park, CA: AAAI.
25 Tan, K.M.C & Collie, B.S. (1997). Detection and Classification of TCP/IP Network Services. In Proceedings of the Computer Security Applications Conference. pp. 99-107.
26 Sebring, M., Shellhouse, E., Hanna, M. & Whitehurst, R. (1988) Expert Systems in Intrusion Detection: A Case Study. In Proceedings of the 11th National Computer Security Conference.
27 GRAHAM, R. 2000. FAQ: Network Intrusion Detection Systems, http://www.robertgraham.com
28 Jaeger, H.; The echo state approach to analyzing and training recurrent neural networks; (Tech.Rep. No. 148). Bremen: German National Research Center for Information Technology, 2001.
29 BACE, R. 2002. Intrusion Detection, Macmillan Technical Publishing
30 Jaeger, H.; Tutorial on training recurrent neural networks, covering BPPT, RTRL,EKF and the “echo state network” approach (Tech. Rep. No. 159).; Bremen: German National Research Center for Information Technology, 2002.
31 Jaeger, H;. Short term memory in echo state networks; (Tech. Rep. No. 152) Bremen: German National Research Center for Information Technology. 2002.
32 KAZIENKO, P., AND DOROSZ, P. 2003, Intrusion Detection Systems (IDS) Part I – network intrusions; attack symptoms; IDS tasks; and IDS
33 BACE, R AND MELL, P., 2004, NIST Special Publication on Intrusion Detection Systems, http://www.nist.gov
34 GORDEEV, M. 2004. Intrusion Detection Techniques and Approaches, http://www.ict.tuwein.ac.a
35 JEAN-PHILIPPE 2004, Application of Neural Networks to Intrusion Detection, http://www.sans.org
36 Albert Mo Kim Cheng,On-Time and Scalable Intrusion Detection in Embedded Systems, Real-Time Systems Laboratory,Department of Computer Science,University of Houston, TX 77204, USA
37 H. Günes Kayac?k, A. Nur Zincir-Heywood, Malcolm I. Heywood, Selecting Features for Intrusion Detection:A Feature Relevance Analysis on KDD 99 Intrusion Detection Datasets Dalhousie University, Faculty of Computer Science,,6050 University Avenue, Halifax, Nova Scotia. B3H 1W5
38 R.S.Michalski, K.A.Kaufman, J.Pietrzykowski, B.Sniezynski, J.Wojtusiak, Intelligent Information Systems 2006, New Trends in Intelligent Information Processing and Web Mining Ustron, Poland, June 19-22, 2006
39 Steven Cheung, Bruno Dutertre, Martin Fong, Ulf Lindqvist, Keith Skinner and Alfonso Valdes, Using Model-based Intrusion Detection for SCADA Networks,Computer Science Laboratory,SRI International,December 7, 2006
40 Ajith Abraham, Ravi Jain, Johnson Thomas and Sang Yong Han, D-SCIDS: Distributed SoftComputing intrusion detection system, Journal of Network and Computer Applications 30 (2007) ,PP 81–98
Mr. Meera Gandhi
- India
Mr. S.K. Srivatsa
- India