Soft Computing Techniques for Intrusion Detection
Srinivas Mukkamala & Andrew H. Sung
Department of Computer Science
New Mexico Tech
Socorro, New Mexico 87801, U.S.A.
srinivas|sung@cs.nmt.edu

Abstract:
Due to the growing awareness of computer security and the reported rapidly increasing incidents of security breaches and cyber attacks worldwide, enhanced security measures and various security devices are increasingly being utilized by governments, organizations, enterprises, and individuals alike to protect their computer systems and information assets. Anti-virus scans and firewalls have been in use for some time now and provided effective protection. Since a complete security solution for networked computers must provide a mechanism to warn a system administrator of intrusions (anomalous uses and intended misuses or attacks) which cannot usually be detected by an anti-virus scan or a firewall, intrusion detection systems (IDSs) are also becoming more widely used in addition to anti-virus scanners and firewalls to provide complete protection. Even though it has been well recognized that IDSs are essential in protecting information systems security, building effective IDSs remains an elusive goal and a great challenge. The current IDSs suffer a number of drawbacks that limited their efficacy in protecting against intrusions; some of the more fundamental problems of IDSs are detection accuracy (false positive alarms and false negatives), realtime performance (processing large amount of traffic data in real time), new attack recognition (how to recognize new attacks when they are launched the first time), and scalability (the number of user profiles, attack signatures, etc. that need to be stored).

This paper concerns using soft computing techniques (artificial neural networks, support vector machines, genetic programming, multivariate adaptive regression splines and binary recursive partitioning) for intrusion detection. We investigate and compare the performance of IDSs using a few soft computing and machine learning techniques, using a well-known set of intrusion evaluation data gathered by DARPA. Through a variety of comparative experiments, it is found that, the ensemble of appropriately chosen soft computing techniques; the IDS detection performance can be enhanced. In our recent work SVMs are found to be superior to ANNs in there critical aspects of intrusion detection:
.. Accuracy: SVMs achieve very-high accuracy (in the high 90% range) than the best-trained ANNs
.. Training Time and Testing Time: SVMs’ training time and testing time are an order of magnitude faster than ANNs’
.. Scalability: SVMs scale much better than ANNs
We describe our investigation methodology, report experimental results, report the key features identified by various soft computing and machine learning techniques and conclude by describing an ongoing effort of identifying good detection techniques for classifying intrusions.