Full Article - PDF - Scholarly Journals
Full Article - PDF - Scholarly Journals
Full Article - PDF - Scholarly Journals
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Scholarly</strong> Journal of Mathematics and Computer Science Vol. 2(3), pp. 28-32, June 2013<br />
Available online at http:// www.scholarly-journals.com/SJMCS<br />
ISSN 2276-8947 © 2013 <strong>Scholarly</strong>-<strong>Journals</strong><br />
<strong>Full</strong> Length Research Paper<br />
A survey on soft computing techniques in network<br />
security<br />
Rashid Husain and Saifullahi Muhammad<br />
Department of Computer Science Kebbi State University of Science and Technology, Aliero<br />
Department of Mathematical Sciences and IT Federal University, Dutsin-Ma, Katsina<br />
Accepted 13 June, 2013<br />
Network servers are vulnerable to attack, and this state of affairs, shows no sign of abating. Therefore<br />
security measures to protect vulnerable software is an important part of keeping systems secure,<br />
Intrusion detection systems have the potential to improve the state of affairs, because they can<br />
independently learn a model of normal behavior from a set of training data, and then use the model to<br />
detect novel attacks. Intrusion Detection is one of the key parts of the system defense. Many soft<br />
computing techniques have been proposed and are in use in IDS presently. In this paper we survey<br />
various soft computing techniques like Artificial Neural Network, genetic algorithms, Fuzzy logic,<br />
Support vector Machines, Probilistic reasoning, etc. Soft computing is being used by IDS due to their<br />
capability of detecting known and unknown attacks on network. In this paper we also describe use of<br />
various soft computing techniques in IDS.<br />
Key words: Fuzzy Logic, Support Vector Machines (SVM), Artificial Neural Network, Security, Soft Computing,<br />
Intrusion Detection System (IDS).<br />
INTRODUCTON<br />
This is an information era. Information can be accessed<br />
through a variety of ways.Additionally, the retrieving,<br />
processing, disseminating and storing of informationhave<br />
become more complex than before. Computer networks<br />
play more and more important role in current society and<br />
it completely change human’s life. Informationhas<br />
become the organizations most precious asset (Abraham<br />
and Chen, 2004). So securing our assets (Information) is<br />
very much required. The security level of processed<br />
informationcan varies from private and commercial to<br />
military and state secret. Herewith the violation of the<br />
information confidentialit3, integrity and accessibility may<br />
cause the damage to its owner and have significant<br />
undesirable consequences. Thus the problem of<br />
information security is concerned to many organizations<br />
and companies for development of security facilities that<br />
require significant contributions (Elliott et al., 1993). To<br />
defend computer systems such accustomed mechanisms<br />
as identification and authentication mechanisms of the<br />
*Corresponding author. E-mail:rashid65_its@yahoo.com.<br />
delimitation and restriction of the access to information<br />
and cryptographic methods are applied. With the arrival<br />
of soft computing (Bonissone. P., 1997), intrusion<br />
detection has become an integral part of the security<br />
process.<br />
MATERIAL AND METHODS<br />
Intrusion Detection<br />
Intrusion detection can be defined as the process of<br />
monitoring and analyzing the events occurring in a<br />
computer and/or network system in order to detect signs<br />
of security problems (Kuo et al., 1999). The goal of<br />
intrusion detection is to discover intrusions into a<br />
computer or network, by observing various network<br />
activities or attributes. Here intrusion refers to any set of<br />
actions that threatens the integrity, availability, or<br />
confidentiality of a network resource. Given the explosive<br />
growth of the Internet and the increased availability of<br />
tools for attacking networks, intrusion detection becomes<br />
a critical component of network administration. While
<strong>Scholarly</strong> J. Math. Comp. Sci. 29<br />
Figure 1. A generic view of intrusion detection system<br />
such detection usually includes some form of manual<br />
analysis, we focus on software systems for automating<br />
the analysis. IDS can be categorized by two aspects<br />
(Lakra et al., 2009):<br />
1. The Data Source. (Host based/ Network based)<br />
2. The model of the Intrusion detection. (Anomaly<br />
detection / misuse detection)<br />
Intrusion detection attempts to detect computer attacks<br />
by examining data records observed by processes on the<br />
same network. These attacks can be divided into two<br />
categories, host-based attacks and network-based<br />
attacks (Husain. R, 2012). Host-based attack detection<br />
normally uses system call data from an audit process that<br />
tracks all system calls made on behalf of each user on a<br />
particular machine. These audit processes usually run on<br />
each monitored machine. Network-based attack detection<br />
routines normally use system calls made on behalf of<br />
each user on a particular machine. These audit<br />
processes usually run on each monitored machine.<br />
Network- based attack detection routines typically use<br />
network traffic data from a Network sniffer (e.g. tcpdump).<br />
Many computer networks, including the widely accepted<br />
Ethernet network, use a shared medium for<br />
communication. In a misuse detection based IDS,<br />
intrusions are detected by looking for activities that<br />
correspond to known signatures of intrusions or<br />
vulnerabilities (Bouchard et al., 1999). On the other hand,<br />
an anomaly based IDS detect intrusions by searching for<br />
abnormal network traffic. The intrusion detection system<br />
follows the following steps during the detection of abusing<br />
things (figure 1).<br />
1. Monitoring and analyzing the traffic.<br />
2. Identifying the abnormal activities.<br />
3. Assessing severity and raising alarm.<br />
Introduction to Soft Computing (Lakraet., 2009)<br />
Soft Computing is a general term for optimization and<br />
processing techniques that are tolerant of imprecision<br />
and uncertainty. The best approach for an Intrusion<br />
Detection System may be to combine the advantages of<br />
both the anomaly detection and misuse detection<br />
components into a single compound scheme that can<br />
also accommodate the imprecision inherent in the<br />
domain of network security. Effective IDS must use more<br />
than standard mathematical techniques conventional<br />
analysis methods can be combined with soft computing<br />
techniques to synergistically create a more robust<br />
system. Soft computing differs from conventional (hard)<br />
computing in that, unlike hard computing, it is tolerant of<br />
imprecision, uncertainty, partial truth, and approximation<br />
(Abraham and Jam, 2004).
Husain and Muhammad 30<br />
Figure 2: Components of Soft Computing<br />
The principal constituents of Soft Computing are Fuzzy<br />
Logic, Neural Computing, and Evolutionary Computation<br />
(figure 2). It is important to note that soft computing is not<br />
a mélange. Rather, it is a partnership in which each of the<br />
components contributes a distinct methodology for<br />
addressing problems in its domain. In this perspective,<br />
the principal constituent methodologies in soft computing<br />
are complementary rather than competitive (Wang et al.,<br />
1992).<br />
Use of Various Soft computing Methods and IDS<br />
(Kwang et al., 1996)<br />
There are number of soft computing techniques available<br />
now days. In the this section we discuss various<br />
techniques and their uses in IDS (network security)<br />
Artificial Neural Network<br />
Artificial Neural Networks are a form of connectionist<br />
learning, where knowledge is learned and remembered<br />
by a network of interconnected neurons, weighted<br />
synapses and threshold logic units. An ANN is an<br />
information processing system that is inspired by the way<br />
biological neuronsystems, such as the brain, process<br />
information. It is composed of a large number of highly<br />
interconnected processing elements (neurons) working<br />
with each other to solve specific problems. Each<br />
processing element (neuron) is basically a summing<br />
element followed by an activation function (Hasnain et al.,<br />
2005). The output of each neuron (after applying the<br />
weight parameter associated with the connection) is fed<br />
as the input to all of the neurons in the next layer. The<br />
learning process is essentially an optimization process in<br />
which the parameters of the best set of connection<br />
coefficients (weights) for solving a problem are found.<br />
Since ANNs are capable of making multi-class<br />
classifications, an ANN is employed to perform the<br />
intrusion detection (Lin et al., 1997).<br />
Support Vector Machines (SVM)<br />
Support Vector Machines have been proposed as a novel<br />
technique for intrusion detection, they are learning<br />
machines that place the training vectors in highdimensional<br />
feature space labeling each vector by its<br />
class. SVMs are powerful tools for providing solutions to<br />
classification, regression, and density estimation<br />
problems (Coker et al., 1980). These are developed on<br />
the principle structural risk minimization. Structural risk<br />
minimization seeks to find a hypothesis for which one can<br />
find the lowest probability of error. SVMs classify data by<br />
determining a set of vectors from the training set, called<br />
support vectors, which outlines a hyper plane in the<br />
feature space. The SVIVI approach transforms data into<br />
a feature space that usually has a dimension. It is<br />
interesting to note that SVM generalization depends on<br />
the geometrical characteristics of the training data, not on<br />
the dimensions of the input space. Training a support<br />
vector machine (SVM) leads to a quadratic optimization<br />
problem with bound constraints and one linear equality<br />
constraint (Wang et al., 1992). There are other reasons<br />
we use SVMs for intrusion detection. The first is speed,<br />
as real time performance is of primary importance in IDSs<br />
any classifier that can potentially run “fast” is worth<br />
considering. The second reason is scalability; SVMs are<br />
relatively insensitive to the number of data points and the<br />
classification complexity does not dependon the<br />
dimensionality of the feature space, so they can<br />
potentially learn a larger set of patterns and thus be able<br />
to scale better than neural networks (Tang et al., 1996).<br />
Fuzzy Logic<br />
Fuzzy Logic introduced by Zadeh (1965) gives us a<br />
language, with syntax and local semantics, in which we<br />
can translate our qualitative knowledge about the<br />
problem to be solved (Lin et al., 1997). FLs main<br />
characteristic is the robustness of its interpolative<br />
reasoning mechanism. While Artificial Neural Networks
<strong>Scholarly</strong> J. Math. Comp. Sci. 31<br />
require a “teacher” to provide data for the “learning”, it<br />
mimics human or other “teacher” by repeating exactly<br />
what the “teacher” did in exactly the same situation.<br />
Fuzzy Logic emphasizes on rules that map situations to<br />
actions. It does not try to mimic exactly what the “teacher”<br />
does but aim at extracting the essence of decision<br />
making process of the “teacher” (Wang et al., 2003).<br />
Fuzzy concepts derive from fuzzy phenomena that<br />
commonly occur in the natural world. For instance “rain”<br />
is a fuzzy statement of “Today raining heavily”. Since<br />
there is no clear boundary between “rain” and “heavy<br />
rain”. In intrusion detection suppose we want to write a<br />
rule as given below we need a reason about a quantity<br />
such as the number of different destination IP addresses<br />
in the last 2 seconds IF the number of different<br />
destination addresses during the last n seconds was high<br />
THEN an unusual situation exists (Wu et al., 2004).<br />
Genetic Algorithms<br />
Genetic Algorithms were developed based on the<br />
principle of genetics using chromosomal operations such<br />
as crossover and mutation (Tang et al., 1996). In these<br />
algorithms a population of individuals (potential solution)<br />
undergoes a sequence of unary (mutation) and higher<br />
order (crossover) transformation. After some number of<br />
generations the algorithm converges, the best individuals<br />
represent the desirable optimal solution. As genetic<br />
algorithms can be implemented at machine code level it<br />
will be fast to detect intrusions in a real-time mode. In the<br />
automatic induction of machine code by genetic<br />
programming, individuals are manipulated directly as<br />
binary code in memory and executed directly without<br />
passing as interpreter during fitness calculation (Kwang<br />
et al., 1996). The LGP tournament selection procedure<br />
puts the lowest selection pressure on the individuals by<br />
allowing only two individuals to participate in the<br />
tournament. A copy of the winner replaces the loser of<br />
each tournament. The process of determining which<br />
items are most useful is called feature selection in the<br />
machine learning literature, genetic algorithms are used<br />
to select the measurements from the audit trail that are<br />
the best indicators for different classes of intrusions and<br />
to “time” the membership function for the fuzzy variables<br />
(Lakra et al., 2009).<br />
Genetic Fuzzy and Neuro Fuzzy<br />
There are many intrusion detection systems proposed in<br />
the literature based on various techniques like<br />
cryptographic techniques, Encryption methods etc. In<br />
recent times Fuzzy logic based methods together with the<br />
techniques from Artificial Intelligence have gained<br />
importance (Wang et al., 1992). However, none of them<br />
is fool-proof and have their advantages and limitations.<br />
Data mining techniques like clustering techniques<br />
(Prasad et al., 2008), Association rules together with<br />
fuzzy logic to model the fuzzy association rules are being<br />
used for actually classifying data. These together with the<br />
techniques of genetic algorithms like genetic<br />
programming and neural network are producing better<br />
results (Lakra et al., 2009).<br />
CONCLUSON<br />
In this paper we have provided a brief survey of soft<br />
computing techniques in Number of Intrusion detection<br />
systems. Due to the increasing incidents of attacks on<br />
network, building effective intrusion detection models with<br />
good accuracy and real-time performance is prime<br />
concern. This area is developing continuously. More<br />
hybrid soft computing techniques should be investigated<br />
and their efficiency evaluated as intrusion detection<br />
models.<br />
FUTURE WORK<br />
As per the various surveys, the number of viruses is<br />
growing on networks; this suggests that we need to<br />
employ newer strategies to combat threats for any<br />
networks. There are many more new approaches being<br />
tried by researchers. Some of the promising areas in this<br />
direction, especially in the area of intrusion detection are<br />
ant colony optimization methods.<br />
In ant colony optimization, the processes are defined<br />
based on the techniques of ant movements. The<br />
propagation algorithms may use for training the system<br />
and use that knowledge for detecting the intruders.<br />
Further, fuzzy reasoning may be replaced with Demster-<br />
Shaffer theory where ever applicable.<br />
REFERENCES<br />
Abraham, A. and Jam. R. (2004). Soft Computing Models for Intrusion<br />
Detection Systems, Cryptography and Security, ACM- class.<br />
Bonissone. P.P. (1997). Soft Computing: the convergence of Emerging<br />
Reasoning Technologies, Springer Verlag.<br />
Bouchard. M., Pailard, B. and Dinh, T.L. (1999). “Improved training on<br />
neural networks for nonlinear active control of sound and vibration,”<br />
IEEE Trans. on Neural Networks. 10: 391-401.<br />
Coker, M.J. and Simkins, D.J. (1980). “A nonlinear adaptive noise<br />
canceler,” IEEE Intl. Conf. Acoust., Speech Signal Processing. pp.<br />
470-473.<br />
Elliott, S. I. and Nelson, P.A. (1993). “Active noise control,”IEEE Signal<br />
Processing Mag. 10: 12-35.<br />
Hasnain, S.K. and Akhtar, P. (2005). “A fair play comparison of neural<br />
networks algorithms in speech signal prcessing,” IEEE 9 th<br />
International Multitopic Conference. pp. 1-6.<br />
Kuo, S. M. and Morgan, D.R. (1999). “Active noise control: atutorial<br />
review,” Proc. of IEEE. 87(6).<br />
Kwong, S., He, Q. and Man, K.F. (1996). “Genetic Time Warping for<br />
isolated word recognition,” Intl. J. of Pattern Recognition and Artificial<br />
Intelligence. 10: 849-865.<br />
Lakra, S., Prasad, T.V., Sharma, D.K., Atrey, S.H. and Sharma, A.K.
Husain and Muhammad 32<br />
(2009). “Application of fuzzy mathematics to speech-to-text conversion<br />
by elimination of paralinguistic content,”Proc. Of Nat. Conf. on Soft<br />
Computing and Artificial Intelligence. pp. 294-299.<br />
Lakra, S., Prasad, T.V., Sharma, D.K., Atrey, S.H. and Sharma, A.K.<br />
(2009). “A neuro-fuzzy technique for implementing the half-adder<br />
circuit using the CANFIS model,” Proc. Intl. Conf. on Data<br />
Management. pp. 99-107.<br />
Lin, C.T. and Juang, C.F. (1997). “An adaptive neural fuzzy filter and its<br />
applications,” IEEE Trans. On System Man, and Cybernetics-<br />
Cybernetics. 27(4): 635-656.<br />
Prasad, V., Dhanalakshmi, Y., VijayaKuinar, V. (2008). Modeling an<br />
intrusion detection system using data mining and genetic algorithms<br />
based on fuzzy logic, IJSNS.<br />
Rashid, H. (2012). “Types of Attacks and Defense Matrics of Routing<br />
Mechanism for Mobile Network,” Int. J. Innovation in Computer Sci.<br />
Technol. pp. 23-33.<br />
Tang, K.S., Man, K.F., Kwang, S. and He, Q. (1996). “Genetic<br />
algorithms and its applications,” IEEE Signal Processing Magazine.<br />
pp. 22-37.<br />
Wang J.S. and Lee, C.S.G. (2003). “Self-adaptive recurrent neuro-fuzzy<br />
control of an autonomous underwater vehicle,” IEEE Trans. On<br />
Robotics and Automotion. 19(2): 283-295.<br />
Wang L.X. and Mendel, J.M. (1992). ”Fuzzy basic functions, universal<br />
approximation, and orthogonal least-squares learning,” IEEE Trans.<br />
on Neural Networks. pp. 807-814.<br />
Wu, S.N. and Wang, J.S. (2004). “An adaptive recurrent neuro-fuzzy<br />
filter for noisy speech enhancement,” Proc. IEEE Intl. Joint Conf. on<br />
Neural Networks. 4: 3083-3088.