Full Article - PDF - Scholarly Journals

Scholarly Journal of Mathematics and Computer Science Vol. 2(3), pp. 28-32, June 2013
Available online at http:// www.scholarly-journals.com/SJMCS
ISSN 2276-8947 © 2013 Scholarly-Journals
Full Length Research Paper
A survey on soft computing techniques in network
security
Rashid Husain and Saifullahi Muhammad
Department of Computer Science Kebbi State University of Science and Technology, Aliero
Department of Mathematical Sciences and IT Federal University, Dutsin-Ma, Katsina
Accepted 13 June, 2013
Network servers are vulnerable to attack, and this state of affairs, shows no sign of abating. Therefore
security measures to protect vulnerable software is an important part of keeping systems secure,
Intrusion detection systems have the potential to improve the state of affairs, because they can
independently learn a model of normal behavior from a set of training data, and then use the model to
detect novel attacks. Intrusion Detection is one of the key parts of the system defense. Many soft
computing techniques have been proposed and are in use in IDS presently. In this paper we survey
various soft computing techniques like Artificial Neural Network, genetic algorithms, Fuzzy logic,
Support vector Machines, Probilistic reasoning, etc. Soft computing is being used by IDS due to their
capability of detecting known and unknown attacks on network. In this paper we also describe use of
various soft computing techniques in IDS.
Key words: Fuzzy Logic, Support Vector Machines (SVM), Artificial Neural Network, Security, Soft Computing,
Intrusion Detection System (IDS).
INTRODUCTON
This is an information era. Information can be accessed
through a variety of ways.Additionally, the retrieving,
processing, disseminating and storing of informationhave
become more complex than before. Computer networks
play more and more important role in current society and
it completely change human’s life. Informationhas
become the organizations most precious asset (Abraham
and Chen, 2004). So securing our assets (Information) is
very much required. The security level of processed
informationcan varies from private and commercial to
military and state secret. Herewith the violation of the
information confidentialit3, integrity and accessibility may
cause the damage to its owner and have significant
undesirable consequences. Thus the problem of
information security is concerned to many organizations
and companies for development of security facilities that
require significant contributions (Elliott et al., 1993). To
defend computer systems such accustomed mechanisms
as identification and authentication mechanisms of the
*Corresponding author. E-mail:rashid65_its@yahoo.com.
delimitation and restriction of the access to information
and cryptographic methods are applied. With the arrival
of soft computing (Bonissone. P., 1997), intrusion
detection has become an integral part of the security
process.
MATERIAL AND METHODS
Intrusion Detection
Intrusion detection can be defined as the process of
monitoring and analyzing the events occurring in a
computer and/or network system in order to detect signs
of security problems (Kuo et al., 1999). The goal of
intrusion detection is to discover intrusions into a
computer or network, by observing various network
activities or attributes. Here intrusion refers to any set of
actions that threatens the integrity, availability, or
confidentiality of a network resource. Given the explosive
growth of the Internet and the increased availability of
tools for attacking networks, intrusion detection becomes
a critical component of network administration. While

Scholarly J. Math. Comp. Sci. 29
Figure 1. A generic view of intrusion detection system
such detection usually includes some form of manual
analysis, we focus on software systems for automating
the analysis. IDS can be categorized by two aspects
(Lakra et al., 2009):
1. The Data Source. (Host based/ Network based)
2. The model of the Intrusion detection. (Anomaly
detection / misuse detection)
Intrusion detection attempts to detect computer attacks
by examining data records observed by processes on the
same network. These attacks can be divided into two
categories, host-based attacks and network-based
attacks (Husain. R, 2012). Host-based attack detection
normally uses system call data from an audit process that
tracks all system calls made on behalf of each user on a
particular machine. These audit processes usually run on
each monitored machine. Network-based attack detection
routines normally use system calls made on behalf of
each user on a particular machine. These audit
processes usually run on each monitored machine.
Network- based attack detection routines typically use
network traffic data from a Network sniffer (e.g. tcpdump).
Many computer networks, including the widely accepted
Ethernet network, use a shared medium for
communication. In a misuse detection based IDS,
intrusions are detected by looking for activities that
correspond to known signatures of intrusions or
vulnerabilities (Bouchard et al., 1999). On the other hand,
an anomaly based IDS detect intrusions by searching for
abnormal network traffic. The intrusion detection system
follows the following steps during the detection of abusing
things (figure 1).
1. Monitoring and analyzing the traffic.
2. Identifying the abnormal activities.
3. Assessing severity and raising alarm.
Introduction to Soft Computing (Lakraet., 2009)
Soft Computing is a general term for optimization and
processing techniques that are tolerant of imprecision
and uncertainty. The best approach for an Intrusion
Detection System may be to combine the advantages of
both the anomaly detection and misuse detection
components into a single compound scheme that can
also accommodate the imprecision inherent in the
domain of network security. Effective IDS must use more
than standard mathematical techniques conventional
analysis methods can be combined with soft computing
techniques to synergistically create a more robust
system. Soft computing differs from conventional (hard)
computing in that, unlike hard computing, it is tolerant of
imprecision, uncertainty, partial truth, and approximation
(Abraham and Jam, 2004).

Husain and Muhammad 30
Figure 2: Components of Soft Computing
The principal constituents of Soft Computing are Fuzzy
Logic, Neural Computing, and Evolutionary Computation
(figure 2). It is important to note that soft computing is not
a mélange. Rather, it is a partnership in which each of the
components contributes a distinct methodology for
addressing problems in its domain. In this perspective,
the principal constituent methodologies in soft computing
are complementary rather than competitive (Wang et al.,
1992).
Use of Various Soft computing Methods and IDS
(Kwang et al., 1996)
There are number of soft computing techniques available
now days. In the this section we discuss various
techniques and their uses in IDS (network security)
Artificial Neural Network
Artificial Neural Networks are a form of connectionist
learning, where knowledge is learned and remembered
by a network of interconnected neurons, weighted
synapses and threshold logic units. An ANN is an
information processing system that is inspired by the way
biological neuronsystems, such as the brain, process
information. It is composed of a large number of highly
interconnected processing elements (neurons) working
with each other to solve specific problems. Each
processing element (neuron) is basically a summing
element followed by an activation function (Hasnain et al.,
2005). The output of each neuron (after applying the
weight parameter associated with the connection) is fed
as the input to all of the neurons in the next layer. The
learning process is essentially an optimization process in
which the parameters of the best set of connection
coefficients (weights) for solving a problem are found.
Since ANNs are capable of making multi-class
classifications, an ANN is employed to perform the
intrusion detection (Lin et al., 1997).
Support Vector Machines (SVM)
Support Vector Machines have been proposed as a novel
technique for intrusion detection, they are learning
machines that place the training vectors in highdimensional
feature space labeling each vector by its
class. SVMs are powerful tools for providing solutions to
classification, regression, and density estimation
problems (Coker et al., 1980). These are developed on
the principle structural risk minimization. Structural risk
minimization seeks to find a hypothesis for which one can
find the lowest probability of error. SVMs classify data by
determining a set of vectors from the training set, called
support vectors, which outlines a hyper plane in the
feature space. The SVIVI approach transforms data into
a feature space that usually has a dimension. It is
interesting to note that SVM generalization depends on
the geometrical characteristics of the training data, not on
the dimensions of the input space. Training a support
vector machine (SVM) leads to a quadratic optimization
problem with bound constraints and one linear equality
constraint (Wang et al., 1992). There are other reasons
we use SVMs for intrusion detection. The first is speed,
as real time performance is of primary importance in IDSs
any classifier that can potentially run “fast” is worth
considering. The second reason is scalability; SVMs are
relatively insensitive to the number of data points and the
classification complexity does not dependon the
dimensionality of the feature space, so they can
potentially learn a larger set of patterns and thus be able
to scale better than neural networks (Tang et al., 1996).
Fuzzy Logic
Fuzzy Logic introduced by Zadeh (1965) gives us a
language, with syntax and local semantics, in which we
can translate our qualitative knowledge about the
problem to be solved (Lin et al., 1997). FLs main
characteristic is the robustness of its interpolative
reasoning mechanism. While Artificial Neural Networks

Scholarly J. Math. Comp. Sci. 31
require a “teacher” to provide data for the “learning”, it
mimics human or other “teacher” by repeating exactly
what the “teacher” did in exactly the same situation.
Fuzzy Logic emphasizes on rules that map situations to
actions. It does not try to mimic exactly what the “teacher”
does but aim at extracting the essence of decision
making process of the “teacher” (Wang et al., 2003).
Fuzzy concepts derive from fuzzy phenomena that
commonly occur in the natural world. For instance “rain”
is a fuzzy statement of “Today raining heavily”. Since
there is no clear boundary between “rain” and “heavy
rain”. In intrusion detection suppose we want to write a
rule as given below we need a reason about a quantity
such as the number of different destination IP addresses
in the last 2 seconds IF the number of different
destination addresses during the last n seconds was high
THEN an unusual situation exists (Wu et al., 2004).
Genetic Algorithms
Genetic Algorithms were developed based on the
principle of genetics using chromosomal operations such
as crossover and mutation (Tang et al., 1996). In these
algorithms a population of individuals (potential solution)
undergoes a sequence of unary (mutation) and higher
order (crossover) transformation. After some number of
generations the algorithm converges, the best individuals
represent the desirable optimal solution. As genetic
algorithms can be implemented at machine code level it
will be fast to detect intrusions in a real-time mode. In the
automatic induction of machine code by genetic
programming, individuals are manipulated directly as
binary code in memory and executed directly without
passing as interpreter during fitness calculation (Kwang
et al., 1996). The LGP tournament selection procedure
puts the lowest selection pressure on the individuals by
allowing only two individuals to participate in the
tournament. A copy of the winner replaces the loser of
each tournament. The process of determining which
items are most useful is called feature selection in the
machine learning literature, genetic algorithms are used
to select the measurements from the audit trail that are
the best indicators for different classes of intrusions and
to “time” the membership function for the fuzzy variables
(Lakra et al., 2009).
Genetic Fuzzy and Neuro Fuzzy
There are many intrusion detection systems proposed in
the literature based on various techniques like
cryptographic techniques, Encryption methods etc. In
recent times Fuzzy logic based methods together with the
techniques from Artificial Intelligence have gained
importance (Wang et al., 1992). However, none of them
is fool-proof and have their advantages and limitations.
Data mining techniques like clustering techniques
(Prasad et al., 2008), Association rules together with
fuzzy logic to model the fuzzy association rules are being
used for actually classifying data. These together with the
techniques of genetic algorithms like genetic
programming and neural network are producing better
results (Lakra et al., 2009).
CONCLUSON
In this paper we have provided a brief survey of soft
computing techniques in Number of Intrusion detection
systems. Due to the increasing incidents of attacks on
network, building effective intrusion detection models with
good accuracy and real-time performance is prime
concern. This area is developing continuously. More
hybrid soft computing techniques should be investigated
and their efficiency evaluated as intrusion detection
models.
FUTURE WORK
As per the various surveys, the number of viruses is
growing on networks; this suggests that we need to
employ newer strategies to combat threats for any
networks. There are many more new approaches being
tried by researchers. Some of the promising areas in this
direction, especially in the area of intrusion detection are
ant colony optimization methods.
In ant colony optimization, the processes are defined
based on the techniques of ant movements. The
propagation algorithms may use for training the system
and use that knowledge for detecting the intruders.
Further, fuzzy reasoning may be replaced with Demster-
Shaffer theory where ever applicable.
REFERENCES
Abraham, A. and Jam. R. (2004). Soft Computing Models for Intrusion
Detection Systems, Cryptography and Security, ACM- class.
Bonissone. P.P. (1997). Soft Computing: the convergence of Emerging
Reasoning Technologies, Springer Verlag.
Bouchard. M., Pailard, B. and Dinh, T.L. (1999). “Improved training on
neural networks for nonlinear active control of sound and vibration,”
IEEE Trans. on Neural Networks. 10: 391-401.
Coker, M.J. and Simkins, D.J. (1980). “A nonlinear adaptive noise
canceler,” IEEE Intl. Conf. Acoust., Speech Signal Processing. pp.
470-473.
Elliott, S. I. and Nelson, P.A. (1993). “Active noise control,”IEEE Signal
Processing Mag. 10: 12-35.
Hasnain, S.K. and Akhtar, P. (2005). “A fair play comparison of neural
networks algorithms in speech signal prcessing,” IEEE 9 th
International Multitopic Conference. pp. 1-6.
Kuo, S. M. and Morgan, D.R. (1999). “Active noise control: atutorial
review,” Proc. of IEEE. 87(6).
Kwong, S., He, Q. and Man, K.F. (1996). “Genetic Time Warping for
isolated word recognition,” Intl. J. of Pattern Recognition and Artificial
Intelligence. 10: 849-865.
Lakra, S., Prasad, T.V., Sharma, D.K., Atrey, S.H. and Sharma, A.K.

Husain and Muhammad 32
(2009). “Application of fuzzy mathematics to speech-to-text conversion
by elimination of paralinguistic content,”Proc. Of Nat. Conf. on Soft
Computing and Artificial Intelligence. pp. 294-299.
Lakra, S., Prasad, T.V., Sharma, D.K., Atrey, S.H. and Sharma, A.K.
(2009). “A neuro-fuzzy technique for implementing the half-adder
circuit using the CANFIS model,” Proc. Intl. Conf. on Data
Management. pp. 99-107.
Lin, C.T. and Juang, C.F. (1997). “An adaptive neural fuzzy filter and its
applications,” IEEE Trans. On System Man, and Cybernetics-
Cybernetics. 27(4): 635-656.
Prasad, V., Dhanalakshmi, Y., VijayaKuinar, V. (2008). Modeling an
intrusion detection system using data mining and genetic algorithms
based on fuzzy logic, IJSNS.
Rashid, H. (2012). “Types of Attacks and Defense Matrics of Routing
Mechanism for Mobile Network,” Int. J. Innovation in Computer Sci.
Technol. pp. 23-33.
Tang, K.S., Man, K.F., Kwang, S. and He, Q. (1996). “Genetic
algorithms and its applications,” IEEE Signal Processing Magazine.
pp. 22-37.
Wang J.S. and Lee, C.S.G. (2003). “Self-adaptive recurrent neuro-fuzzy
control of an autonomous underwater vehicle,” IEEE Trans. On
Robotics and Automotion. 19(2): 283-295.
Wang L.X. and Mendel, J.M. (1992). ”Fuzzy basic functions, universal
approximation, and orthogonal least-squares learning,” IEEE Trans.
on Neural Networks. pp. 807-814.
Wu, S.N. and Wang, J.S. (2004). “An adaptive recurrent neuro-fuzzy
filter for noisy speech enhancement,” Proc. IEEE Intl. Joint Conf. on
Neural Networks. 4: 3083-3088.