Real Time Intrusion Detection System using Computational Intelligence and Neural Network: A Review

Today, Intrusion detection system using neural network is interested and measurable area for the researchers. The computational intelligence describe based on following parameters such as computational speed, adaptation, error resilience and fault tolerance. A good intrusion detection system must be satisfied adaptable as requirements. The objective of this paper, provide an outline of the research progress via computational intelligence and neural network over the intrusion detection. In this paper focused, existing research challenges, review analysis, research suggestion regarding Intrusion detection system.


INTRODUCTION
Intrusion prevention methodology such as access control, firewalls or encryption, unable to completely protected the network during malwares and attacks. Thus, intrusion detection systems (IDS) address the solution of these securities over protection of system or widespread network. In intrusion detection system, patterns of intrusion obtain on the basis of compare audit data to detection model. Outcomes obtain into two phase that is intrusion attempt or unsuccessful intrusion attempt, both are help for intrusion identities. Intrusion detection model [1] concentrate attention in 1987, at that time when researchers focused on practically implementation of these aspects. In 1990, a new approach has arrived that are combination of statistical aspects and expert system regarding detection of normal and abnormal behavior of automated system or manually transmission over network. Set of training data generated via machine learning approach and artificial intelligence. Generally, set of training data prepared with the help of following techniques that is classification, data clustering and rule based induction.
In intrusion detection problems, data is not trivial when process of automatically constructing models. There are challenges to define outline between normal and abnormal behavior during unbalance node and high traffic of network so as per requirement dynamically adaptation must be satisfies. As per requirement of high detection accuracy with respect to time, machine learning and artificial intelligence have limitation. However, in this circumstances computational intelligence approach play very important roll due to it is able to handle fault tolerance and adaption at the noisy information over the network.
The objective of this paper highlight challenges, review and suggestion regarding common mistakes done by researcher for intrusion detection models using computational intelligence (CI) and neural network.

A. Intrusion detection
The working strategy of intrusion detection system is that run time analysis or runtime monitoring over the system or network. Thus it is able to decide, whatever events running on that are normal or abnormal with respect to system or network [1] Organization of intrusion detection system as figure 1, here data /control flow indicated by solid lines and responses to intrusive activities indicated by dashed lines.

Fig 1: Organization of intrusion detection system
In intrusion detection system based on anomaly detection and misuse detection, its divided into two phases.
Misuse detection, working strategy is that outcomes of data compare to predefined intrusive behavior and based on this matching phenomena observed the intrusions with better accuracy. So due to this strength, its adopted into commercial projects. Sometime intrusions are unexpected means that unable to predict the behavior then misuse detection has unable to solve such issue that is limitation of misuse detection for example facing unknown intrusions. As a solution of this issue is that continually run time updated the knowledge database as per requirement of supervised learning algorithms.
It is challenging and costly task for prepared dataset when its run time change, its behavior or depends on type of intrusions. The alternate solution of this issue solve by Denning [5], using anomaly detection model.
In the anomaly detection, let us consider that abnormal behavior observed rarely and its symptoms or behavior different from normal behavior. Therefore, anomaly detection observed by monitoring the behavior models and compares it from normal behavior. Based on observation, anomaly detection divided into two categories static and dynamic [6]. In static anomaly detection indicates that behavior of intrusion never changes. The real time example is system call of operating systems.
In dynamic anomaly detection, check and extract the profile of end user on the basis of history or predict habit based on previous profile data corresponding to particular profile.
As a working strategy of anomaly detection, we can conclude that it is easily identify new types of intrusions and required only profiles data. The challenging task is that identify the outline normal and abnormal behavior. Secondary challenges are runtime changes of normal behavior to abnormal behavior. Thus, for better accuracy we have used some addition categories of intrusion detection system as soon in figure 2.

B. Computational intelligence
Computational Intelligence is logical approach [7]; here whatever agent we have design work as intelligent agents. It has ability to understand the situation or limitation of particular scenario and take the decision according to them for finite computation, it learn from experiences and flexible for integrity, fault tolerance and adaption.
According to Bezdek[8]; Any system is consider the computational intelligent [8]when it has capability pattern/features recognition at only numerical workload and observed pattern dummy for in terms of knowledge regarding artificial intelligence; and it has capability to manage following parameters such error rates, fault tolerance, numerical adaptively corresponding to human performance.
Page: 1319 strategy is that identifies and compared observed data with predefined behavior of intrusive. Thus effective outcomes obtain with low false alarm rate. Due to this strength and advantage, it's used in commercial projects. Behaviors of intrusion are unpredictable and may be change in run time then it's unable to handle by misuse detection. For example if we have found any unknown intrusion; that is limitation of misuse detection.
The address of solution for this issue into anomaly detection, in which updated the knowledge database as per run time requirement with the help of supervised learning algorithms. The task for run time updating the database may be costly and challenging at run time, in order to consider the better accuracy analysis of profile and predict behavior of end user [1].

III. ALGORITHMS
Address the solution of intrusion detection system, there are following aspects are possible as per dynamic requirement.

A. Artificial neural networks
Neurons are basic processing unit of artificial neural networks (ANN) that are fully connected basis on topology. ANN is update or enhanced learning by its experiences and generalized the outline of the system from noisy data, limited or incomplete data. It is successfully wide spectrum over datasets.

A.1 Supervised learning
Supervised learning is first simplest and arguable artificial neural network devise are feed forward neural networks. Supervised learning divided into two types: forward neural and multi layered feed forward.
Multilayered feed forward back propagation (MLFF-BP) [9,10] is capable to handle work at user behavior on the following aspects such as host address of login, command sets, difference between normal and abnormal behavior [10], so this techniques used into anomaly detection of intrusion system When automated intrusion detection system has arrived then researcher focused on predicts software behavior using sequences of system calls. According to Ghosh et al. observed that system call more stable compare to commands, in it proposed [12] approach apply the DARPA BSM98 dataset [11].

A.2 Unsupervised learning
Unsupervised neural networks are two typical categories adaptive resonance theory and selforganizing maps. As the statistical clustering algorithms, it has group objects. Unsupervised learning is suitable for intrusion detection tasks for normal behavior.

A.2.1 Self-organizing maps
Kohonen maps or Self-organizing maps (SOM) is feed forward networks single-layer, outputs are clustered 2D or 3D grid [13]. Based on their similarity, we preserve topological relationships for the input data.
Self-organizing maps used anomaly detection for trained datasets. It able to detect viruses [14] over multiuser machine in 1990. After few time, some researchers [15,20] focused on Self-organizing maps for extract pattern or feature of general system events. Thus, self organizing map are used into misuse intrusion detection system.

A.2.2 Adaptive resonance theory (ART)
The adaptive resonance theory is capable of handle wide spread of neural network models in terms of pattern recognition, efficiency of unsupervised/ supervised learning. Unsupervised learning models associated with Fuzzy ART , ART-version.(version are 1,2,3) and supervised networks are Fuzzy ARTMAP and Gaussian ARTMAP. There are few misconception, we are observe during review process and try to addresses the solution with respect to standards datasets.
Generally, in the reviewed research work data are collected from three sources: log files, data packets, CPU/memory usage and system call sequences. We represent benchmarks regarding intrusion detection datasets as describe in Table 1. Researchers free to use these datasets either anomaly detection and misuse detection. We categories two benchmarks datasets that are the KDD99 and DARPA-Lincoln. MIT's Lincoln laboratory, collect the DARPA-Lincoln datasets, the implementation of intrusion detection techniques. In 1998, collection of datasets into two categories that are training data and test data during few weeks.

A. Performance evaluation Strategy
The intrusion detection systems are effectiveness evaluation if it is able to produce correct predictions. In real time scenario when we are compared prediction to actual outcomes with respect to intrusion detection system, then obtain four possibility such as true negatives, true positive, false positive and false negatives called as confusion matrix. True negatives and true positives obtain respectively if successfully execute the events. False positives indicate general events corresponding to predict as attacks; false negatives are observe if wrong predicted for normal events. In this way, performance of intrusion detection system observes the confusion matrix value.

V. SUMMARY AND SUGGESTION
Here we have focused artificial neural networks and computational intelligence over intrusion detection. Therefore, various unsupervised and supervised artificial neural network are associated anomaly and misuse detection techniques.

➢ Network infrastructure:
Prediction of intrusions is difficult task and involvement of intrusion are continuously process.
We are unable to predict attackers objective for example sometimes it's interested into protocol, operating system or application based attacks. So it's unable to insure that single neural network has successfully addresses the solution.

➢ Datasets and features:
Neural networks have recognized corresponding to input datasets. The training datasets has limitation for unknown feature pattern extraction due to dependency of input datasets. We obtain complete training set [16,20] with respect to more network patterns. Based on selection of optimal feature sets affect the performance improvements. Sarasamma et al. [25] proposed different subsets of workload of features, for the purpose of searching fixed categories of attacks. According to Kayacik et al. [26] proposal, hierarchical self organizing maps framework over the KDD99 data, it has observe that six fundamental features of sufficient for recognizing a wide scope over denial of service attacks.

VI. CONCLUSION
It is observed that this research paper focused on analysis, review and summary with suggestion regarding existing challenges for intrusion detection system using computational intelligence and neural network. It's described misconception and suggestion regarding same. On the basis of identities for intrusion detection system, soft computing play important role in such a way, disadvantages superimpose and offer better solutions. However, computational intelligence and neural network addresses the solution for intrusion detection system.