Thesis

Application of Combined Neural Networks to Intrusion Detection for Cloud Computing

Cloud computing has become one of the most revolutionary concepts of our time; as the world comes more connected, and more and more of our information is stored in the cloud instead of on local devices, the greater potential harm an intruder could cause. Because of the magnitude of users of cloud services and the data they use, there is a greater need for an automatic system which can detect intrusions or malicious behavior. Such a system is called an intrusion detection system (IDS).
 Many ideas have been put forward on how to design such an IDS; recently, the idea of artificial neural networks (ANNs) have been proposed, which can learn from data and adapt to changes. In addition, it can handle a very large amount of data, a necessary feature given the large number of user behaviors on the internet.
 In the area of ANNs, multiple types of neural networks can be combined to take advantage of their different kinds of behavior and mitigate their shortcomings in order to create a stable and accurate IDS.
 In this thesis, an intrusion detection system is created based on a multi-layer perceptron (MLP) and fuzzy c-means inspired neural network. The system combines the two of these networks, utilizing both supervised machine learning and unsupervised machine learning, and outperforms either of them individually. This system is implemented by collecting a set of features of user behavior which are perceived to have an impact on classifying it (i.e. whether it is regular data or an anomaly, some kind of malicious use). The data we use for this thesis is derived from a KDD (Knowledge Discovery and Data Mining) competition supported by DARPA (Defense Advanced Research Projects Agency) called KDD Cup 1999. Then, our neural networks are trained and tested on subsets of this large dataset.
 Our combined IDS maintains the consistency of supervised learning with the improved accuracy of unsupervised learning, demonstrating the potential advantages of combining supervised and unsupervised learning for an IDS.

Cloud computing has become one of the most revolutionary concepts of our time; as the world comes more connected, and more and more of our information is stored in the cloud instead of on local devices, the greater potential harm an intruder could cause. Because of the magnitude of users of cloud services and the data they use, there is a greater need for an automatic system which can detect intrusions or malicious behavior. Such a system is called an intrusion detection system (IDS). Many ideas have been put forward on how to design such an IDS; recently, the idea of artificial neural networks (ANNs) have been proposed, which can learn from data and adapt to changes. In addition, it can handle a very large amount of data, a necessary feature given the large number of user behaviors on the internet. In the area of ANNs, multiple types of neural networks can be combined to take advantage of their different kinds of behavior and mitigate their shortcomings in order to create a stable and accurate IDS. In this thesis, an intrusion detection system is created based on a multi-layer perceptron (MLP) and fuzzy c-means inspired neural network. The system combines the two of these networks, utilizing both supervised machine learning and unsupervised machine learning, and outperforms either of them individually. This system is implemented by collecting a set of features of user behavior which are perceived to have an impact on classifying it (i.e. whether it is regular data or an anomaly, some kind of malicious use). The data we use for this thesis is derived from a KDD (Knowledge Discovery and Data Mining) competition supported by DARPA (Defense Advanced Research Projects Agency) called KDD Cup 1999. Then, our neural networks are trained and tested on subsets of this large dataset. Our combined IDS maintains the consistency of supervised learning with the improved accuracy of unsupervised learning, demonstrating the potential advantages of combining supervised and unsupervised learning for an IDS.

Relationships

Items