Improving Intrusion Detection Through Neural Networks

Brandon Savio Phillips

Contact e-mail: [email protected]

Abstract Methodology

Intrusion detection systems (IDS) are struggling to keep up with the rise of
new and sophisticated attacks. This paper proposes an IDS that leverages
an artificial neural network (ANN) model trained with continuous semi-
supervised learning.

The model is pre-trained on large datasets and user profiles with simulated
network events. It is designed to handle a variety of attacks, including web The illustration above depicts a quick overview of the proposed
attacks, DDoS attacks, and network intrusions. The continuous learning methodology for capturing snort alerts from the Ubuntu system and pre-
aspect allows the model to adapt to new threats and improve its accuracy processing them before the trained ANN model can produce prediction
over time. This results in a reduction of false positives and a more robust scores for the alerts. The outcome evaluation step will then be used to
IDS. determine Snort’s integration with the ANN model in comparison to using
Snort alone. This proposed methodology is focused on showcasing the
flow of how the snort alerts generated by snort will be analyzed by the
ANN model as a post-filter to provide a score indicating the likelihood it
being malicious to reduce the number of false positives and improve the
Introduction overall accuracy of the intrusion detection system.

This paper proposes a novel Intrusion Detection System (IDS) that utilizes
Artificial Neural Networks (ANNs) to address the limitations of traditional
signature-based systems like Snort.

The growing prevalence of cyberattacks and the emergence of new threats

necessitate more robust and adaptable security solutions. While signature-
based systems struggle with novel attacks, ANNs offer a machine learning
approach capable of analyzing network traffic patterns and identifying Results
anomalies.

This research investigates the effectiveness of an ANN-based IDS Comparision between Snort and Re-inforced IDS
compared to Snort. We aim to assess the model's accuracy in classifying 1

network traffic data and its ability to reduce false positives. By training the 0.9

ANN on labeled data containing Snort alerts, we compare its performance 0.8
0.7
against Snort alone. 0.6
0.5
0.4
The successful implementation of this "Reinforced IDS" has the potential to 0.3

significantly improve network security. Its ability to adapt to new attack 0.2
0.1
patterns and achieve superior classification accuracy could provide a more 0

robust defense against evolving cyber threats. This paper explores the
Snort Re-inforced IDS

Precision Recall
design, implementation, and evaluation of the proposed IDS, aiming to
contribute to advancements in intrusion detection technology and
ultimately enhance network security. In comparison to the Traditional IDS, the Reinforced IDS outperformed in
both identifying benign traffic and malicious traffic. The Reinforced IDS’s
Aims and Objectives . high precision and recall score in both areas showcases that it was able to
provide a better classification of malicious and attack data and with the aid
of the ANN model, a significant reduction in false positives in snort alerts
Aim was made.
The aim of this research is to investigate a different approach for the Snort
(Intrusion Detection System - IDS) to detect anomalies and reduce false
positives.

Objectives
• To evaluate how well the ANN model is being trained and how well it is
being integrated with the Intrusion Detection System (IDS) to provide
classification of Snort alerts.
• To evaluate how anomaly detection is being made more accurate using
the reinforced IDS.
• To compare the reinforced IDS, which has been enhanced by the neural
network prototype model, with the traditional IDS in terms of the decrease in
false positives.

Conclusions
This paper addresses limitations of signature-based Intrusion Detection Systems (IDS) like Snort by proposing and evaluating a novel ANN-based Reinforced IDS. The evaluation
demonstrates the Reinforced IDS achieves superior performance in identifying both benign and malicious traffic compared to Snort, evident in its higher precision, recall, and
overall accuracy. This translates to a more robust and efficient method for network traffic classification. The higher precision indicates the Reinforced IDS generates fewer false
positives, reducing unnecessary workload for security analysts and the risk of ignoring genuine threats. Additionally, the improved recall suggests better coverage of potential
threats by capturing a larger proportion of malicious packets, minimizing missed attacks. While acknowledging the need to address remaining false positives, this paper
contributes to network security in several ways: Proposes and evaluates a Reinforced IDS as a viable alternative to traditional IDS. Demonstrates a practical approach for
evaluating ANN-based IDS using relevant metrics. Reinforces the potential of ANNs in intrusion detection and paves the way for exploring advanced architectures for even
stronger IDS. This research offers a promising ANN-based IDS with improved accuracy and reduced false positives, ultimately enhancing network security.

References
Alani, A. (2017) Final Year Projects [PowerPoint Presentation], Available at: https://online.uwl.ac.uk/webapps/blackboard/content/listContentEditable.jsp?
content_id=_1880645_1&course_id=_91248_1&mode=reset
Alnafessah, A., & Casale, G. (2020). Artificial neural networks-based techniques for anomaly detection in apache spark. Cluster Computing, 23(2), 1345-1360.
https://doi.org/10.1007/s10586-019-02998-y
Shah, S. A. R., & Issac, B. (2018). Performance comparison of intrusion detection systems and application of machine learning to snort system. Future
Generation Computer Systems, 80, 157-170. https://doi.org/10.1016/j.future.2017.10.016