An advanced adaptive learning intrusion prevention system
Abstract
Computer and network attackers are continuously evolving their attack vectors to evade intrusion
detection systems. Commercial and real-world intrusion detection prevention systems suffer with low
detection rates and high false positives which require substantial optimization and network specific fine
tuning. Furthermore, the majority of those systems rely on signatures to detect potential attacks and
therefore unknown attacks to the public - "zero day attacks", are by definition, undetectable by such
systems.
Intrusion Detection Prevention Systems fail to satisfy the organizations security requirements in
detecting newly published attacks or variants of existing attacks, effectively responding to attacks
launched by sophisticated attackers and resisting attacks that are intended to circumvent them. This is
the result of Intrusion Detection Prevention Systems lack of adaptation to new information.
Introducing "intelligence" to Intrusion Detection Prevention Systems could solve the problems
mentioned above.
This thesis propose a novel Network Intrusion Prevention System that utilizes Self Organizing
Incremental Neural Networks along with SVMs, not relying on signatures or rules and capable to
mitigate known and unknown attacks on a high accurate level in an "online" and incremental manner.
Based on the experimental results with NSL KDD dataset the proposed framework can achieve on-line
updated incremental learning, suitable for efficient and scaling industrial applications with high
accuracy results.