An advanced adaptive learning intrusion prevention system

Abstract

Computer and network attackers are continuously evolving their attack vectors to evade intrusion detection systems. Commercial and real-world intrusion detection prevention systems suffer with low detection rates and high false positives which require substantial optimization and network specific fine tuning. Furthermore, the majority of those systems rely on signatures to detect potential attacks and therefore unknown attacks to the public - "zero day attacks", are by definition, undetectable by such systems. Intrusion Detection Prevention Systems fail to satisfy the organizations security requirements in detecting newly published attacks or variants of existing attacks, effectively responding to attacks launched by sophisticated attackers and resisting attacks that are intended to circumvent them. This is the result of Intrusion Detection Prevention Systems lack of adaptation to new information. Introducing "intelligence" to Intrusion Detection Prevention Systems could solve the problems mentioned above. This thesis propose a novel Network Intrusion Prevention System that utilizes Self Organizing Incremental Neural Networks along with SVMs, not relying on signatures or rules and capable to mitigate known and unknown attacks on a high accurate level in an "online" and incremental manner. Based on the experimental results with NSL KDD dataset the proposed framework can achieve on-line updated incremental learning, suitable for efficient and scaling industrial applications with high accuracy results.