International Journal of Applied Engineering Research, ISSN 0973-4562 Vol.9 No.

27 (2014)
© Research India Publications; httpwww.ripublication.comijaer.htm

IMPLEMENTATION OF INTRUSION DETECTION USING

BACKPROPAGATION ALGORITHM
Dr.Y.Kalpana1, Dr.S.Purushothaman2, Dr.S.Rajeswari3

Dr. Y.Kalpana Dr.S.Purushothaman2

1
Dr.S.Rajeswari3
Associate Professor, Associate Professor, Assistant Professor,
Dept. of BCA&IT, Institute of echonology, Institute of echonology,
VELS University, Ataramaya University, Ataramaya University,
Chennai. IndiaDire, Dava, EthiopiaDava, Ethiopia
ykalpanaravi@gmail.comdr.s.purushothaman@gmail.comrajeswaripuru@gmail.com
ABSTRACT reasoning Support vector machines and artificial neural
The global access to valuable information from various networks. Among the various methods used ANN proved
fields through computer networks facilitates the intruder to to be a better one since neural networks are powerful in
harm computer and network resources. There are numerous some areas where formal analysis is notapplicable.
technologies available to ensure network security, such as Example includes pattern recognition, hand-written
firewall, cryptographic techniques, authentication techniques recognition, nonlinear system etc.
and Intrusion Detection System (IDS). This paper presents
an implementation of Intrusion Detection System using
Artificial Neural Networks. II. RELATED WORK
Keywords:Intrusion detection, back propagation
algorithm, Artificial Neural Networks, KDD’99 data set.
KiranSree. P et al., 2008 surveysFuzzy Logic,
I. INTRODUCTION Artificial Neural Networks, Support Vector Machines,
Probabilistic Reasoning, Genetic Algorithms and
An owing to the revolution in communication and
Multi-VariateAdaptive Regressive Splines are the
information exchange, internet has provided utmost clear
major constituent of soft computing approaches. Due
viewpoint for disruption and sabotage of data which was
to the generalization capability these soft computing
previously considered to be secure. The internet gives
approaches are widely used in IDS. This paper studies
more benefit to every single one. On the other hand, it
about these soft computing approaches in unknown
makes the computer civilization to face number of
intrusion detection and proves that soft computing
tribulations. To be further exact, the internet facility makes
approaches are better than any other previously used
the client to gaze huge security threats that originates
method
internally or externally. As there are number of malicious
AlirezaOsarehand BitaShadgar, 2008 compare the
intrusions into the computer system, the need for detecting
efficiency of machine learning methods in intrusion
these intrusions is growing rapidly. This gives rise to IDS.
detection system, including artificial neural networks
An IDS is a software technology which is intended to
and support vector machine and propose a different
support networks and computer resources from
normal data proportion for training and test, finally get
unauthorized access.
one average value, and produced a better accuracy in
There are two kinds of Intrusion Detection System
detection rate, false alarm rate for four attack types.
based on the detection method, the anomaly detection and
The result showed that SVM is superior to NN in
misuse detection. In misuse detection, a database of
detection, in false alarm rate and in accuracy for
notorious user actions is created by the system. Comparing
Probe, Dos, U2R and R2L attacks, while NN could
user action with the behavior already available in database
outperform the SVM only in accuracy.
identifies the misbehavior. The limitation of this system is
Meera Gandhi et al., 2008 create a network based
the database must be frequently updated for new intrusion.
intrusion detection system with signature IDS
In Anomaly detection the customary action of user is
methodology. The system captures packets transmitted
formed. Whenever a system identifies a different action, it
over the entire network by promiscuous mode of
is informed as intrusion. The limitations in this method are
operation and compares the traffic with crafted attack
the intrusion identified based on the recent action and the
signatures and the attack log displays the list of attacks
intruder identifies the user’s action and applies the same to
to the administrator for a different action. This system
hack the system. In such cases the IDS may fail to
works as an alert in the event of attacks directed
recognize the hacker.
towards an entire network.
IDS are developed using several methods such as
Sattar B. Sadkhan,2009 provides a brief
Fuzzy logic, genetic algorithms, data mining, Probabilistic
description of several Artificial Intelligent approaches

9740
 International Journal of Applied Engineering Research, ISSN 0973-4562 Vol.9 No.27 (2014)
© Research India Publications; httpwww.ripublication.comijaer.htm

suchh asData mininng techniquess over system audit data

,Disttributing the detection task in multiple
indeppendent entitiies working collectively,
c F
Fuzzy rule
learnning, Neural networks , Colored
C Petri , net and
Moddel Generationn by Using Genetic
G Algorrithms and
investigates the chhallenges faceed in each moddel.
Rasha G G. Mohamm med,2009 prresents a
mework of disstributed Intruusion Detectioon System
fram
(IDS S), based on mobile
m agents and
a Data miniing, which
deteccts intrusion from
f outside the
t network segment
s as
well as from insidde. Mobile aggents are respoonsible for
colleecting networkk data as welll as identifyiing known
intruusions. Data mining appproaches are used for
detecction of new w attacks or suspicious
s coonnections.
DAR RPA-98 data sets is used to measure the efficiency
of thheir frameworkk.
Aida O. Ali
A et al., 2010 shows a Muulti- Layer
Perceptron(MLP) based classiification algoorithm for
Intruusion Detectioon and compaares the performance of
MLP P with other ANN
A algorithhms and showws that the
MLP P based classiifiers producees 99.63% truue positive
detecction rate.
Saravanakum mar.S et al., 2012
2 develop a weight
updaating algorithm m for the ANNN is based onn the back
proppagation algorrithms, echo sttate neural neetwork and
the functional
f update method. The proposeed method
analy yzes differennt methods of presenting the input
patteerns.

III. PAGATION
BACK PROP
ALGORITHM
M

The BPA usses the steep pest-descent method

m to
reach a global
g minimmum. The flow w-chart for thhe BPA is Fig.1BPA
A training and Teesting process
given in Figure 2. Thhe number off layers and number n of
nodes in each layer are a decided. The T connectioons weight
between nodes is initiaalized with raandom values.. A pattern
from the training set is i presented inn the input laayer of the
network and the error at the output layer is calcuulated. The
error is back
b propagatted from outpuut layer to hid dden layer
and from m hidden layyer to input layer. The connection c
weights are updated in the entire layer. This process is
reiteratedd for all the paatterns presennt inthe traininng data set.
At the ennd of each iteeration, patternns from the teest data set
are preseented to BPA aand the classiification perfoormance of
BPA is evaluated.
e Furrther training of
o BPA is conntinued till
the desireed classificatioon performance is reached.

9741
 International Journal of Applied Engineering Research, ISSN 0973-4562 Vol.9 No.27 (2014)
© Research India Publications; httpwww.ripublication.comijaer.htm
Fig.2 Flow-chart for the back propagation algorithm
IV. EXPERMENTAL SIMULATION
The KDD 99 dataset is used as a standard data set
to evaluate the performance of intrusion detection system.
The dataset was a collection of raw TCP dump data over a
period of nine weeks in a local area network based on the
1998 DARPA initiative. The training data was processed to
about five million connections records from seven weeks
of network traffic andtwo weeks of testing data resulted
into two million connection records. The training data is
made up of 22 different attacks out of the 39 present in the
test data and different attacks are grouped into User to
Root; Remote to Local; Denial of Service; and Probe.
In 1999, the original TCP dump files were
preprocessed and used as a benchmark in the International
Knowledge Discovery and Data Mining Tools
9742
Competition. The packet information of TCP dump file is
summarized as a connection. A connection is a sequence of
data which flows from source IP address to target IP
address at a well-defined time interval under well-defined
protocol. The training dataset consisted of 494,021 records
among which 97,277 (19.69%) were normal, 391,458
(79.24%) DOS, 4,107 (0.83%) Probe, 1,126 (0.23%) R2L
and 52 (0.01%) U2R connections. Each connection record
consists of 41features which describe the attributes of the
connection and a label specifies the attack type or a normal
connection.Sample intrusion patterns are given inTable 1.
V. RESULTS AND DISCUSSION
The topology of ANN used the number of nodes
in the input layer is 41, the number of nodes in the hidden
layer is 10 and the number of nodes in the output layer is 1.
The labeling is set as 0.1(normal) and 0.2(attack) and 1000
patterns have been considered for training purpose. The
dataset has been separated as training and testing. Training
indicates the formation of final weights which indicate a
thorough learning of intrusion and normal packets along
with corresponding labeling.
 International Journal of Applied Engineering Research, ISSN 0973-4562 Vol.9 No.27 (2014)
© Research India Publications; httpwww.ripublication.comijaer.htm

Table 2 Computatiional effort required

r byy the
algoritthms to achiieve a minimmum 80% with
w
50 traiining patterrns
Iterations

MSE
Algorithm

Computational
effort
BPA 211 0.0523 62245000

Fig. 4Perrcentage of intru

usion detection by
b BPA

The percentage
p oof intrusion detection / intrusion
classificcation is preseented for diffeerent number of nodes in
the hiddden layer. T The percentagge of detectiion for the
testing patterns obttained at thee end of eaach training
iterationn is presentedd. The percenntage of detection is high
in less number of itteration with 10 nodes in the hidden
layer.

VI. CONCLUSIIONS
Intrusion ddetection by using artificial neural
networkk has been coonsidered as the t research problem,
p in
spite off the conventtional methodds available for fo intrusion
detectioon. The mainn reason to use ANN foor intrusion
detectioonis its modell free nature. The BPA claassifies and
predictss the patterns qquickly, but ittrequires moree number of
iterationns for converrgence and henceh the commputational
time is more.
m
Fig.3.Meann Squared Errorr of the netwoork trained by using Back REFERENC CES
propagationn algorithm for thhe intrusion detecction [1].Aida O. Ali, Ahmed saleh s and Tammer Ramdan,
Multilayer perceptrons
p neetworks for ann Intelligent
Adaptive intrusion deteection system m, IJCSNS
Figure 3 shoows the convvergence curvve for the International Journal of Commputer Science and Network
topology of 2 nodes to 10 nodes in the hidden n layer. It Security, Voll. 10, No.2, pp.275-279, Februuary 2010 .
convergeed in 405 iterrations. The number
n of iterrations for [2]. AlirezaaOsareh and BitaShadgar, ,Intrusion
convergeence will increease, when thhe number of patterns is Detection iin Computerr Networks based on
increasedd. MachineLearrning Algorithms, IJCSNS International
Journal of C Computer Sciennce and Netwoork Security,
Vol. 8, No. 11, pp. 15-23,Noovember 2008.
[3]. Iftikhar A
Ahmad, Azweeen Abdullah1 and a Abdullah
Alghamdi, ,””Towards the selection of best neural
network systtem for intrusio on detection”, International
Journal of thhe Physical Scciences, Vol. 5,5 No.12, pp.
1830-1839 A August 2010.
[4]. KiranSreee.P, ”Explorin ng a Novel Approach
A for
providing Sooftware Securiity Using Softt Computing
Systems, Intternational jouurnal of secuurity and its
Applications,, Vol. 2, No. 2, pp. 51-58.

9743
 International Journal of Applied Engineering Research, ISSN 0973-4562 Vol.9 No.27 (2014)
© Research India Publications; httpwww.ripublication.comijaer.htm
[5]. LTC Bruce D. Caulkins, Joohan Lee, Morgan
Wang, 2005, Packet- vs. Session-Based Modeling for
Intrusion Detection Systems, Proceedings of the
International Conference on Information Technology:
Coding and Computing (ITCC’05) 0-7695-2315-3/05
IEEE
[6]. Meera Gandhi, S.K.Srivatsa, February 2008,
Detecting and preventing attacks using network
intrusion detection systems, International Journal of
Computer Science and SecurityVol. 2, Issue 1, pp. 49-
59.
[7]. Mrutyunjaya Panda and ManasRanjanPatra, 2007,
Network Intrusion Detection Using Naïve Bayes,
IJCSNS International Journal of Computer Science and
Network Security, Vol.7, No. 12, pp.258-263.
[8]. Mrutyunjaya Panda and ManasRanjanPatra, 2009,
Evaluating Machine LearningAlgorithms For Detecting
Network Intrusions”, International Journal Of Recent
Trends In Engineering, Vol. 1, No. 1, pp.472-477.
[9]. Rasha G. Mohammed, August 2009, Design of
Network Intrusion Detection System Using mobile
Agents and data mining, MASAUM Journal of Basic
and Applied Sciences, Vol.1, No.1 pp. 144-146.
9744
[10]. Sang-Jun Han And Sung-Bae Cho, 2006,
Evolutionary Neural networks for anomaly detection
based on the behavior of a program, IEEE transactions
on systems, man, and cybernetics—part b: cybernetics,
Vol. 36, No. 3, pp. 556-570.
[11]. Saravanakumar.S, JerrinSimla.A., Megalan Leo.
L, Dr.Regarajan.A, July 2012, Network Weight
Updating Method for Intrusion Detection Using
Artificial Neural Networks, International Journal of
Advanced Research in Computer and Communication
Engineering, Vol. 1, Issue. 5, pp. 298-308
[12]. Sattar B. Sadkhan, September 2009, On Artificial
Intelligence Approaches for Network Intrusion
Detection Systems, MASAUM Journal of Computing,
Vol. 1, Issue 2, pp. 236-243.
[13]. TanerTuncerYetkin Tatar, 2008, Detection Syn
Flooding Attacks Using Fuzzy Logic, IEEE, DOI
10.1109/ISA. 50, pp.321-325.