Abstract—Intrusion Detection Systems (IDS) have become a necessity in computer security systems because of the increase in unauthorized accesses and attacks. Intrusion Detection is a major component in computer security systems that can be classified as Host-based Intrusion Detection System (HIDS), which protects a certain host or system and Network-based Intrusion detection system (NIDS), which protects a network of hosts and systems. This paper addresses Probes attacks or reconnaissance attacks, which try to collect any possible relevant information in the network. Network probe attacks have two types: Host Sweep and Port Scan attacks. Host Sweep attacks determine the hosts that exist in the network, while port scan attacks determine the available services that exist in the network. This paper uses an intelligent system to maximize the recognition rate of network attacks by embedding the temporal behavior of the attacks into a TDNN neural network structure. The proposed system consists of five modules: packet capture engine, preprocessor, pattern recognition, classification, and monitoring and alert module. Our system uses Principle Component neural network for recognizing attacks and a classification module to classify the attacks into host sweep or port scan. We have tested the system in a real environment where it was able to detect all attacks. In addition, the system was tested and compared with SNORT using DARPA datasets. Our system outperforms SNORT in terms of recognition rate and throughput. In fact, our system can recognize all attacks in a constant time.

Index Terms—intrusion detection systems, network probe attack, host sweep, port scan, TDNN neural network

Cite: Omar Al-Jarrah and Ahmad Arafat, "Network Intrusion Detection System Using Neural Network Classification of Attack Behavior," Vol. 6, No. 1, pp. 1-8, February, 2015. doi:10.12720/jait.6.1.1-8