Article Preview
TopIntroduction
These last years, the quantum of information is increasing exponentially on the internet, yet the massive growth of data should be protected and preserved.
In order to protect data and information exchange, several security tools were developed such as: firewalls, cryptographic systems, private virtual network, access control and secure protocols. However, all these strategies can’t insure a high level protection against intrusions attempts. This has led to the use of intrusion detection tools in order to get a monitoring permission.
The intrusion detection’s concept was first proposed by James Anderson in 1980 (J. P. Anderson, 1980). But, the works on this domain started effectively in 1987 with the publication of the model of intrusion detection (Denning, 1986).
An intrusion detection system can be a software application, hardware device or both of them designed to monitor all inbound and outbound network activity and identify any suspicious activities or policy violations that may indicate a network or system attack.
Intrusion detections methods can be divided into two main models: anomaly detection and misuse detection approaches.
- •
The anomaly detection model is based on user’s profiles. It describes the usual behaviour of a user to detect his anomalous or unaccustomed action. Among these methods, we find: the statistical methods (Anderson et al., 1995), the expert systems (Vaccaro & Liepins, 1989) and the neural networks (Debar et al., 1992).
- •
The misuse detection model is referred as signature based detection that analyzes susceptible data in order to detect any anomalous behaviour that can be attacks. Some well know works based on misuse detection are: the expert systems (Lunt & Jagannathan, 1988), the genetic algorithm (Ludovic, 1998) and the pattern matching method that recognizes attacks’ signatures. Various algorithms are used to localize these signatures in the audit trail (Kumar & Spafford, 1994).
In the last few years, various techniques have been applied extensively for intrusion detection such as the clustering techniques (Shah et al., 2003), neural networks (Ryan et al., 1998; Lee & Heinbuch, 2001), Bayesian approach (Amor et al., 2004; Kruegel et al., 2003;Mehdi et al., 2007), fuzzy genetic algorithms (Abadeh et al., 2007; Boughaci et al., 2012), fuzzy local search (Boughaci et al., 2011), the Mobile agent (Boughaci et al., 2006), and fuzzy stochastic local search (Bahamida & Boughaci, 2012) . The idea of applying data mining for intrusion detection was introduced in 1998 (W. Lee, Stolfo, & Mok, 1998; Lee et al., 1999). Data clustering methods have also applied in intrusion detection with K-means (Portnoy et al., 2001), and fuzzy C-means (Shah et al., 2003), this techniques is based on calculating the numeric distance between features. Debar (Debar et al., 1992) and Zhang (Zhang et al., 2001) worked on the artificial neural networks for detection intrusion.
In this paper, we consider the intrusion detection as a pattern classification where a connection’s attributes constitutes a pattern that should be assigned to one of existing classes. The problem is How to identify a given connection as a normal event or attack?