The KDD-99 Cup dataset is dead. While it can continue to be used as a toy example, the age of this dataset makes it all but useless for intrusion detection research and data mining. Many of the attacks used within the dataset are obsolete and do not reflect the features important for intrusion detection in today's networks. Creating a new dataset encompassing a large cross section of the attacks found on the Internet today could be useful, but would eventually fall to the same problem as the KDD-99 Cup; its usefulness would diminish after a period of time. To continue research into intrusion detection, the generation of new datasets needs to be as dynamic and as quick as the attacker. Simply examining existing network traffic and using domain experts such as intrusion analysts to label traffic is inefficient, expensive, and not scalable. The only viable methodology is simulation using technologies including virtualization, attack-toolsets such as Metasploit and Armitage, and sophisticated emulation of threat and user behavior. Simulating actual user behavior and network intrusion events dynamically not only allows researchers to vary scenarios quickly, but enables online testing of intrusion detection mechanisms by interacting with data as it is generated. As new threat behaviors are identified, they can be added to the simulation to make quicker determinations as to the effectiveness of existing and ongoing network intrusion technology, methodology and models.
We present a proof-of-concept of a lightweight and low-power network intrusion detection system (NIDS) using a
commercially available neural network chip. Such a system is well-suited to the increasing deployment of low-power
devices with ubiquitous internet connectivity. Our proposal makes use of previous work on extracting a feature vector
from network packets using a histogram of hashed n-grams. The commercially available CogniMem CM1K device
implements a version of the Restricted Coulomb Energy neural network classifier, which was used to classify the
resulting feature vectors at high speed and low power. In this paper, we describe our feature extraction technique for
network packets and the classification algorithm used by the CM1K chip, and present initial classification results on a
fabricated test set. Despite the generality of the RCE algorithm and our ‘plug-in’ approach to the classification task,
with no fine-tuning of the hardware to our problem domain, we obtain surprisingly good classification results even on
highly imbalanced and restricted training sets.
We present a proof-of-concept of a lightweight and low-power network intrusion detection system (NIDS) using a
commercially available neural network chip. Such a system is well-suited to the increasing deployment of low-power
devices with ubiquitous internet connectivity. Our proposal makes use of previous work on extracting a feature vector
from network packets using a histogram of hashed n-grams. The commercially available CogniMem CM1K device
implements a version of the Restricted Coulomb Energy neural network classifier, which was used to classify the
resulting feature vectors at high speed and low power. In this paper, we describe our feature extraction technique for
network packets and the classification algorithm used by the CM1K chip, and present initial classification results on a
fabricated test set. Despite the generality of the RCE algorithm and our ‘plug-in’ approach to the classification task,
with no fine-tuning of the hardware to our problem domain, we obtain surprisingly good classification results even on
highly imbalanced and restricted training sets.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.