ENHANCEMENT OF INTRUSION DETECTION SYSTEMS WITH MEMBRANE COMPUTING
Associate Prof. Ts. Dr. Ravie Chandren MuniyandiFaculty of Information Science and Technology
Universiti Kebangsaan Malaysia, 43600 Kuala Lumpur, Malaysia
Emel: ravie@ukm.edu.my Tel: +6012-3249577
Abstract
Within the cyber space, the network and information systems constantly suffer from intruders’ heinous activities such as integrity compromise, denial of availability and performance inefficiency. Despite various efforts done for Intrusion Detection Systems (IDSs) solution, they still experience general performance problems including poor quality (high false alarm and low detection rates) and inefficiency (low processing speed and throughput) resulting in packet drop/loss. These factors are due to high dimensional features in traffic data, boundary problem and huge real time traffics. The popular methods usually adopted to solve these problems are the use of good algorithms, models and architectural designs. In this regard, while features selection techniques such as Rough set, Bee Algorithm etc are often used to solve ‘curse of dimensionality’, Fuzzy-based methods such as Fuzzy Association Rule Mining are adopted for boundary problem. Furthermore, the negative impact of packet drop/loss is commonly reduced by increasing the throughput and speedup of detection process using distributed and parallelism mechanisms such as in multi-agent systems. Meanwhile, Membrane Computing (MC) which is an emerging branch of computer science, is configured on the inspiration from the functioning of the living cells. It is a parallel and distributed computing model having the inherent benefits of high understandability, communication advantage, dynamic feature, synchronization and non-linearity. Past researches have shown that MC is a very promising model for solving NP-hard problems and so has successfully been applied in several fields including biology, linguistics, medicine, economy, optimization, graphics and cryptography. Therefore, this research [24-27] aims to apply the advantages of MC to improve the IDS solution with three objectives. The first is to propose a hybrid MC with Bees algorithm features selection technique for IDS by increasing the communication advantage of membrane system within bee algorithm. The result shows that the proposed algorithm has the ability of considerably reducing the False Alarm rate compared with the Bees algorithm and state of art algorithms. For the second objective, a variant of MC known as Trapezoidal Fuzzy Reasoning Spiking Neural P system model is proposed for intrusion detection, where earlier it has been used in fault diagnosis in machines. The benefit of applying the approach is that it has the ability to produce knowledge in a form of rule-based and also could overcome the sharp boundary problem by allowing different degrees of memberships. The result shows that the proposed model has improved high detection rate for denial-of-service and brute force attacks. Lastly, the study proposed a MC-based IDS architecture which is designed in line with recognizer tissue P system. It works by applying classification and symport communication rules on the objects contained within the membrane regions to ensure load balancing among the GPU processors. While the experiments employed the standard benchmark KDD Cup dataset, the proposed IDS architecture was implemented on NVIDIA Geforce 680 GPU. The result shows that it has processing speedup of over 5 times and increases the average of throughput (50000p/s). It can be concluded that applying membrane system-based methods could enhance IDS performance by increasing its quality solution and its efficiency.