Intrusion Detection Based on Optimum-Path Forest

Abstract

Given that the increasing number of attacks in computer networks, it has been more necessary to use robust and efficient intrusion detection systems. Traditional techniques of artificial intelligence and pattern recognition have been extensively employed aiming to build efficient models that can handle such problems. Approaches widely known, such as Artificial Neural Networks and Support Vector Machines, for instance, can make the detection of anomalies in computer network's traffic more efficient, which can characterize several types of attacks. However, such approaches pay the price of high accuracies with a high computational burden for training patterns, avoiding their use in intrusion detection systems that require a retraining procedure on-the-fly. Thus, it is desirable to have a system that can be retrained and as soon as possible to work on again, without compromising its accuracy. This problem can be more critical in situations in which the amount of data is considerable, and the training phase, which sometimes requires parameter optimization, has an exponential complexity. A simple traffic analysis in a small network, for instance, can lead us to work with millions of data. Recently, a new pattern recognition called Optimum-Path Forest was proposed in the literature aiming to ally both efficiency and effectiveness, and has been demonstrated to be superior than Artificial Neural Networks and similar to Support Vector Machines, but much faster. The main idea consists, basically, into modeling the pattern recognition problem as an optimum-path tree generation in a graph. Beginning with some key elements (prototypes), they will conquer the remaining samples offering to them optimum path costs, originating at the final of the process a collection of optimum-path tress rooted at these prototypes. In such a way, we proposed in this project to use the Optimum-Path Forest classifier to detect intrusions in computer networks. Another motivation of using this technique relies on the possibility of real time system retraining, aiming to increase its accuracy and consisting in a resilient approach for computer networks' traffic monitoring, regarding its property into working on again in a fast manner. Note that this task may not be handled by the traditional pattern recognition techniques. Another objective of this work is to propose a new learning with pruning algorithm to detect irrelevant samples for Optimum-Path Forest, aiming to design more efficient and compact training sets. In such a way, the present research work is the first one into applying Optimum-Path Forest for intrusion detection systems in the context of computer networks, and also to propose a new training set compression algorithm, which can be used by other pattern recognition techniques in several application domains.