International Journal of Computer Applications (0975 – 8887) Volume 106 – No. 18, November 2014 19 Neural Network based Intrusion Detection Systems Sodiya A.S Department of Computer Science, Federal University of Agriculture, Abeokuta, Nigeria Ojesanmi O.A Department of Computer Science, Federal University of Agriculture, Abeokuta, Nigeria Akinola O.C Department of Computer Science, Federal University of Agriculture, Abeokuta, Nigeria Aborisade O. Department of Computer Science, Federal University of Agriculture, Abeokuta, Nigeria ABSTRACT Recent Intrusion Detection Systems (IDSs) which are used to monitor real-time attacks on computer and network systems are still faced with problems of low detection rate, high false positive, high false negative and alert flooding. This paper present a Neural Network-based approach that combined supervised and unsupervised learning techniques designed to correct some of these problems. The design is divided into two phases namely: Training and Detection. In the training phase, Multiple Self–Organizing Map algorithm (SOM) was constructed to capture a number of different input patterns, discover significant features in these patterns and learn how to classify input. Sigmoid Activation Function (SAF) was used to transform the input into a reasonable value (0, 1). The learning weights were randomly assigned in the range (-1, +1) to obtain the output consistent with the training. SAF was represented using a hyperbolic tangent in order to increase the learning speed and make learning efficient. Momentum and adaptive learning rates were introduced to significantly improve the performance of the back-propagation neural network. The trained lattice of neuron was used as input in the back propagation for the real-time monitoring and detection of intrusive activities. The design was implemented in Visual Basic.Net. An evaluation was carried out using Network Traffic data collected from Defence Advanced Research Projects Agency dataset consisting of normal and intrusive traffic. The training model was performed by means of Root Mean Square (RMS) error analysis using learning rate of 0.70, 4 input layers, 8 hidden layers and 2 output layers. The evaluation result of the new design showed a promising and improved technique when compared with the recent and best known related work. Keywords Intrusion, Detection, Attack, Neural network, Security, 1. INTRODUCTION An intrusion attempt or intrusion can be defined as the potential possibility of a deliberate unauthorized attempt or action to access information, manipulate information or render a system unreliable or unusable [3,21]. Intrusion attempt or intrusion activity may come from external or internal. Its ultimate purpose is to violate a system’s integrity, confidentiality and reliability. Intrusion detection system (IDS) is the hardware device or software system which is used in the intrusion detection process to monitor network and host activities including data flows and information accesses etc. and detect suspicious activities. It serves three essential security functions: they monitor, detect, and respond to unauthorized activity by both internal intruders and external intruders. Intrusion detection systems use policies to define certain events that, if detected will issue an alert [1,4, 12, 13, 17]. Currently there are two major approaches to intrusion detection. The first approach, called anomaly detection or behavior detection, is to define and characterize correct static form and/or acceptable dynamic behavior of the system, and then to detect wrongful changes or wrongful behavior. The second approach is misuse detection or signature detection. More commonly known as signature detection, this approach uses specifically known patterns of unauthorized behavior to detect subsequent similar attempts. These specific patterns are called signatures. The misuse detection system monitors for those explicit patterns [2,16]. There are two basic types of intrusion detection based on the range of its detection: host-based and network-based [15] while [19] classified intrusion detection into three including Vulnerability-Assessment i.e Vulnerable attacks are to detect on internal networks and firewalls as the third attack. Each has a distinct approach to monitoring and securing data, and each has distinct advantages and disadvantages, host-based IDSs examine data held on individual computers that serve as hosts, while network-based IDSs examine data exchanged between computers. Both differ significantly from each other, but complement one another well. The network architecture of host-based is agent-based, which means that a software agent resides on each of the hosts that will be governed by the system. Although network intrusion detection has its merits and certainly must be incorporated into a proper IDS solution, while host-based look more reliable bust always make use of NIDS to complete the defense. 2. LITERATURE REVIEW Most research on intrusion detection focuses on anomaly detection because its strength in intrusion detection lies in anomaly detection, where the system does not need to depend on a signature before it can detect an attack. There are increases in the use of Neural Network in IDS in the recent times. [18] proposes a multi-level hybrid intrusion detection method that uses a combination of supervised, unsupervised and outlier based methods for improving the efficiency of detection of new and old attacks. This proposed method detecting rare category attacks as well as large-scale attacks of both new and existing attacks when tested with several benchmark and real-life intrusion datasets but still need to create a more effective ensemble approach based on faster and efficient classifiers so as to make a significant contribution in the study of the intrusion detection. [14] developed a hybrid IDS that uses semi supervised method shows better accuracy and reduced false alarm rate. Through this approach the overwhelming problem of using supervised and unsupervised method were be solved this approach has to be done regarding detection of on DOS attacks and corresponding intrusion prevention system must be designed with all necessary security measures. [23] proposed a multi-layer intrusion