International Journal of Scientific & Engineering Research Volume 3, Issue 1, January -2012 1 ISSN 2229-5518 IJSER © 2012 http://www.ijser.org Anomaly Detection through NN Hybrid Learning with Data Transformation Analysis Saima Munawar, Mariam Nosheen and Dr.Haroon Atique Babri Abstract— Intrusion detection system is a vital part of computer security system commonly used for precaution and detection.It is built for classifier or descriptive or predictive model to proficient classification of normal behavior from abnormal behavior of IP packets. This paper presents the solution regarding proper data transformation methods handling and importance of data analysis of complete data set which is apply on hybrid neural network approaches for used to cluster and classify normal and abnormal behavior to improve the accuracy of network based anomaly detection classifier. Because neural network classes only require the numerical form of data but IP connections or packets of network have some symbolic features which are difficult to handle without the proper data transformation analysis. For this reason, it got non redundant new NSL KDD CUP data set. The experimental results show that indicator variable is more effective as compared to the both con- ditional probabilities and arbitrary assignment method from measurement of accuracy and balance error rate. Index Terms — ANN, Anomaly Detection, Self Organizing Map, Backpropagation network, Indicator variables, Conditional probability ——————————  —————————— 1 INTRODUCTION n computer security, network administrators always sug- gest prevented action for better cure of any system. Intru- sion Detection Systems (IDS) are classified in to three cat- egories which are host-based, network-based and vulnerabil- ity-assessment [1].Signature based detection and anomaly detection model are two basic models of intrusion detection. In signature based, it is only used to detect attack through known intrusions and it cannot be detected novel behavior. It is specially used in commercial tools and it has to update new attacks in database.The anomaly intrusion detection can be resolved these limitation of signature based and used to detect new attack via searching abnormality [2], [3]. Anoma- ly detection issues have numerous possibilities that are yet unexplored [4]. Network and computer security is significant issues of every security demanded organization. Prevention, detection and response are three basic foundation of network security.For this purpose many researchers emphasizes on preventive action over the detection and response [5]. For increasing the demand of network security, many devices like firewall and intrusion detection used to contol the abnormal packets accesibility.Basically abnomal packets violate the internet protocol standards and these packets is used to crash the systems [6].So this reason better intrusion detection devices are building for prevention and accurate detection of normal and abnormal packets and to reduce the false alarm rate. IDS are basically devoted to fulfill this pur- pose to monitor the system intelligently. As far as the access control points is concerned ,firewall is good but it is not de- signed to prevent action against intrusions that's why most security experts emphasizes the IDS which is located before and after the firewall [7], [8].Many researchers have been improving intrusion detection systems through different research areas such as statistics, machine learning, data min- ing, information theory and spectral theory[2], [3] [4].The purpose of this research is to provide the hybrid learning of artificial neural network base design approach for anomaly intrusion detection classifier system.There is unable to direct- ly handle the symbolic features of IP data set so that It is con- sidered that there are two data transformation methods indi- cator variable and conditional probabilities which are effec- tive to improve the classifier performance, it is processed through hybrid technique self organizing map and backpro- pagation of neural network.The data transformation is processed on selecyive nine features of IP NSL data set.It is prepared for anomaly detection classifier which is used for LAN security. Five sections are presented in this research. Section 2 is back- ground literature of the related research processes. Section 3 provides the detail analysis of proposed research methodol- ogy, algorithms of SOM and BPN and their training and test- ing results are discussed. Section 4 provides detail analysis of experimental results of the research and comparison between I ————————————————  Saima Munawar is with Computer Science department as research fellow at LCWU, Lahore, Pakistan. She is currently working as faculty member in VU, Lahore, Pakistan (e-mail: saima.munawar@vu.edu.pk ).  Mariam Nosheen is with the Computer Science Department as Assis- tant Professor in LCWU, Lahore, Pakistan (e-mail: m_sufyan2000@yahoo.com ).  Dr.Haroon Atique Babri is with the Electrical Engineering Depart- ment as Professor in UET Lahore, Pakistan (e-mail: babri@uet.edu.pk ).