Assessment of Network Intrusion Detection System Using Soft Computing Techniques: Fuzzy Clustering Vs. Artificial Neural Network

Abstract:- The primary goal of IDPS is to establish an effective method for identifying and thwarting malicious activities within a network system. This proactive approach serves to minimize the potential damage caused by cyber attackers. In this paper, we delve into a comprehensive survey of the various techniques employed in the recognition and grouping of cyber threats, primarily based on the KDD Cup’99 derived from DARPA datasets. Additionally, we address the outstanding challenges in this field and propose a novel and highly efficient approach known as the SNORT-XSS algorithm, designed to detect and categorize real time intruders and intrusions. For our research, we harnessed the capabilities of the SNORT tool, established by CISCO Systems, to analyze the rules derived from the extensive data collected from the KDD Cup’99 derived from DARPA dataset. To enhance the accuracy and reduce the occurrence of false alarms, we employed a Fuzzy Perceptive system to consolidate the rules to fuzzy sets. A crucial component of our approach involves the integration of a Feed Forward ANN with Back Transmission of Errors, derived from ANNs to train, validate, and test our proposed system. The results from our experiments were remarkably promising, surpassing our expectations. In particular, the precision values of the model were outstanding, with a remarkable 98.93% and 98.89% for precision in identifying threats and attacks, respectively. Furthermore, the detection rates for Probe and Denial-of-Service (DoS) attacks exceeded 98.3%. False positive rate along with true negative ratio were virtually negligible, underlining the effectiveness of our approach in minimizing erroneous alarms while efficiently identifying actual threats. Notably, the optimal categorization was achieved during epochs 52 to 56, with a mean square error of 0.003, demonstrating the robustness and precision of the SNORT-XSS algorithm in identifying and classifying intrusions, particularly zero-day and novel attacks.