A Real-Time Intrusion Detection Algorithm for Network Security

E-government is an important issue which integrates existing local area networks into a global network that provide many services to the nation citizens. This network: requires a strong security infrastructure to guarantee the confidentiality of national data and the availability of government services. In this paper, a framework for network intrusion detection systems is presented. Such framework utilizes data mining techniques and is customized for the E-Government Network (EGN). It consists of two phases: an offline phase in which the intrusion detection system learns the normal usage profiles for each local network domain, and a real time intrusion detection phase. In the real time phase, known attacks are detected at a global layer at the EGN perimeters while normal behavior is filtered out at a local layer defined for each LAN domain. Clustering is used to focus the analysis on the remaining suspicious activity and identify whether it represents new intrusive or normal behavior. This framework is intended to detect intrusions in real-time, achieve low false alarm rates, and continuously adapt to the environment changes and emergence of new behavior. This research is a development for the work presented in [22,23]. The main achievement of this paper is the fast attack detection algorithm. Such algorithm based on performing cross correlation in the frequency domain between data traffic and the input weights of fast time delay neural networks (FTDNNs). It is proved mathematically and practically that the number of computation steps required for the presented FTDNNs is less than that needed by conventional time delay neural networks (CTDNNs). Simulation results using MATLAB confirm the theoretical computations.