Implementation of Intelligent Techniques for Intrusion Detection Systems

II Acknowledgements Praise is to Allah and gratitude is given where it is due most to Allah. So with genuine humility, I acknowledge the aid of Allah. My deepest gratitude and sincerest appreciation to Prof. Dr. Mohamed Hashem Abdel-Aziz, for his continuous encouragement and enlightening advice and helpful advices, that helped me throughout this work. I feel greatly indebted to Prof. Dr. Taymoor M. Nazmy for his dynamic efforts, sincere guidance and continuous support without which this work would have never seen the light. Finally, I cannot sufficiently express my gratitude to my family; my parents, my sisters, my dearest friend Manal Mohsen whose love, support, guidance, and encouragement through the years have thoroughly equipped me for life, and my son Abdel Rahman, who makes it all worthwhile. Abstract With the rapid expansion of computer networks during the past decade, security has become a crucial issue for computer systems. New security failures are discovered everyday and there are a growing number of bad-intentioned people trying to take advantage of such failures. Intrusion detection is a critical process in network security. Intrusion Detection Systems (IDS) aim at protecting networks and computers from malicious network-based or host-based attacks. Different soft-computing based methods have been proposed in recent years for the development of intrusion detection systems. Most current approaches to intrusion detection involve the use of rule-based expert systems to identify indications of known attacks. Artificial neural networks and decision trees provide the potential to identify and classify network activity. Most of the previous systems have some deficiencies. Some drawbacks of previous Intrusion detection systems (IDSs) are that they are unable to detect new attacks that are never seen before. Most of these systems don't identify the attack type but only specify whether the given network data is normal or attack. One of the drawbacks of IDSs that are signature-based is that they can only detect known attacks while all new unknown attacks will go unnoticed until the system is updated to be able to detect them. This thesis proposes a hybrid intelligent intrusion detection system to improve the detection rate for known and unknown attacks. The introduced system has the capability to learn fast, enhanced capability of detection of new unidentified attacks, and alarming the system administrator of these unseen before attacks. Unlike other systems that have one level of detection, the proposed system has three levels of detection. The first level …