2009 IEEE Symposium on Industrial Electronics and Applications (ISIEA 2009), October 4-6, 2009, Kuala Lumpur, Malaysia

Application of Artificial Neural Network

in Detection of Probing Attacks
Iftikhar Ahmad Azween B Abdullah Abdullah S Alghamdi
DCIS, UTP, Bandar Seri Iskandar, Department of Computer & Department of Software Engineering,
31750, Tronoh, Perak, Malaysia / Information Sciences, Universiti College of Computer & Information
DSE, CCIS, King Saud University, Teknologi, PETRONAS, Bandar Seri Sciences, King Saud University,
P.O. Box 51178, Riyadh 11543, Iskandar, 31750 Tronoh, P.O. Box 51178, Riyadh 11543,
Kingdom of Saudi Arabia Perak, Malaysia Kingdom of Saudi Arabia
wattoohu@gmail.com azweenabdullah@petronas.com.my abdksu@gmail.com

Abstract-- The prevention of any type of cyber attack is
indispensable because a single attack may break the security
of computer and network systems. The hindrance of such
attacks is entirely dependent on their detection. The
detection is a major part of any security tool such as
Intrusion Detection System (IDS), Intrusion Prevention
System (IPS), Adaptive Security Alliance (ASA), check
points and firewalls. Consequently, in this paper, we are
contemplating the feasibility of an approach to probing
attacks that are the basis of others attacks in computer
network systems. Our approach adopts a supervised neural
network phenomenon that is majorly used for detecting
security attacks. The proposed system takes into account
Multiple Layered Perceptron (MLP) architecture and
resilient backpropagation for its training and testing. The
system uses sampled data from Kddcup99 dataset, an attack
database that is a standard for evaluating the security
detection mechanisms. The developed system is applied to
different probing attacks. Furthermore, its performance is
compared to other neural networks’ approaches and the
results indicate that our approach is more precise and
accurate in case of false positive, false negative and detection
rate.
Index Terms-- Probing attack, Dataset, Multiple Layered
Perceptron, Resilient Backpropagation, Detection Rate,
Neural Network, False Positive, False Negative, Learning,
Remote to User, User to root
I. INTRODUCTION
The rapid expansion of computer networks and mostly
of the Internet has created many security problems.
During recent years, number of attacks on network has
dramatically increased .Therefore securing of network
resources are very essential especially probing attacks.
These attacks are the basics of other attacks like DOS,
R2U, U2R and etc. Therefore securing a system from
such attacks is very serious. These attacks does not
involve in active activities but mostly do passive
activities as finding out that which machines are active or
on within the network, which services are using by the
user and etc. Actually intruders or hackers use different
probing tools to get flaws or parameters or algorithms
that may helpful in their active attacks [1].
The purpose of probing attacks mostly knowing the
services of company resources which are operating on
internet or its activity based on information system. A
single probing attack may cause a great loss of a
company that is providing backbone of many networks
[2]. Therefore protecting company resources (servers,
systems & other devices) is very serious from these
attacks. In this paper, we propose an approach that detects
probing attacks using a supervised neural network that is
resilient backpropagation. The approach is based on
classifying good traffic from bad in the sense of probing
of service. We take different types of probing attacks
samples from standard dataset Kddcup99 for training and
some of them for testing the system [3].
In the following sections, we briefly introduce
background, probing attack and its types, related works,
proposed architecture, implementation, results and
discussion. At last suggestion for future research area is
provided.
II. BACKGROUND
The attack detection tools are very important for
providing safety in computer and network system. These
tools fully depend on accuracy of attack detection.
Moreover, the detection is also must for prevention of any
attack. Therefore accurate detection of attack is very
important. A number of attempts have been done in the
field of attack detection but they suffered many
limitations such as time consuming statistical analysis,
regular updating, non adaptive, accuracy and flexibility.
Therefore, it is an artificial neural network that supports
an ideal specification of an attack detection system and is
a solution to the problems of previous systems. As a
result, an artificial neural network inspired by nervous
system has become an interesting tool in the applications
of attack detection systems due to its promising features.
Attack detection by artificial neural networks is an
ongoing area and thus interest in this field has increased
among the researchers [1]. Let us review to some basic
concepts and terminologies regarding our research. An
unauthorized user who tries to enter in network or
computer system is known as intruder. A system that
detects and logs in appropriate activities is called as
intrusion detection system. The intrusion detection
systems can be classified into three categories as host
 2009 IEEE Symposium on Industrial Electronics and Applications (ISIEA 2009), October 4-6, 2009, Kuala Lumpur, Malaysia
based, network based and vulnerability assessment based.
A host based IDS evaluates information found on a single
or multiple host systems, including contents of operating
systems, system and application files. While network
based IDS evaluates information captured from network
communications, analyzing the stream of packets
traveling across the network. Packets are captured through
a set of sensors. Vulnerability assessment based IDS
detects vulnerabilities on internal networks and firewall
[4]. Moreover, intrusion detection is further divided into
two main classes such as misuse and anomaly detection.
First is the general category of intrusion detection, which
works by identifying activities which vary from
established patterns for users, or groups of users. It
typically involves the creation of knowledge bases which
contain the profiles of the monitored activities. The
second technique involves the comparison of a user's
activities with the known behaviors of attackers
attempting to penetrate a system. Misuse detection also
utilizes a knowledge base of information [5]. Mostly
attack detection tools use the evaluation parameters such
as false positive, false negative and detection rate. A false
positive occurs when the system classifies an action as
anomalous (a possible intrusion) when it is a legitimate
action. While a false negative occurs when an actual
intrusive action has occurred but the system allows it to
pass as non-intrusive behavior [6].
III. PROBING ATTACK AND ITS TYPES
It involves discovering the algorithms and parameters
of the recommender system itself. It may be necessary for
an intruder to acquire this knowledge through interaction
with the system itself.
Ipsweep: It probes the network to discover available
services on the network. First intruder find out a machine
on which he may be attacked.
Portsweep: It probes a host to find available services on
that host. If a service is known on the system so it may
easily be attacked by the network intruder.
Nmap: It is a complete and flexible tool for scanning a
network either randomly or sequentially. Therefore, often
intruders used this tool for scanning network parameters
that may help them in attacking the system.
Satan: It is an administration tool; it gathers information
about the network. This information can be used by an
attacker.
Probing attacks can steal important information from
your computer or your network and later may be used by
the intruder. These attacks may also result in significant
loss of time and money for many organizations. There
are many methods for their prevention but has some
limitations like varying nature of attacks [7,8, 9].
IV. RELATED WORKS
Dr. Dorothy Denning proposed an intrusion detection
model in 1987 which became a landmark in the research in
this area. The model which she proposed forms the basic
core of most intrusion detection methodologies in use
today [10]. After this a lot works had been done in this
field of intrusion in the form of statistical approaches, rule
based, graphical and hybrid system. All of these
approaches have limitations as described previously in the
background section. Presently researchers are taking much
interest in the application of attack detection tools by using
neural networks due to its features. An artificial neural
network consists of a group of processing elements
(neurons) that are highly interconnected and convert a set
of inputs to a set of preferred outputs [11]. The first
artificial neuron was formed in 1943 by the
neurophysiologist Warren McCulloch and the logician
Walter Pits [12].
Artificial neural networks are alternatives. The first
advantage in the use of a neural network in the attack
detection would be the flexibility that the network would
provide. A neural network would be capable of analyzing
the data from the network, even if the data is incomplete
or unclear. Similarly, the network would possess the
ability to conduct an analysis with data in a non-linear
fashion. Further, because some attacks may be conducted
against the network in a coordinated attack by multiple
attackers, the ability to process data from a number of
sources in a non-linear fashion is especially important.
The problem of frequently updation of traditional attack
detector is also minimized by ANN. It has generalization
property and hence able to detect unknown and even
variation of known attacks. Another reason to employ
ANN in PROBING attack detection is that, ANN can
cluster patterns which share similar features, thus the
classification problem in attack detection can be solved
by ANN. The natural speed of neural networks is another
advantage [13].
Performance comparison between backpropagation
algorithms is presented by Iftikhar Ahmad, et.al, in which
different supervised algorithms are benchmarked. They
proposed an optimized solution with respect to mean
square error after making many experiment on the standard
dataset in the field of attack detection. The focus was to
find best training neural network among backpropagation
algorithms [13]. A systematic review in the field of
intrusion detection by using artificial neural networks is
also presented by Iftikhar Ahmad, et.al, in which they
analyzed different approaches in terms of development,
implementation, NN architecture, dataset and testing
parameter details. They also point out many issues in
current traditional as well as intelligent attack detection
systems [2]. There are many works in the literature that
deal with attack detection in networks but the application
of artificial neural networks is a new area in this field. One
of the major challenges for present intrusion detection
approaches is to reduce false alarm rates. The false alarm
rate is still high for recent neural intrusion detection
approaches because they have not sufficient ability to
attacks. Aikaterini Mitrokotsa et.al worked on attack
detection by using ESOMS that is widely used in this field
but the problem is performance accuracy as false positives
and false negatives increases [14]. Another work on
intrusion detection is done by Stefano Zanero et.al. They
 2009 IEEE Symposium on Industrial Electronics and Applications (ISIEA 2009), October 4-6, 2009, Kuala Lumpur, Malaysia

also used the SOMS in their experiments with 75% optimum is selected as shown in the table 1.
detection rate and but it also suffered increase in false
positives [15]. L. Prema Rajeswari et.al worked on TABLE 1
SELECTION OF HIDDEN LAYERS AND ITS NUMBER OF
intrusion detection and their developed model showed NEURON
83.59% accuracy with 16.41% false alarm in terms of
attacks. [16]. Yao Yu et.al worked to improve false
positive rate using their hybrid MLP/CNN neural network Sr.# Hidden Layers Neurons RMSE
but still suffered with a false positive rate [17]. Morteza 1 H1H2H3 1493 0.1487
Amini, et.al tried to present a real-time solution using 2 H1H2H3H4 14963 0.1523
unsupervised neural nets like ART and SOM to detect 3 H1H2H3 1494 0.01486
known and unknown attacks in network traffic [7]. Rodes, 4 H1H2H3 20105 0.1942
et.at proposed MSOMS that used unsupervised learning 5 H1H2H3 302515 0.5632
and is best for data analysis collected from network and 6 H1H2 149 0.00211
overflow detection [18]. Therefore, supervised neural 7 H1 30 0.1342
network suffered training overhead while the others are not
efficient in accuracy. In this paper, we have reworked of This is a way for selection of number of hidden layers
our previous work and focused on probing attacks by using and its number of neurons as many other researchers did
different learning parameters, activation functions & in their research. The Input layer takes input from the
layered nature of the proposed system.
input file that contains data for training of the net. The
hidden layers take inputs from the outputs of the input
I. PROPOSED ARCHITECURE
layer and apply its activation function. After this the
The artificial neural network architecture used in our output is sent to the output layer. The output layer allows
approach is feedforward. A feed forward neural net is a neural network to write output patterns in a file that are
composed of a number of consecutive layers/components, used for analysis of attacks [3, 13].
each one connected to the next by a synapse/connection.
The design is a FFNN (feedforward neural network) with II. IMPLEMENTATION
four layers connected with three synapses. Each layer is
composed of a certain number of neurons, each of which We implemented the system in five different phases as
has the same characteristics (transfer function, learning shown in the figure below.
rate, etc). This multiple layered perceptron architecture
consists of one input, two hidden and one output layer. DATASET
The general architecture of the system is shown in the TRAINING/TESTING
figure below.

1 1 1
PREPROCESSING
DATA SET
1

2
DETERMINE THE NN
41 14 9 ARCHITECTURE

Input Hidden Layers Output

Layer Layer
TRAINING THE SYSTEM

Figure 1. General Architecture

The input layer consists of 41 neurons because the

Kddcup99 data set contains 41 fields/characteristics for a
TCP/IP packet to be used for attack detection. The hidden
layers consist of 14 and 9 neurons respectively. The
output layer consists of two neurons that classify normal
packets from abnormal packets. There is no accurate
formula for the selection of hidden layers so we can make
it by comparison and select which one is best [19]. For
choosing optimum set of hidden layers and its number of
neuron a comparison is made for many cases and
TESTING THE SYSTEM
Figure 2. Implementation Phases
A. Dataset for Training and Testing
The efficiency of the NN depends on the training data.
The collecting of data for training is a critical problem.
This can be obtained by three ways as by using real
 2009 IEEE Symposium on Industrial Electronics and Applications (ISIEA 2009), October 4-6, 2009, Kuala Lumpur, Malaysia

traffic, by using sanitized traffic and by using simulated system for normal and attacked scenario is shown below.
traffic. The first option to obtain training/testing data is
collecting truly real data and attacking an organization.
Although packets would be real, it was intolerable to
attack an organization. In addition to that, privacy of the
users in the organization would be debased as private e-
mails, passwords and user identities would be released. In
order to overcome security and privacy harms of using
real traffic, sanitized traffic was proposed to be used by
removing any sensitive data from the data stream. Then
attack data can be inserted into the sanitized traffic. The
benefit of this approach is that the data can be freely
distributed. However, the below explained problems arise Figure 3. A comprehensive design of IDS for normal scenario
when using this approach. First of all, most of the content
of the background activity may be removed by the
sanitization attempt. Next, it is still possible to release
sensitive data since it is infeasible to verify large amount
of data. The third and the most common way to obtain
data are to create a testbed network and generate
background traffic on this network. In the testbed
environment, background traffic is generated either by
using complex traffic generators modeling actual network
statistics or by using simpler commercial traffic
generators creating small number of packets at a high
rate. Advantage of this approach is that data can be freely
Figure 4. A comprehensive design of IDS for attack scenario
distributed as it does not contain any sensitive
information. Another advantage of this approach is that is
D. Training the System
guaranteed that generated traffic does not contain any In the training phase we have both input patterns and
unknown attacks as the background traffic is created by desired outputs related to each input vector. Aim of the
simulators. However difficulties exist when using this training in MLP networks is minimizing output produced
approach too. Firstly, it‟s very costly and difficult to by the neural network and the desired output. In order to
create a simulation. Next, in order to model various achieve this goal, weights are updated by carrying out
networks, different types of traffic is needed. In order to certain steps known as training. When using a supervised
avoid dealing with difficulties of all three approaches, learning algorithm RPROP, training process is usually
DARPA 1999 Attack Detection Evaluation dataset was terminated when the RMSE is reduced to an acceptable
used for training/testing data [1, 3, 7, 20]. level. There is no standard for the RMSE, but usually the
lower it is, the better the classification rate is. But a too
B. Preprocessing Dataset low RMSE may result in over training of the neural
This section describes how the data set is used for our network. This means that neural network loose
experiment. The data set is preprocessed so that it may be generalization ability, hence it will just detect attacks that
able to give it as an input to our developed system. This are exactly identical to the training data. Another criterion
data set consists of numeric and symbolic features and we for training termination is the number of iterations. When
converted it in numeric form so that it can be given as a certain number of iterations were reached, the training
inputs to our neural network. We replaced symbolic with was stopped, even if the desired RMSE was not reached.
specific numeric, comma with semicolon, normal with 0, We trained the system on preprocessed data using
resilient backpropagation for 1000 epoch. We used full
1 and attack with 1, 0. Now this modified data set is
featured packet of probing attacks from kddcup99 data
ready to be used as training and testing of the neural
set [3, 7]. A sample of training pattern of probing attack
network.
and its normal is shown below.
C. Determining the NN Architecture TABLE 2
There is no certain mathematical approach for A PROBING ATTACK AND ITS NORMAL PATTERN
obtaining the optimum number of hidden layers and their
0;18;25;20;8;0;0;0;0;0;0;0;0;0;0;0;0;0;0;0;0;0;1;15;0
neurons. For choosing optimum set of hidden layers and
Attack .00;0.00;0.00;0.00;1.00;0.00;1.00;1;147;1.00;0.00;1.
its no. of neuron a comparison is made for many cases 00;0.50;0.00;0.00;0.00;0.00;1;0
and optimum is selected as shown in the table 1. In our 0;18;25;20;8;0;0;0;0;0;0;0;0;0;0;0;0;0;0;0;0;0;1;25;0
experiment 4 layer MLP with two hidden layers is found Normal .00;0.00;0.00;0.00;1.00;0.00;1.00;1;125;1.00;0.00;1.
to be optimum among several cases [21]. The 00;0.50;0.00;0.00;0.00;0.00;1;0
comprehensive structural design of attack detection
 2009 IEEE Symposium on Industrial Electronics and Applications (ISIEA 2009), October 4-6, 2009, Kuala Lumpur, Malaysia

and 1 then it is normal packet otherwise consider as

We used Resilient Backpropagation algorithm for attack. The system is implemented in JOONE powered by
training of the net because it converges very quickly. It JAVA [26, 27]. The system is tested for different
uses only the sign of the backpropagated gradient to probing attacks and several reports are generated by the
change the biases/weights of the net. Hence it is local simulation.
adaptive learning scheme and has the possibility to escape
from local minima. The basic principle is to eliminate the III. RESULTS AND DISCUSSIONS
harmful influence of the size of partial derivative on the After the training process was completed, testing was
weight step [22, 23, 24, 25]. The training phase consists of conducted basically in two steps. In the first step system
the following steps. was tested against the training dataset, in order to
examine how well neural networks „learned‟ the training
1. The Feedforward of input training pattern dataset after the training process. In the second step of the
2. The calculation and backpropagation of associated error
testing, trained neural networks were tested against a
3. The adjustment of the weights dataset, which is not a part of the training set, in order to
examine generalization performance of the trained
The aim of training means to get good responses to networks. In both testing steps performance of the neural
input that is similar but not identical. networks was evaluated by examining the number of
false positives and false negatives that they generated.
E. Testing the System First we gave packets as input to our system consisting
After the training is completed, the weights of the of IPsweep attacks and some normal packets. So the
neural networks are frozen and performance of the neural
system give 100 % detection rate and with no any false
networks evaluated. Testing the neural networks involves
positive or false negative. It shows 97% detection rate in
two steps, which are verification step and recall (or
case of Nmap with 2% false positive and 1% false
generalization) step. In verification step, neural networks
are tested against the data which are used in training. Aim negative rate. It shows detection rate 98% in Portsweep
of the verification step is to test how well trained neural attacks with 2% false positive rate. In case of Satan
networks learned the training patterns in the training attacks it shows 97% detection rate with 2% of false
dataset. If a neural network was trained successfully, positive rate and 1% as false negative rate. The
outputs produced by the neural network would be similar simulation results are shown in the table below.
to the actual outputs. In recall or generalization step,
TABLE 3
testing is conducted with data which not used in training. ATTACK DETECTION PERFORMANCE
Aim of the generalization step is to measure
generalization ability of the trained network. After
training, the net only involves computation of the Probing False False
Detection Rate
Attack Type Positive Negative
feedforward phase. The structure of the testing net is
shown in the figure. IPsweep 100 % 0% 0%
Nmap 97 % 2% 1%
Portsweep 98 % 2% 0%
Satan 97 % 2% 1%

The graph of simulation results in case of probing

attacks detection is shown the following figure.

Figure 5. A comprehensive design of IDS for testing scenario

It consists of one Input, two hidden and one output

layers. Each layer consists of neurons. A neuron is a
processing element that takes input and gives its output
after applying its activation function. The layers are
interconnected through synapses. The synapse acts as a
transmission medium between the layers of our topology.
The forward and backward propagation is done through
Figure 6. Attack and its Detection Rate
these synapses by forward and backward mechanism. The
output of the net is saved in file that will be used for
attack analysis. If the global error value is nearest to 0
 2009 IEEE Symposium on Industrial Electronics and Applications (ISIEA 2009), October 4-6, 2009, Kuala Lumpur, Malaysia
The system shows 98 % accuracy in term of detection
rate that is promising value in case of attack detection. It
has been noted that the resilient backpropagation shows
best performance as compared to other NN approaches
towards attack detection. The focus of our research was
to increase attack detection rate. Once attack is detected
then there are several available methods to block network
attack. Now we try to compare our approach to other
approaches in case of probing attack detection as shown
in the graph.
Figure 7. Comparison of detection rate among different approaches
of attack detection
It has been noted that our approach shows optimum
results as compared to other approaches in the field of
attack detection.
IV. FUTURE RESEARCH
The resourceful attack detection approach may be
developed that have very low error rate, high learning rate
and quick attack detection by using this approach with
other neural networks in the form of hybrid architecture.
ACKNOWLEDGMENT
The current work is being supported by department of
Software Engineering, College of Computer &
Information Sciences, King Saud University, Saudi
Arabia. Special thanks to Dr. Mohsin Iftikhar for his
valuable suggestions regarding paper‟s presentation.
REFERENCES
[1] CERT the U.S. Patent and Trademark Office http://www.cert.org/
[2] Iftikhar Ahmad, Azween B. Abdullah, Abdullah S. Alghamdi,
“Artificial Neural Network Approaches to Intrusion Detection: A
Review”, in the Book TELECOMMUNICATIONS and
INFORMATICS”, Included in ISI/SCI Web of Science and Web of
Knowledge, Istanbul, Turkey, 2009, pp 200-205.
[3] Iftikhar Ahmad, Sami Ullah Swati, Sajjad Mohsin. “Intrusion
Detection Mechanism by Resilient Back Propagation (RPROP)”
EUROPEAN JOURNAL OF SCIENTIFIC RESEARCH, Volume
17, No. 4 August 2007,pp 523-530.
[4] Erland. Jonsson, Magnus. Almgren, Alfonso, Recent Advances in
Intrusion Detection: 7th International Symposium, RAID 2004,
Sophia Antipolis - Page 102.
[5] Shahbaz Pervez, Iftikhar Ahmad, Adeel Akram, Sami Ullah Swati.”
A Comparative Analysis of Artificial Neural Network Technologies
in Intrusion Detection Systems ” WSEAS TRANSACTION ON
COMPUTERS, Issue 1, Volume 6, January 2007, pp.175-180.
[6] John McHugh, Testing Intrusion detection systems. ACM
Transactions on Information and System Security, 3(4). November,
2000.
[7] Morteza Amini, Rasool Jalili and Hamid Reza Shahriari, “RT-
UNNID: A practical solution to real-time network-based intrusion
detection using unsupervised neural networks”, Computers &
Security Volume 25, Issue 6, Elsevier Inc, September 2006, pp 459-
468.
[8] The 3rd International Knowledge Discovery and Data Mining Tools
Competition, website link accessed 2009,
http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
[9] M. Sabhnani and G. Serpen, "Application of Machine Learning
Algorithms to KDD Intrusion Detection Dataset within Misuse
Detection Context", http://www.eecs.utoledo.edu/~serpen/.
[10] Denning, Dorothy. (February, 1987). An Intrusion-Detection Model.
IEEE Transactions on Software Engineering, Vol. SE-13, No. 2.
[11] Uwe Aickelin, Julie Greensmith, Jamie Twycross, “Immune System
Approaches to Intrusion Detection – A Review” Natural Computing,
Springer Netherlands, Volume 6, Number 4 / December, 2007, pp
413-466.
[12] Laurene Fausett, Fundamentals of Neural Networks Architecture,
Algorithm, and Applications, Pearson Education, Inc. 2008, pp. 21-
24.
[13] Iftikhar Ahmad, M.A Ansari, Sajjad Mohsin. “Performance
Comparison between Backpropagation Algorithms Applied to
Intrusion Detection in Computer Network Systems” as a chapter in
the ISI book: RECENT ADVANCES in SYSTEMS,
COMMUNICATIONS & COMPUTERS. 2008.(pp.47-52)
[14] Aikaterini Mitrokotsa, Christos Douligeris, “Detecting Denial of
Service Attacks Using Emergent Self-Organizing Maps”, IEEE
International Symposium on Signal Processing and Information
Technology 2005, pp 375-380.
[15] Stefano Zanero, Sergio M. Savarsi, “Unsupervised learning
techniques for an intrusion detection system” ACM Symposium on
Applied Computing, Cyprus 2004,pp 412-419
[16] L.Prema Rajeswari, A.Kannan, “An inrusion detection System Based
on Multiple Level Hybrid Classifier using Enhanced C045” IEEE-
INTERNATIONAL CONFERENCE on Signal processing,
Communications and Networking madras Institute of Technology,
Anna University chemai india, 2008, pp 75-79
[17] Yao Yu; Yang Wei; Gao Fu-Xiang; Yu Ge, “Anomaly Intrusion
Detection Approach Using Hybrid MLP/CNN Neural Network”,
IEEE Intelligent Systems Design and Applications, 2006. ISDA apos;
06Sixth International Conference on Volume 2, Issue , 16-18 Oct.
2006 pp1095 – 1102.
[18] Rodes, B., Mahaffey,J., & Cannady, J. “Multiple Self Organizing
Maps”. 23rd Security Information System (2000).
[19] Fox, Kevin L., Henning, Rhonda R., and Reed, Jonathan H. (1990).
“A Neural Network Approach Towards Intrusion Detection”. In
Proceedings of the 13th National Computer Security Conference.
[20] Cannady J. Artificial neural networks for misuse detection. National
Information Systems Security Conference; 1998. p. 368–81.
[21] Hui Zhu; Bo Huang; Tanabe, Y.; Baba, T., Innovative Computing
Information and Control, 2008. ICICIC apos; 08. 3rd International
Conference on Volume, Issue, 18-20 June 2008, pp 509 – 509.
[22] JJF Cerqueira, AGB Palhares, MK Madrid , Man and Cybernetics,
2002 IEEE International Conference, 2002.
[23] ELECTRONICS LETTERS 8th January 2004 Vol. 40 No. 1.
[24] L. Jiao et al. (Eds.): ICNC 2006, Part II, LNCS 4222, Springer-
Verlag Berlin Heidelberg 2006, pp 364 – 373.
[25] Souza, B.A.; Brito, N.S.D.; et al, Comparison between
backpropagation and RPROP algorithms applied to fault classification
in transmission lines, S.S.B. Neural Networks, 2004. Proceedings.
2004 IEEE International Joint Conference on Volume 4, Issue, 25-29
July 2004 pp 2913 - 2918.
[26] JAVA. Located at: http://java.sun.com.
[27] JOONE API. Located at: http://www.joone.org