Intrusion Measurement and Detection in LAN Using Protocol-Wise Associative Memory

Abstract

Nowadays, more and more devices are connected to the Internet, with enormous information transmitted on it. Malware spread through a local area network (LAN) can infect lots of internal users. A network intrusion detection system aims to safeguard a network from these malicious attacks. We proposed an efficient and adaptive intrusion measurement and detection approach based on protocol-wise associative memory of Hopfield networks, where the network traffic features related to several protocols including ARP, TCP, and UDP were stored. By evolving the neural network’s energy state, we reconstructed a stored feature pattern from the input of novel network traffic. We evaluated the scheme using the recall and the divergence rate. At last, we achieved an average validation recall score of 0.9591 for detecting various malicious network events.