With the rapid expansion of computer networks during the past few years, security has become a crucial issue for modern computer systems. A good way to detect illegitimate use is through monitoring unusual user activity. Methods of intrusion detection based on hand-coded rule sets or predicting commands on-line are laborous to build or not very reliable. This paper proposes a new way of applying neural networks to detect intrusions. We believe that a user leaves a 'print' when using the system; a neural network can be used to learn this print and identify each user much like detectives use thumbprints to place people at crime scenes. If a user's behavior does not match his/her print, the system administrator can be alerted of a possible security breech. A backpropagation neural network called NNID (Neural Network Intrusion Detector) was trained in the identification task and tested experimentally on a system of 10 users. The system was 96% accurate in detecting unusual activity, with 7% false alarm rate. These results suggest that learning user profiles is an effective way for detecting intrusions.
[1]
Todd L. Heberlein,et al.
Network intrusion detection
,
1994,
IEEE Network.
[2]
Hervé Debar,et al.
A neural network component for an intrusion detection system
,
1992,
Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.
[3]
H. S. Teng,et al.
Adaptive real-time anomaly detection using inductively generated sequential patterns
,
1990,
Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.
[4]
Richard A. Kemmerer,et al.
State Transition Analysis: A Rule-Based Intrusion Detection Approach
,
1995,
IEEE Trans. Software Eng..
[5]
Dorothy E. Denning,et al.
An Intrusion-Detection Model
,
1986,
1986 IEEE Symposium on Security and Privacy.
[6]
Harold Joseph Highland,et al.
The 17th NSCS abstructArtificial Intelligence and Intrusion Detection: Current and Future Directions : Jeremy Frank, University of California, Davis, CA
,
1995
.