The application of neural networks to UNIX computer security

Computer security can be divided into two distinct areas, preventive security and the detection of security violations. Of the two, a greater degree of research and emphasis has been applied to prevention, while detection has been relatively overlooked. This is a costly oversight as preventive measures are never infallible. To date the detection of intruder violation on computer systems is a field heavily dominated by expert systems. However, the major drawbacks attributed to these systems including their heavy demand on system resources and their poor handling of the dynamic nature of user behaviour, have made their use infeasible. In practice, the effectiveness of intruder detection is heavily reliant upon the skills of the presiding system administrators and their knowledge of the behaviour of their users. The present study approaches the problem from a pattern recognition point of view, where a neural network is used to capture user behaviour patterns. It proposes that neural networks are not only capable of outperforming its heavier expert systems counterparts but in many ways better suits the demands and dynamic nature of the problem. In exploiting the strengths of neural networks in recognition, classification and generalisation this research illustrates the effectiveness of the neural network contribution to the application of intruder detection.

[1]  Rita C. Summers An Overview of Computer Security , 1984, IBM Syst. J..

[2]  J. R. Winkler,et al.  Intrusion and anomaly detection in trusted systems , 1989, [1989 Proceedings] Fifth Annual Computer Security Applications Conference.

[3]  P. S. Tasker,et al.  DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .

[4]  Ann Dryden Witte,et al.  Beating the System , 1996 .

[5]  Stephen G. Kochan,et al.  Unix System Security , 1986 .

[6]  D. Parker Crime by computer , 1976 .

[7]  Jim Smith,et al.  Beating the System , 1990, J. Inf. Technol..

[8]  Jacek M. Zurada,et al.  Introduction to artificial neural systems , 1992 .

[9]  Yoh-Han Pao,et al.  Adaptive pattern recognition and neural networks , 1989 .

[10]  Simson L. Garfinkel,et al.  Practical UNIX Security , 1991 .

[11]  David A. Curry UNIX System Security: A Guide for Users and System Administrators , 1992 .

[12]  F. Girosi,et al.  Networks for approximation and learning , 1990, Proc. IEEE.

[13]  Clifford Stoll,et al.  Stalking the wily hacker , 1988, CACM.

[14]  Gunar E. Liepins,et al.  Detection of anomalous computer session activity , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.