Artificial Neural Networks for Misuse Detection

Misuse detection is the process of attempting to identify instances of network attacks by comparing current activity against the expected actions of an intruder. Most current approaches to misuse detection involve the use of rule-based expert systems to identify indications of known attacks. However, these techniques are less successful in identifying attacks which vary from expected patterns. Artificial neural networks provide the potential to identify and classify network activity based on limited, incomplete, and nonlinear data sources. We present an approach to the process of misuse detection that utilizes the analytical strengths of neural networks, and we provide the results from our preliminary analysis of this approach.

[1]  Biswanath Mukherjee,et al.  A Software Platform for Testing Intrusion Detection Systems , 1997, IEEE Softw..

[2]  Paul G. Spirakis,et al.  Intrusion detection: Approach and performance issues of the SECURENET system , 1994, Comput. Secur..

[3]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[4]  Paul Helman,et al.  Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse , 1993, IEEE Trans. Software Eng..

[5]  Koral Ilgun,et al.  USTAT: a real-time intrusion detection system for UNIX , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  Udo W. Pooch,et al.  Cooperating security managers: a peer-based intrusion detection system , 1996, IEEE Netw..

[7]  Cannady,et al.  New Methods of Intrusion Detection Using Control-Loop Measurement , 1996 .

[8]  Limin Fu A neural network model for learning rule-based systems , 1992, [Proceedings 1992] IJCNN International Joint Conference on Neural Networks.

[9]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  K. Tan,et al.  The application of neural networks to UNIX computer security , 1995, Proceedings of ICNN'95 - International Conference on Neural Networks.

[11]  Alfonso Valdes,et al.  Next-generation Intrusion Detection Expert System (NIDES)A Summary , 1997 .

[12]  Michael J. Cramer New Methods of Intrusion Detection using Control-Loop Measurement , 1995 .

[13]  Hervé Debar,et al.  An application of a recurrent network to an intrusion detection system , 1992, [Proceedings 1992] IJCNN International Joint Conference on Neural Networks.

[14]  Harold Joseph Highland,et al.  The 17th NSCS abstructArtificial Intelligence and Intrusion Detection: Current and Future Directions : Jeremy Frank, University of California, Davis, CA , 1995 .

[15]  Teresa F. Lunt Foundations for Intrusion Detection? , 2000, CSFW.

[16]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[17]  D. Hammerstrom,et al.  Neural networks at work , 1993, IEEE Spectrum.

[18]  Eugene H. Spafford,et al.  A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION , 1994 .

[19]  Sandeep Kumar,et al.  A Software Architecture to Support Misuse Intrusion Detection , 1995 .

[20]  Stephen Grossberg,et al.  A massively parallel architecture for a self-organizing neural pattern recognition machine , 1988, Comput. Vis. Graph. Image Process..

[21]  Kymie M. C. Tan,et al.  Detection and classification of TCP/IP network services , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[22]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[23]  T.F. Lunt,et al.  Real-time intrusion detection , 1989, Digest of Papers. COMPCON Spring 89. Thirty-Fourth IEEE Computer Society International Conference: Intellectual Leverage.