21-04-2012, 10:54 AM
ARTIFICIAL NEURAL NETWORK FOR MISUSE DETECTION
10.1.1.39.5179.pdf (Size: 69.73 KB / Downloads: 46)
Introduction
Because of the increasing dependence which companies and government agencies have on their
computer networks the importance of protecting these systems from attack is critical. A single
intrusion of a computer network can result in the loss or unauthorized utilization or modification
of large amounts of data and cause users to question the reliability of all of the information on the
network. There are numerous methods of responding to a network intrusion, but they all require
the accurate and timely identification of the attack.
This paper presents an analysis of the applicability of neural networks in the identification of
instances of external attacks against a network. The results of tests conducted on a neural
network, which was designed as a proof-of-concept, are also presented. Finally, the areas of
future research that are being conducted in this area are discussed.
Intrusion Detection Systems
Background
The timely and accurate detection of computer and network system intrusions has always been
an elusive goal for system administrators and information security researchers. The individual
creativity of attackers, the wide range of computer hardware and operating systems, and the everchanging
nature of the overall threat to target systems have contributed to the difficulty in
effectively identifying intrusions. While the complexities of host computers already made
intrusion detection a difficult endeavor, the increasing prevalence of distributed network-based
systems and insecure networks such as the Internet has greatly increased the need for intrusion
detection [20].
Neural Networks
An artificial neural network consists of a collection of processing elements that are highly
interconnected and transform a set of inputs to a set of desired outputs. The result of the
transformation is determined by the characteristics of the elements and the weights associated
with the interconnections among them. By modifying the connections between the nodes the
network is able to adapt to the desired outputs [9, 12].
Neural Network Intrusion Detection Systems
A limited amount of research has been conducted on the application of neural networks to
detecting computer intrusions. Artificial neural networks offer the potential to resolve a number
of the problems encountered by the other current approaches to intrusion detection. Artificial
neural networks have been proposed as alternatives to the statistical analysis component of
anomaly detection systems, [5, 6, 10, 23, and 26]. Statistical Analysis involves statistical
comparison of current events to a predetermined set of baseline criteria. The technique is most
often employed in the detection of deviations from typical behavior and determination of the
similarly of events to those which are indicative of an attack [14]. Neural networks were
specifically proposed to identify the typical characteristics of system users and identify statistically
significant variations from the user's established behavior.
Conclusion
Research and development of intrusion detection systems has been ongoing since the early
1980’s and the challenges faced by designers increase as the targeted systems because more
diverse and complex. Misuse detection is a particularly difficult problem because of the extensive
number of vulnerabilities in computer systems and the creativity of the attackers. Neural
networks provide a number of advantages in the detection of these attacks. The early results of
our tests of these technologies show significant promise, and our future work will involve the
refinement of this approach and the development of a full-scale demonstration system.
10.1.1.39.5179.pdf (Size: 69.73 KB / Downloads: 46)
Introduction
Because of the increasing dependence which companies and government agencies have on their
computer networks the importance of protecting these systems from attack is critical. A single
intrusion of a computer network can result in the loss or unauthorized utilization or modification
of large amounts of data and cause users to question the reliability of all of the information on the
network. There are numerous methods of responding to a network intrusion, but they all require
the accurate and timely identification of the attack.
This paper presents an analysis of the applicability of neural networks in the identification of
instances of external attacks against a network. The results of tests conducted on a neural
network, which was designed as a proof-of-concept, are also presented. Finally, the areas of
future research that are being conducted in this area are discussed.
Intrusion Detection Systems
Background
The timely and accurate detection of computer and network system intrusions has always been
an elusive goal for system administrators and information security researchers. The individual
creativity of attackers, the wide range of computer hardware and operating systems, and the everchanging
nature of the overall threat to target systems have contributed to the difficulty in
effectively identifying intrusions. While the complexities of host computers already made
intrusion detection a difficult endeavor, the increasing prevalence of distributed network-based
systems and insecure networks such as the Internet has greatly increased the need for intrusion
detection [20].
Neural Networks
An artificial neural network consists of a collection of processing elements that are highly
interconnected and transform a set of inputs to a set of desired outputs. The result of the
transformation is determined by the characteristics of the elements and the weights associated
with the interconnections among them. By modifying the connections between the nodes the
network is able to adapt to the desired outputs [9, 12].
Neural Network Intrusion Detection Systems
A limited amount of research has been conducted on the application of neural networks to
detecting computer intrusions. Artificial neural networks offer the potential to resolve a number
of the problems encountered by the other current approaches to intrusion detection. Artificial
neural networks have been proposed as alternatives to the statistical analysis component of
anomaly detection systems, [5, 6, 10, 23, and 26]. Statistical Analysis involves statistical
comparison of current events to a predetermined set of baseline criteria. The technique is most
often employed in the detection of deviations from typical behavior and determination of the
similarly of events to those which are indicative of an attack [14]. Neural networks were
specifically proposed to identify the typical characteristics of system users and identify statistically
significant variations from the user's established behavior.
Conclusion
Research and development of intrusion detection systems has been ongoing since the early
1980’s and the challenges faced by designers increase as the targeted systems because more
diverse and complex. Misuse detection is a particularly difficult problem because of the extensive
number of vulnerabilities in computer systems and the creativity of the attackers. Neural
networks provide a number of advantages in the detection of these attacks. The early results of
our tests of these technologies show significant promise, and our future work will involve the
refinement of this approach and the development of a full-scale demonstration system.