ReviewEssays.com - Term Papers, Book Reports, Research Papers and College Essays
Search

Artificial Neural Networks for Misuse Detection

Essay by   •  November 10, 2010  •  Research Paper  •  4,864 Words (20 Pages)  •  2,346 Views

Essay Preview: Artificial Neural Networks for Misuse Detection

Report this essay
Page 1 of 20

Abstract:

Misuse detection is the process of attempting to identify instances of network attacks by

comparing current activity against the expected actions of an intruder. Most current approaches

to misuse detection involve the use of rule-based expert systems to identify indications of known

attacks. However, these techniques are less successful in identifying attacks which vary from

expected patterns. Artificial neural networks provide the potential to identify and classify

network activity based on limited, incomplete, and nonlinear data sources. We present an

approach to the process of misuse detection that utilizes the analytical strengths of neural

networks, and we provide the results from our preliminary analysis of this approach.

Keywords: Intrusion detection, misuse detection, neural networks, computer security.

1. Introduction

Because of the increasing dependence which companies and government agencies have on their

computer networks the importance of protecting these systems from attack is critical. A single

intrusion of a computer network can result in the loss or unauthorized utilization or modification

of large amounts of data and cause users to question the reliability of all of the information on the

network. There are numerous methods of responding to a network intrusion, but they all require

the accurate and timely identification of the attack.

This paper presents an analysis of the applicability of neural networks in the identification of

instances of external attacks against a network. The results of tests conducted on a neural

network, which was designed as a proof-of-concept, are also presented. Finally, the areas of

future research that are being conducted in this area are discussed.

1.1 Intrusion Detection Systems

1.1.1 Background

The timely and accurate detection of computer and network system intrusions has always been

an elusive goal for system administrators and information security researchers. The individual

creativity of attackers, the wide range of computer hardware and operating systems, and the ever-

changing nature of the overall threat to target systems have contributed to the difficulty in

effectively identifying intrusions. While the complexities of host computers already made

intrusion detection a difficult endeavor, the increasing prevalence of distributed network-based

systems and insecure networks such as the Internet has greatly increased the need for intrusion

detection [20].

There are two general categories of attacks which intrusion detection technologies attempt to

identify - anomaly detection and misuse detection [1,13]. Anomaly detection identifies activities

that vary from established patterns for users, or groups of users. Anomaly detection typically

involves the creation of knowledge bases that contain the profiles of the monitored activities.

The second general approach to intrusion detection is misuse detection. This technique involves

the comparison of a user's activities with the known behaviors of attackers attempting to

penetrate a system [17,18]. While anomaly detection typically utilizes threshold monitoring to

indicate when a certain established metric has been reached, misuse detection techniques

frequently utilize a rule-based approach. When applied to misuse detection, the rules become

scenarios for network attacks. The intrusion detection mechanism identifies a potential attack if a user's activities are found to be consistent with the established rules. The use of comprehensive

rules is critical in the application of expert systems for intrusion detection.

1.1.2 Current Approaches to Intrusion Detection

Most current approaches to the process of detecting intrusions utilize some form of rule-based

analysis. Rule-Based analysis relies on sets of predefined rules that are provided by an

administrator, automatically created by the system, or both. Expert systems are the most common

form of rule-based intrusion detection approaches [8, 24]. The early intrusion detection research

efforts realized the inefficiency of any approach that required a manual review of a system audit

trail. While the information necessary to identify attacks was believed to be present within the

voluminous audit data, an effective review of the material required the use of an automated

system. The use of expert system techniques in intrusion detection mechanisms was a significant

milestone in the development of effective and practical detection-based information security

systems [1, 8, 19, 21, 24, and 28].

An expert system consists of a set of rules that encode the knowledge of a human "expert".

These rules are used by the system to make conclusions about the security-related data from the

intrusion detection system. Expert systems permit the incorporation of an extensive amount of

human experience into a computer application that then utilizes

...

...

Download as:   txt (33.9 Kb)   pdf (304.8 Kb)   docx (26.3 Kb)  
Continue for 19 more pages »
Only available on ReviewEssays.com