artificial neural network for misuse detection
Post on 25-May-2015
1.953 Views
Preview:
TRANSCRIPT
INTRUSION DETECTION SYSTEMS (IDS)
• Host-based IDS• Network-based IDS• Vulnerability-assessment IDS
COMPONENT OF Of IDS
• An information source that provides a stream of event records• An analysis engine that identifies signs of intrusions• A response component that gene rates reactions based on the outcome of the analysis engine.
NEURAL NETWORKS
NEURAL NETWORK IDS PROTOTYPES
1. Percetron Model:
A single neuron with adjustable synapses and threshold.
2. Backpropagation Model
3. Perceptron-Backpropagation Hybrid Model
Neural Network Intrusion Detection Systems
• Computer attack
• Typical characteristics of User
• Computer Viruses
• Malicious Software in Computer Network
NEGPAIM MODEL
NEURAL ENGINE• Based Anomaly intrusion detection
• Establish profiles of normal user and compare user behaviors to those profiles
• Investigation of total behaviors of the user
Disadvantages
• A statistical assumption is required
IMPLEMENTATION
• Uses Multi-layer Pecptron Network
First Stage :
1. Training a set of historical Data
2. Only once for each user
Second Stage:
1. Engine accept input Data
2. Compare with the historical Data
IMPLEMENTATION OF ANN
1. Incorporating into Modified or Existing Expert system
• The incoming Data is Filtered by Neural Network for suspicious event
• The False alarm should be reduced
Disadvantages:
• Need for update to recognize the new attack
2. Neural Network as Stand alone System
• Data is received from Network Stream and analyzed for misuse
• Indicative of data is forwarded to automated intrusion response system
LEVEL OF PROCESSING OF DATA
LEVEL 1: The element of data is selected from packet as Protocol ID, Source Port, Destination Port, Source Address, Destination Address, ICMP type, ICMP Code, Raw data length, Raw.
LEVEEL 2: Converting the nine element data to a standardized numeric representation.
LEVEL 3: Conversion of result data into ASCII coma delimited format that could be used by Neural Network.
ADVANTAGES OF ANN BASED MISUSE DETECTION
• Analyzing the Data which is incomplete of distorted
• Speed of neural Network
• A particular event was indicative attack can be known
• To Learn the characteristics of Misuse attack
DISADVANTAGES OF ANN BASED MISUSE DETECTION
• Need accurate training of the system
• Black Box nature of the neural network
• The weight and transfer function of various network nodes are Frozen after a network has achieved a level of success in identification of event
The early results of tests of these technologies show significant promise, and our future work will involve the refinement of the approach and the development of a full-scale demonstration system
THANK YOU
INTRUSION DETECTION SYSTEMS (IDS)
• Host-based IDS• Network-based IDS• Vulnerability-assessment IDS
COMPONENT OF Of IDS
• An information source that provides a stream of event records• An analysis engine that identifies signs of intrusions• A response component that gene rates reactions based on the outcome of the analysis engine.
NEURAL NETWORKS
NEURAL NETWORK IDS PROTOTYPES
1. Percetron Model:
A single neuron with adjustable synapses and threshold.
2. Backpropagation Model
3. Perceptron-Backpropagation Hybrid Model
Neural Network Intrusion Detection Systems
• Computer attack
• Typical characteristics of User
• Computer Viruses
• Malicious Software in Computer Network
NEGPAIM MODEL
NEURAL ENGINE• Based Anomaly intrusion detection
• Establish profiles of normal user and compare user behaviors to those profiles
• Investigation of total behaviors of the user
Disadvantages
• A statistical assumption is required
IMPLEMENTATION
• Uses Multi-layer Pecptron Network
First Stage :
1. Training a set of historical Data
2. Only once for each user
Second Stage:
1. Engine accept input Data
2. Compare with the historical Data
IMPLEMENTATION OF ANN
1. Incorporating into Modified or Existing Expert system
• The incoming Data is Filtered by Neural Network for suspicious event
• The False alarm should be reduced
Disadvantages:
• Need for update to recognize the new attack
2. Neural Network as Stand alone System
• Data is received from Network Stream and analyzed for misuse
• Indicative of data is forwarded to automated intrusion response system
LEVEL OF PROCESSING OF DATA
LEVEL 1: The element of data is selected from packet as Protocol ID, Source Port, Destination Port, Source Address, Destination Address, ICMP type, ICMP Code, Raw data length, Raw.
LEVEEL 2: Converting the nine element data to a standardized numeric representation.
LEVEL 3: Conversion of result data into ASCII coma delimited format that could be used by Neural Network.
ADVANTAGES OF ANN BASED MISUSE DETECTION
• Analyzing the Data which is incomplete of distorted
• Speed of neural Network
• A particular event was indicative attack can be known
• To Learn the characteristics of Misuse attack
DISADVANTAGES OF ANN BASED MISUSE DETECTION
• Need accurate training of the system
• Black Box nature of the neural network
• The weight and transfer function of various network nodes are Frozen after a network has achieved a level of success in identification of event
The early results of tests of these technologies show significant promise, and our future work will involve the refinement of the approach and the development of a full-scale demonstration system
THANK YOU
top related