Artificial neural network for misuse detection

2,903 views

Published on

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,903
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
123
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Artificial neural network for misuse detection

  1. 2. INTRUSION DETECTION SYSTEMS (IDS) • Host-based IDS • Network-based IDS • Vulnerability-assessment IDS COMPONENT OF Of IDS • An information source that provides a stream of event records • An analysis engine that identifies signs of intrusions • A response component that gene rates reactions based on the outcome of the analysis engine.
  2. 3. NEURAL NETWORKS
  3. 4. NEURAL NETWORK IDS PROTOTYPES 1. Percetron Model: A single neuron with adjustable synapses and threshold.
  4. 5. 2 . Backpropagation Model 3. Perceptron-Backpropagation Hybrid Model
  5. 6. Neural Network Intrusion Detection Systems • Computer attack • Typical characteristics of User • Computer Viruses • Malicious Software in Computer Network
  6. 7. NEGPAIM MODEL
  7. 8. NEURAL ENGINE • Based Anomaly intrusion detection • Establish profiles of normal user and compare user behaviors to those profiles • Investigation of total behaviors of the user Disadvantages • A statistical assumption is required
  8. 9. IMPLEMENTATION • Uses Multi-layer Pecptron Network First Stage : 1. Training a set of historical Data 2. Only once for each user Second Stage: 1. Engine accept input Data 2. Compare with the historical Data
  9. 10. IMPLEMENTATION OF ANN 1. Incorporating into Modified or Existing Expert system • The incoming Data is Filtered by Neural Network for suspicious event • The False alarm should be reduced Disadvantages: • Need for update to recognize the new attack
  10. 11. 2. Neural Network as Stand alone System • Data is received from Network Stream and analyzed for misuse • Indicative of data is forwarded to automated intrusion response system
  11. 12. LEVEL OF PROCESSING OF DATA LEVEL 1: The element of data is selected from packet as Protocol ID, Source Port, Destination Port, Source Address, Destination Address, ICMP type, ICMP Code, Raw data length, Raw. LEVEEL 2: Converting the nine element data to a standardized numeric representation. LEVEL 3: Conversion of result data into ASCII coma delimited format that could be used by Neural Network.
  12. 13. ADVANTAGES OF ANN BASED MISUSE DETECTION • Analyzing the Data which is incomplete of distorted • Speed of neural Network • A particular event was indicative attack can be known • To Learn the characteristics of Misuse attack
  13. 14. DISADVANTAGES OF ANN BASED MISUSE DETECTION • Need accurate training of the system • Black Box nature of the neural network • The weight and transfer function of various network nodes are Frozen after a network has achieved a level of success in identification of event
  14. 15. The early results of tests of these technologies show significant promise, and our future work will involve the refinement of the approach and the development of a full-scale demonstration system
  15. 16. THANK YOU
  16. 18. INTRUSION DETECTION SYSTEMS (IDS) • Host-based IDS • Network-based IDS • Vulnerability-assessment IDS COMPONENT OF Of IDS • An information source that provides a stream of event records • An analysis engine that identifies signs of intrusions • A response component that gene rates reactions based on the outcome of the analysis engine.
  17. 19. NEURAL NETWORKS
  18. 20. NEURAL NETWORK IDS PROTOTYPES 1. Percetron Model: A single neuron with adjustable synapses and threshold.
  19. 21. 2 . Backpropagation Model 3. Perceptron-Backpropagation Hybrid Model
  20. 22. Neural Network Intrusion Detection Systems • Computer attack • Typical characteristics of User • Computer Viruses • Malicious Software in Computer Network
  21. 23. NEGPAIM MODEL
  22. 24. NEURAL ENGINE • Based Anomaly intrusion detection • Establish profiles of normal user and compare user behaviors to those profiles • Investigation of total behaviors of the user Disadvantages • A statistical assumption is required
  23. 25. IMPLEMENTATION • Uses Multi-layer Pecptron Network First Stage : 1. Training a set of historical Data 2. Only once for each user Second Stage: 1. Engine accept input Data 2. Compare with the historical Data
  24. 26. IMPLEMENTATION OF ANN 1. Incorporating into Modified or Existing Expert system • The incoming Data is Filtered by Neural Network for suspicious event • The False alarm should be reduced Disadvantages: • Need for update to recognize the new attack
  25. 27. 2. Neural Network as Stand alone System • Data is received from Network Stream and analyzed for misuse • Indicative of data is forwarded to automated intrusion response system
  26. 28. LEVEL OF PROCESSING OF DATA LEVEL 1: The element of data is selected from packet as Protocol ID, Source Port, Destination Port, Source Address, Destination Address, ICMP type, ICMP Code, Raw data length, Raw. LEVEEL 2: Converting the nine element data to a standardized numeric representation. LEVEL 3: Conversion of result data into ASCII coma delimited format that could be used by Neural Network.
  27. 29. ADVANTAGES OF ANN BASED MISUSE DETECTION • Analyzing the Data which is incomplete of distorted • Speed of neural Network • A particular event was indicative attack can be known • To Learn the characteristics of Misuse attack
  28. 30. DISADVANTAGES OF ANN BASED MISUSE DETECTION • Need accurate training of the system • Black Box nature of the neural network • The weight and transfer function of various network nodes are Frozen after a network has achieved a level of success in identification of event
  29. 31. The early results of tests of these technologies show significant promise, and our future work will involve the refinement of the approach and the development of a full-scale demonstration system
  30. 32. THANK YOU

×