Intrusion detection through artificial neural networks

The main problem with rule-based intrusion detection systems is the update discrepancy in their knowledge base, in relation the continuous differentiated forms of intrusion. Those IDSs basically work based on the misuse detection method, which monitors network and computers for known attack patterns. This article shows the build of a prototype for a network intrusion detection system, that uses an artificial neural network as a detection mechanism. In the network training and learning phases, which are an adaptive process, the knowledge base of IDS Snort was applied. The built IDSs allow the detection of an acceptable proportion of variants of intrusion, beyond the already known intrusion forms. This last characteristic presents expressive advantages comparing to intrusion detection systems purely based on rules, because it dismisses the use of an extensive knowledge base and solves the false negative and false positive problems, through the fine adjustment of weights, given by the variation of the acceptation rate in the network output, when the network is trained.