DocumentCode :
2882006
Title :
Building a true anomaly detector for intrusion detection
Author :
Lee, Susan C. ; Heinbuch, David V.
Author_Institution :
Appl. Phys. Lab., Johns Hopkins Univ., Laurel, MD, USA
Volume :
2
fYear :
2000
fDate :
2000
Firstpage :
1171
Abstract :
While many commercial intrusion defection systems (IDS) are deployed, the protection they afford is modest. At the state-of-the-art, IDS produce voluminous alerts, most false alarms, and function mainly by recognizing the signatures of known attacks so that novel attacks slip past them. Attempts have been made to create systems that recognize the signature of “normal”, in the hope that they will then detect attacks, known or novel. These systems are often confounded by the extreme variability of nominal behavior. This paper describes an experiment with an IDS composed of a hierarchy of neural networks (NN) that functions as a true anomaly detector. This result is achieved by monitoring selected areas of network behavior, such as protocols, that are predictable in advance. While this does not cover the entire attack space, a considerable number of attacks are carried out by violating the expectations of the protocol/operating system designer. Within this focus, the NNs are trained using data that spans the entire normal space. These detectors are able to recognize attacks that were not specifically presented during training. We show that using small detectors in a hierarchy gives a better result than a single large detector. Some techniques can be used not only to detect anomalies, but to distinguish among them
Keywords :
backpropagation; neural nets; safety systems; security of data; signal detection; telecommunication security; transport protocols; ANN; IDS; TCP; anomaly detector; attack signatures recognition; backpropagation neural networks; false alarms; intrusion detection; network behavior monitoring; operating system; protocols; Detectors; Intrusion detection; Laboratories; Monitoring; Network servers; Neural networks; Physics; Protection; Protocols; Statistics;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
MILCOM 2000. 21st Century Military Communications Conference Proceedings
Conference_Location :
Los Angeles, CA
Print_ISBN :
0-7803-6521-6
Type :
conf
DOI :
10.1109/MILCOM.2000.904111
Filename :
904111
Link To Document :
بازگشت