A neural network component for an intrusion detection system

Debar, Hervé; Becker, Marco; Siboni, D.

doi:10.1109/risp.1992.213257

Cited by 300 publications

(156 citation statements)

References 4 publications

Supporting

Mentioning

145

Contrasting

Unclassified

Order By: Relevance

“…The area of intrusion detection has seen synthesis of concepts and techniques from a variety of disciplines, including expert systems [1,17], artificial neural networks [6], data mining [14], and static analysis [22]. A diverse collection of tools based on these various approaches have been deployed and tested [2,7].…”

Section: Background and Motivationmentioning

confidence: 99%

“…Other approaches in this category include that of time-based inductive generalization [21], artificial neural networks [6], and data-mining [14]. In time-based inductive generalization, the system behavior is modeled as a set of rules that are dynamically modified during the learning phase depending on how the predictions of the rules match with the observed system behavior.…”

Section: Background and Motivationmentioning

confidence: 99%

“…There are two main approaches to intrusion detection: signature-based [10,12] and anomaly-based [1,6,14]. In the signature-based approach, system behavior is observed for known patterns of attacks, while in the anomaly-based approach an alarm is raised if an observed behavior deviates significantly from pre-learned normal behavior.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Temporal Logic Based Framework for Intrusion Detection

Naldurg

Sen

Thati

2004

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We propose a framework for intrusion detection that is based on runtime monitoring of temporal logic specifications. We specify intrusion patterns as formulas in an expressively rich and efficiently monitorable logic called Eagle. Eagle supports data-values and parameterized recursive equations, and allows us to succinctly express security attacks with complex temporal event patterns, as well as attacks whose signatures are inherently statistical in nature. We use an online monitoring algorithm that matches specifications of the absence of an attack, with system execution traces, and raises an alarm whenever the specification is violated. We present our implementation of this approach in a prototype tool, called Monid and report our results obtained by applying it to detect a variety of security attacks in log-files provided by DARPA.

show abstract

Section: Background and Motivationmentioning

confidence: 99%

Section: Background and Motivationmentioning

confidence: 99%

See 1 more Smart Citation

A Temporal Logic Based Framework for Intrusion Detection

Naldurg

Sen

Thati

2004

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Several attempts have been made to apply Neural Architectures (such as SelfOrganising Maps [5], [6] Multilayer Perceptron [7], Radial Basis Function Networks [8]) to the field of network security [9], [10]. Most of them have focused on a classificatory approach to the intrusion detection task.…”

Section: Unsupervised Neural Projection Modelsmentioning

confidence: 99%

A Comparison of Neural Projection Techniques Applied to Intrusion Detection Systems

Herrero

Corchado

Gastaldo

et al.

Computational and Ambient Intelligence

View full text Add to dashboard Cite

Abstract. This paper reviews one nonlinear and two linear projection architectures, in the context of a comparative study, which are used as either alternative or complementary tools in the identification and analysis of anomalous situations by Intrusion Detection Systems (IDSs). Three neural projection models are empirically compared, using real traffic data sets in an IDS framework. The specific multivariate data analysis techniques that drive these models are able to identify different factors or components by studying higher order statistics -variance and kurtosis -in order to display the most interesting projections or dimensions. Our research describes how a network manager is able to diagnose anomalous behaviour in data traffic through visual projection of network traffic. We also emphasize the importance of the timedependent variable in the application of these projection methods.

show abstract

“…A good example is intrusion detection, which has been used to protect computer systems as a first line of defense. Next generation Intrusion Detection Expert Systems (NIDES) represents an IDS based on statistics that measures the similarity between a subject's long term and short term behaviours [8]. In [9] S.Chebrolu applied Bayesian Networks (BN) and Classification and Regression Trees (CART) approaches in fixed networks to model Intrusion Detection Systems (IDS) with high accuracies of detecting certain intrusions.…”

Section: Introductionmentioning

confidence: 99%

A Sliding Window Based Management Traffic Clustering Algorithm for 802.11 WLAN Intrusion Detection

Zhou

Marshall

IFIP International Federation for Information Processing

View full text Add to dashboard Cite

Abstract. This paper introduces a novel Management Traffic Clustering Algorithm (MTCA) based on a sliding window methodology for intrusion detection in 802.11 networks Active attacks and other network events such as scanning, joining and leaving in 802.11 WLANs can be observed by clustering the management frames in the MAC Layer. The new algorithm is based on a sliding window and measures the similarity of management frames within a certain period by calculating their variance. Through filtering out certain management frames, clusters are recognized from the discrete distribution of the variance of the management traffic load. Two parameters determine the accuracy and robustness of the algorithm: the Sample Interval and the Window Size of the sliding window. Extensive tests and comparisons between different sets of Sample Intervals and Window Sizes have been carried out. From analysis of the results, recommendations on what are the most appropriate values for these two parameters in various scenarios are presented.

show abstract

A neural network component for an intrusion detection system

Cited by 300 publications

References 4 publications

A Temporal Logic Based Framework for Intrusion Detection

A Temporal Logic Based Framework for Intrusion Detection

A Comparison of Neural Projection Techniques Applied to Intrusion Detection Systems

A Sliding Window Based Management Traffic Clustering Algorithm for 802.11 WLAN Intrusion Detection

Contact Info

Product

Resources

About