Agric. Econ. - Czech, 2004, 50(1):35-40 | DOI: 10.17221/5164-AGRICECON

Neural networks in intrusion detection systems

A. Veselý, D. Brechlerová
Czech University of Agriculture, Prague, Czech Republic

Security of an information system is its very important property, especially today, when computers are interconnected via internet. Because no system can be absolutely secure, the timely and accurate detection of intrusions is necessary. For this purpose, Intrusion Detection Systems (IDS) were designed. There are two basic models of IDS: misuse IDS and anomaly IDS. Misuse systems detect intrusions by looking for activity that corresponds to the known signatures of intrusions or vulnerabilities. Anomaly systems detect intrusions by searching for an abnormal system activity. Most IDS commercial tools are misuse systems with rule-based expert system structure. However, these techniques are less successful when attack characteristics vary from built-in signatures. Artificial neural networks offer the potential to resolve these problems. As far as anomaly systems are concerned, it is very difficult to build them, because it is difficult to define the normal and abnormal behaviour of a system. Also for building anomaly system, neural networks can be used, because they can learn to discriminate the normal and abnormal behaviour of a system from examples. Therefore, they offer a promising technique for building anomaly systems. This paper presents an overview of the applicability of neural networks in building intrusion systems and discusses advantages and drawbacks of neural network technology.

Keywords: Intrusion Detection System (IDS), misuse IDS, anomaly IDS, Kohonen´s self-organizing maps, backpropagation neural networks

Published: January 31, 2004  Show citation

ACS AIP APA ASA Harvard Chicago Chicago Notes IEEE ISO690 MLA NLM Turabian Vancouver
Veselý A, Brechlerová D. Neural networks in intrusion detection systems. Agric. Econ. - Czech. 2004;50(1):35-40. doi: 10.17221/5164-AGRICECON.
Share...
Download citation
  • BibTeX (.bib)
  • Bookends (.ris)
  • EasyBib (.ris)
  • EndNote (.enw)
  • EndNote 8 (.xml)
  • ISI WoS (.isi)
  • Medlars (.medlars)
  • Mendeley (.ris)
  • MODS (.xml)
  • Papers (.ris)
  • RefWorks (.txt)
  • RefManager (.ris)
  • RIS (.ris)
  • MS Word (.xml)
  • Zotero (.ris)
    • Open full article

    References

    1. Cannady J., Mahaffey J. (1998): The Application of Artificial Neural Networks to Misuse Detection, Georgia Tech Research Institute, http://www.raid-symposium.org/raid98/Talks.html#Cannady_34.
    2. Denning D.E. (1987): An Intrusion Detection Model. IEEE Transaction on Software Engineering, SE-13: 222–232. Go to original source...
    3. Ilgun K., Kemmerer R.A., Porras P.A. (1995): State Transition Analysis: A Rule-Based Intrusion Detection Approach. IEEE Transaction on Software Engineering, 21 (3): 181– 199. Go to original source...
    4. Kohonen T. (1990): The Self-organizing Map. Proceedings of the IEEE, 78 (9): 1464–1480. Go to original source...
    5. Mukherjee B., Heberlein L.T., Levitt K.N. (1994): Network Intrusion Detection. IEEE Network: 26–41. Go to original source...
    6. Rumelhart D.E. (1988): Parallel Distributed Processing. Vol. I and II, MIT Press, Cambridge.
    7. Ryan J., Lin M.J., Mikkulainen, R. (1998): Intrusion Detection with Neural Networks. Advances in Neural Information Processing Systems, 10, MIT Press, Cambridge.

    This is an open access article distributed under the terms of the Creative Commons Attribution-NonCommercial 4.0 International (CC BY NC 4.0), which permits non-comercial use, distribution, and reproduction in any medium, provided the original publication is properly cited. No use, distribution or reproduction is permitted which does not comply with these terms.


    Return to the content