ANN for misuse detection

[paulson]

Abstract:
The detection of misuse is the process of trying to identify cases of network attacks by
Comparing current activity with the expected actions of an intruder. Most current approaches use of standards-based expert systems to identify Attacks. However, these techniques are less successful in identifying attacks that range from Expected patterns. Artificial neural networks provide the potential to identify and classify Network activity based on limited, incomplete and non-linear data sources. We present a Approach to the misuse detection process that utilizes the analytical Networks and we provide the results of our preliminary analysis of this approach. And Due to the increasing dependence of companies and government agencies on their computer networks, the importance of protecting these systems from attack is critical. A single computer network intrusion can result in the loss or unauthorized use or modification of large amounts of data and cause users to question the reliability of all information on the network

Intrusion detection system
Timely and accurate intrusion detection of computer systems and networks has always been a difficult goal for system administrators and information security researchers. The individual creativity of attackers, the wide range of hardware and operating systems, and the ever-changing nature of the general threat to target systems have contributed to the difficulty of effectively identifying intrusions. While the complexity of host computers has already made intrusion detection a difficult endeavor, the increasing prevalence of systems based on distributed networks and insecure networks such as the Internet has greatly increased the need for intrusion detection.

There are two general categories of attacks that intrusion detection technologies attempt to identify: detection of anomalies and detection of misuse. Anomaly detection identifies activities that vary from established patterns for users or groups of users. The detection of anomalies usually involves the creation of knowledge bases that contain the profiles of supervised activities.

The second general approach to intrusion detection is the detection of misuse. This technique involves the comparison of a user's activities with the known behaviors of attackers attempting to penetrate a system. While anomaly detection typically uses threshold monitoring to indicate when an established metric has been reached, misuse detection techniques often use a rule-based approach.

When applied to misuse detection, rules become scenarios for network attacks. The intrusion detection mechanism identifies a potential attack if a user's activities prove to be consistent with established rules. The use of complete rules is critical in the application of expert systems for the detection of intrusions.

Current approaches to intrusion detection systems
Most current approaches to the intrusion detection process use some kind of rule-based analysis. Rule-based analysis relies on predefined rule sets provided by an administrator, created automatically by the system, or both. Expert systems are the most common form of rule-based intrusion detection approaches. Early intrusion detection research efforts realized the inefficiency of any approach that required a manual overhaul of a system audit trail. Although it was believed that the information necessary to identify the attacks was present in the bulky audit data, an effective review of the material required the use of an automated system.

The use of expert systems techniques in intrusion detection mechanisms was a significant milestone in the development of effective and effective detection-based information security systems.

An expert system consists of a set of rules that encode the knowledge of a human "expert". These rules are used by the system to draw conclusions about data related to the security of the intrusion detection system. Expert systems allow the incorporation of a large amount of human experience into a computer application that then uses that knowledge to identify activities that coincide with the defined characteristics of misuse and attack

Artificial Neural Network (ANN) for misuse detection

The neural network consists of different levels and each level has nodes .. each node ID connected to the top level of all nodes and the number of nodes at each level continues to increase. The neural network is used to detect computer attacks, computer viruses and malicious software on the computer.

Neural motor: is based on the detection of intrusions, which establish the user profile to observe their behavior. But it requires assumptions. For intrusion detection training is necessary for each user once. Then compare current data with historical data. All new data is filtered or checked. It must be regularly updated so that new data can be entered. When the new data is received and if it is doubtful then it is sent to the intrusion response system.

There are different levels of data processing:

- First level, all data elements are collected from the protocol ID, source port, ICMP type and ICMP code as raw data.

- Second, convert them to the numerical representation

- Third, the conversion of the results data into ASCII format that is used by the neural network.

Advantages: good speed, analyze incomplete data distorted.

Disadvantages: require a precise system for training, several network nodes are frozen after reaching the level of success.

Conclusion: these networks have worked successfully and in the future can be used, which may involve refinement for the full scale demonstration of the system

[Binu]

Intrusion Detection Systems

The timely and accurate detection of computer and network system intrusions has always been an elusive goal for system administrators and information security researchers. The individual creativity of attackers, the wide range of computer hardware and operating systems, and the ever changing nature of the overall threat to target systems have contributed to the difficulty in effectively identifying intrusions. While the complexities of host computers already made intrusion detection a difficult endeavor, the increasing prevalence of distributed network-based systems and insecure networks such as the Internet has greatly increased the need for intrusion detection.

Because of the increasing dependence which companies and government agencies have on their computer networks the importance of protecting these systems from attack is critical. A single intrusion of a computer network can result in the loss or unauthorized utilization or modification of large amounts of data and cause users to question the reliability of all of the information on the network. There are numerous methods of responding to a network intrusion, but they all require the accurate and timely identification of the attack.

There are two general categories of attacks which intrusion detection technologies attempt to identify - anomaly detection and misuse detection .Anomaly detection identifies activities that vary from established patterns for users, or groups of users. Anomaly detection typically involves the creation of knowledge bases that contain the profiles of the monitored activities.

The second general approach to intrusion detection is misuse detection. This technique involves the comparison of a user's activities with the known behaviors of attackers attempting to penetrate a system. While anomaly detection typically utilizes threshold monitoring to indicate when a certain established metric has been reached, misuse detection techniques frequently utilize a rule-based approach. When applied to misuse detection, the rules become scenarios for network attacks. The intrusion detection mechanism identifies a potential attack if a user's activities are found to be consistent with the established rules. The use of comprehensive rules is critical in the application of expert systems for intrusion detection.

Current approaches to intrusion detection systems

Most current approaches to the process of detecting intrusions utilize some form of rule-based analysis. Rule-Based analysis relies on sets of predefined rules that are provided by an administrator, automatically created by the system, or both. Expert systems are the most common form of rule-based intrusion detection approaches. The early intrusion detection research efforts realized the inefficiency of any approach that required a manual review of a system audit trail. While the information necessary to identify attacks was believed to be present within the voluminous audit data, an effective review of the material required the use of an automated system.

The use of expert system techniques in intrusion detection mechanisms was a significant milestone in the development of effective and practical detection-based information security systems.

An expert system consists of a set of rules that encode the knowledge of a human "expert". These rules are used by the system to make conclusions about the security-related data from the intrusion detection system. Expert systems permit the incorporation of an extensive amount of human experience into a computer application that then utilizes that knowledge to identify activities that match the defined characteristics of misuse and attack.

[ansal]

Misuse detection is the process of attempting to identify instances of network attacks by comparing current activity against the expected actions of an intruder. Most current approaches to misuse detection involve the use of rule-based expert systems to identify indications of known attacks. However, these techniques are less successful in identifying attacks which vary from expected patterns. Artificial neural networks provide the potential to identify and classify network activity based on limited, incomplete, and nonlinear data sources. This paper presents an analysis of the applicability of neural networks in the identification of instances of external attacks against a network. Research and development of intrusion detection systems has been ongoing since the early 1980 s and the challenges faced by designers increase as the targeted systems because more diverse and complex. Misuse detection is a particularly difficult problem because of the extensive number of vulnerabilities in computer systems and the creativity of the attackers. Neural networks provide a number of advantages in the detection of these attacks. The early results of our tests of these technologies show significant promise, and our future work will involve the refinement of this approach and the development of a full-scale demonstration system.

[jadoogar]

plss send me full seminar report on ANN for misuse detection as soon as possible plss.. i have seminar on monday i.e. on 13

sept 2010.. so kindly send me full seminar report before saturday.. plss..

[nikhil kumar]

plss send me full seminar report on ANN for misuse detection as soon as possible plss.. i have seminar on monday i.e. on 13 sept 2010.. so kindly send me full seminar report before saturday.. plss..

[suravi]

I want seminar report on ANN for misuse detection with table of contents and list of figures

[mounica]

please send me the complete report as well as the code that is used.