INTRUSION DETECTION SYSTEMS (IDS)

• Host-based IDS• Network-based IDS• Vulnerability-assessment IDS

COMPONENT OF Of IDS

• An information source that provides a stream of event records• An analysis engine that identifies signs of intrusions• A response component that gene rates reactions based on the outcome of the analysis engine.

NEURAL NETWORKS

NEURAL NETWORK IDS PROTOTYPES

1. Percetron Model:

A single neuron with adjustable synapses and threshold.

2. Backpropagation Model

3. Perceptron-Backpropagation Hybrid Model

Neural Network Intrusion Detection Systems

• Computer attack

• Typical characteristics of User

• Computer Viruses

• Malicious Software in Computer Network

NEGPAIM MODEL

NEURAL ENGINE• Based Anomaly intrusion detection

• Establish profiles of normal user and compare user behaviors to those profiles

• Investigation of total behaviors of the user

Disadvantages

• A statistical assumption is required

IMPLEMENTATION

• Uses Multi-layer Pecptron Network

First Stage :

1. Training a set of historical Data

2. Only once for each user

Second Stage:

1. Engine accept input Data

2. Compare with the historical Data

IMPLEMENTATION OF ANN

1. Incorporating into Modified or Existing Expert system

• The incoming Data is Filtered by Neural Network for suspicious event

• The False alarm should be reduced

Disadvantages:

• Need for update to recognize the new attack

2. Neural Network as Stand alone System

• Data is received from Network Stream and analyzed for misuse

• Indicative of data is forwarded to automated intrusion response system

LEVEL OF PROCESSING OF DATA

LEVEL 1: The element of data is selected from packet as Protocol ID, Source Port, Destination Port, Source Address, Destination Address, ICMP type, ICMP Code, Raw data length, Raw.

LEVEEL 2: Converting the nine element data to a standardized numeric representation.

LEVEL 3: Conversion of result data into ASCII coma delimited format that could be used by Neural Network.

ADVANTAGES OF ANN BASED MISUSE DETECTION

• Analyzing the Data which is incomplete of distorted

• Speed of neural Network

• A particular event was indicative attack can be known

• To Learn the characteristics of Misuse attack

DISADVANTAGES OF ANN BASED MISUSE DETECTION

• Need accurate training of the system

• Black Box nature of the neural network

• The weight and transfer function of various network nodes are Frozen after a network has achieved a level of success in identification of event

The early results of tests of these technologies show significant promise, and our future work will involve the refinement of the approach and the development of a full-scale demonstration system

THANK YOU

INTRUSION DETECTION SYSTEMS (IDS)

• Host-based IDS• Network-based IDS• Vulnerability-assessment IDS

COMPONENT OF Of IDS

• An information source that provides a stream of event records• An analysis engine that identifies signs of intrusions• A response component that gene rates reactions based on the outcome of the analysis engine.

NEURAL NETWORKS

NEURAL NETWORK IDS PROTOTYPES

1. Percetron Model:

A single neuron with adjustable synapses and threshold.

2. Backpropagation Model

3. Perceptron-Backpropagation Hybrid Model

Neural Network Intrusion Detection Systems

• Computer attack

• Typical characteristics of User

• Computer Viruses

• Malicious Software in Computer Network

NEGPAIM MODEL

NEURAL ENGINE• Based Anomaly intrusion detection

• Establish profiles of normal user and compare user behaviors to those profiles

• Investigation of total behaviors of the user

Disadvantages

• A statistical assumption is required

IMPLEMENTATION

• Uses Multi-layer Pecptron Network

First Stage :

1. Training a set of historical Data

2. Only once for each user

Second Stage:

1. Engine accept input Data

2. Compare with the historical Data

IMPLEMENTATION OF ANN

1. Incorporating into Modified or Existing Expert system

• The incoming Data is Filtered by Neural Network for suspicious event

• The False alarm should be reduced

Disadvantages:

• Need for update to recognize the new attack

2. Neural Network as Stand alone System

• Data is received from Network Stream and analyzed for misuse

• Indicative of data is forwarded to automated intrusion response system

LEVEL OF PROCESSING OF DATA

LEVEL 1: The element of data is selected from packet as Protocol ID, Source Port, Destination Port, Source Address, Destination Address, ICMP type, ICMP Code, Raw data length, Raw.

LEVEEL 2: Converting the nine element data to a standardized numeric representation.

LEVEL 3: Conversion of result data into ASCII coma delimited format that could be used by Neural Network.

ADVANTAGES OF ANN BASED MISUSE DETECTION

• Analyzing the Data which is incomplete of distorted

• Speed of neural Network

• A particular event was indicative attack can be known

• To Learn the characteristics of Misuse attack

DISADVANTAGES OF ANN BASED MISUSE DETECTION

• Need accurate training of the system

• Black Box nature of the neural network

• The weight and transfer function of various network nodes are Frozen after a network has achieved a level of success in identification of event

The early results of tests of these technologies show significant promise, and our future work will involve the refinement of the approach and the development of a full-scale demonstration system

THANK YOU