NA

TIO

NA

L IN

ST

ITU

TE

OF

SC

IEN

CE

& T

EC

HN

OL

OG

Y



INTRODUCTIONINTRUSION DETECTION SYSTEMS (IDS)

• Host-based IDS• Network-based IDS• Vulnerability-assessment IDS

COMPONENT OF Of IDS

• An information source that provides a stream of event records• An analysis engine that identifies signs of intrusions• A response component that gene rates reactions based on the outcome of the analysis engine.

NA

TIO

NA

L IN

ST

ITU

TE

OF

SC

IEN

CE

& T

EC

HN

OL

OG

Y



NEURAL NETWORKS

NA

TIO

NA

L IN

ST

ITU

TE

OF

SC

IEN

CE

& T

EC

HN

OL

OG

Y



NEURAL NETWORK IDS PROTOTYPES

1. Percetron Model:

A single neuron with adjustable synapses and threshold.

NA

TIO

NA

L IN

ST

ITU

TE

OF

SC

IEN

CE

& T

EC

HN

OL

OG

Y



2. Backpropagation Model

3. Perceptron-Backpropagation Hybrid Model

NA

TIO

NA

L IN

ST

ITU

TE

OF

SC

IEN

CE

& T

EC

HN

OL

OG

Y



Neural Network Intrusion Detection Systems

• Computer attack

• Typical characteristics of User

• Computer Viruses

• Malicious Software in Computer Network

NA

TIO

NA

L IN

ST

ITU

TE

OF

SC

IEN

CE

& T

EC

HN

OL

OG

Y



NEGPAIM MODEL

NA

TIO

NA

L IN

ST

ITU

TE

OF

SC

IEN

CE

& T

EC

HN

OL

OG

Y



NEURAL ENGINE• Based Anomaly intrusion detection

• Establish profiles of normal user and compare user behaviors to those profiles

• Investigation of total behaviors of the user

Disadvantages

• A statistical assumption is required

NA

TIO

NA

L IN

ST

ITU

TE

OF

SC

IEN

CE

& T

EC

HN

OL

OG

Y



IMPLEMENTATION

• Uses Multi-layer Pecptron Network

First Stage :

1. Training a set of historical Data

2. Only once for each user

Second Stage:

1. Engine accept input Data

2. Compare with the historical Data

NA

TIO

NA

L IN

ST

ITU

TE

OF

SC

IEN

CE

& T

EC

HN

OL

OG

Y



IMPLEMENTATION OF ANN

1. Incorporating into Modified or Existing Expert system

• The incoming Data is Filtered by Neural Network for suspicious event

• The False alarm should be reduced

Disadvantages:

• Need for update to recognize the new attack

NA

TIO

NA

L IN

ST

ITU

TE

OF

SC

IEN

CE

& T

EC

HN

OL

OG

Y



2. Neural Network as Stand alone System

• Data is received from Network Stream and analyzed for misuse

• Indicative of data is forwarded to automated intrusion response system

NA

TIO

NA

L IN

ST

ITU

TE

OF

SC

IEN

CE

& T

EC

HN

OL

OG

Y



LEVEL OF PROCESSING OF DATA

LEVEL 1: The element of data is selected from packet as Protocol ID, Source Port, Destination Port, Source Address, Destination Address, ICMP type, ICMP Code, Raw data length, Raw.

LEVEEL 2: Converting the nine element data to a standardized numeric representation.

LEVEL 3: Conversion of result data into ASCII coma delimited format that could be used by Neural Network.

NA

TIO

NA

L IN

ST

ITU

TE

OF

SC

IEN

CE

& T

EC

HN

OL

OG

Y



ADVANTAGES OF ANN BASED MISUSE DETECTION

• Analyzing the Data which is incomplete of distorted

• Speed of neural Network

• A particular event was indicative attack can be known

• To Learn the characteristics of Misuse attack

NA

TIO

NA

L IN

ST

ITU

TE

OF

SC

IEN

CE

& T

EC

HN

OL

OG

Y



DISADVANTAGES OF ANN BASED MISUSE DETECTION

• Need accurate training of the system

• Black Box nature of the neural network

• The weight and transfer function of various network nodes are Frozen after a network has achieved a level of success in identification of event

NA

TIO

NA

L IN

ST

ITU

TE

OF

SC

IEN

CE

& T

EC

HN

OL

OG

Y



CONCLUSION

The early results of tests of these technologies show significant promise, and our future work will involve the refinement of the approach and the development of a full-scale demonstration system

NA

TIO

NA

L IN

ST

ITU

TE

OF

SC

IEN

CE

& T

EC

HN

OL

OG

Y



THANK YOU

artificial neural network for misuse detection

Technology

manoj kumar gantayat

technical seminar presentation

computer network

neural network ids prototypes1

network stream

neural networks

system data

analysis engine