Artificial neural network for misuse detection
-
Upload
sajan-sahu -
Category
Technology
-
view
197 -
download
1
description
Transcript of Artificial neural network for misuse detection
NA
TIO
NA
L IN
ST
ITU
TE
OF
SC
IEN
CE
& T
EC
HN
OL
OG
Y
Presented by:Manoj Kumar Gantayat CS:200118258
Technical Seminar Presentation - 2004
by
MANOJ KUMAR GANTAYAT([email protected])
Roll # CS200117145Under the Guidance of
MR. S.K.MEHER
ARTIFICIAL NEURAL NETWORK FOR MISUSE DETECTION
NA
TIO
NA
L IN
ST
ITU
TE
OF
SC
IEN
CE
& T
EC
HN
OL
OG
Y
Presented by:Manoj Kumar Gantayat CS:200118258
Technical Seminar Presentation - 2004
INTRODUCTIONINTRUSION DETECTION SYSTEMS (IDS)
• Host-based IDS• Network-based IDS• Vulnerability-assessment IDS
COMPONENT OF Of IDS
• An information source that provides a stream of event records• An analysis engine that identifies signs of intrusions• A response component that gene rates reactions based on the outcome of the analysis engine.
NA
TIO
NA
L IN
ST
ITU
TE
OF
SC
IEN
CE
& T
EC
HN
OL
OG
Y
Presented by:Manoj Kumar Gantayat CS:200118258
Technical Seminar Presentation - 2004
NEURAL NETWORKS
NA
TIO
NA
L IN
ST
ITU
TE
OF
SC
IEN
CE
& T
EC
HN
OL
OG
Y
Presented by:Manoj Kumar Gantayat CS:200118258
Technical Seminar Presentation - 2004
NEURAL NETWORK IDS PROTOTYPES
1. Percetron Model:
A single neuron with adjustable synapses and threshold.
NA
TIO
NA
L IN
ST
ITU
TE
OF
SC
IEN
CE
& T
EC
HN
OL
OG
Y
Presented by:Manoj Kumar Gantayat CS:200118258
Technical Seminar Presentation - 2004
2. Backpropagation Model
3. Perceptron-Backpropagation Hybrid Model
NA
TIO
NA
L IN
ST
ITU
TE
OF
SC
IEN
CE
& T
EC
HN
OL
OG
Y
Presented by:Manoj Kumar Gantayat CS:200118258
Technical Seminar Presentation - 2004
Neural Network Intrusion Detection Systems
• Computer attack
• Typical characteristics of User
• Computer Viruses
• Malicious Software in Computer Network
NA
TIO
NA
L IN
ST
ITU
TE
OF
SC
IEN
CE
& T
EC
HN
OL
OG
Y
Presented by:Manoj Kumar Gantayat CS:200118258
Technical Seminar Presentation - 2004
NEGPAIM MODEL
NA
TIO
NA
L IN
ST
ITU
TE
OF
SC
IEN
CE
& T
EC
HN
OL
OG
Y
Presented by:Manoj Kumar Gantayat CS:200118258
Technical Seminar Presentation - 2004
NEURAL ENGINE• Based Anomaly intrusion detection
• Establish profiles of normal user and compare user behaviors to those profiles
• Investigation of total behaviors of the user
Disadvantages
• A statistical assumption is required
NA
TIO
NA
L IN
ST
ITU
TE
OF
SC
IEN
CE
& T
EC
HN
OL
OG
Y
Presented by:Manoj Kumar Gantayat CS:200118258
Technical Seminar Presentation - 2004
IMPLEMENTATION
• Uses Multi-layer Pecptron Network
First Stage :
1. Training a set of historical Data
2. Only once for each user
Second Stage:
1. Engine accept input Data
2. Compare with the historical Data
NA
TIO
NA
L IN
ST
ITU
TE
OF
SC
IEN
CE
& T
EC
HN
OL
OG
Y
Presented by:Manoj Kumar Gantayat CS:200118258
Technical Seminar Presentation - 2004
IMPLEMENTATION OF ANN
1. Incorporating into Modified or Existing Expert system
• The incoming Data is Filtered by Neural Network for suspicious event
• The False alarm should be reduced
Disadvantages:
• Need for update to recognize the new attack
NA
TIO
NA
L IN
ST
ITU
TE
OF
SC
IEN
CE
& T
EC
HN
OL
OG
Y
Presented by:Manoj Kumar Gantayat CS:200118258
Technical Seminar Presentation - 2004
2. Neural Network as Stand alone System
• Data is received from Network Stream and analyzed for misuse
• Indicative of data is forwarded to automated intrusion response system
NA
TIO
NA
L IN
ST
ITU
TE
OF
SC
IEN
CE
& T
EC
HN
OL
OG
Y
Presented by:Manoj Kumar Gantayat CS:200118258
Technical Seminar Presentation - 2004
LEVEL OF PROCESSING OF DATA
LEVEL 1: The element of data is selected from packet as Protocol ID, Source Port, Destination Port, Source Address, Destination Address, ICMP type, ICMP Code, Raw data length, Raw.
LEVEEL 2: Converting the nine element data to a standardized numeric representation.
LEVEL 3: Conversion of result data into ASCII coma delimited format that could be used by Neural Network.
NA
TIO
NA
L IN
ST
ITU
TE
OF
SC
IEN
CE
& T
EC
HN
OL
OG
Y
Presented by:Manoj Kumar Gantayat CS:200118258
Technical Seminar Presentation - 2004
ADVANTAGES OF ANN BASED MISUSE DETECTION
• Analyzing the Data which is incomplete of distorted
• Speed of neural Network
• A particular event was indicative attack can be known
• To Learn the characteristics of Misuse attack
NA
TIO
NA
L IN
ST
ITU
TE
OF
SC
IEN
CE
& T
EC
HN
OL
OG
Y
Presented by:Manoj Kumar Gantayat CS:200118258
Technical Seminar Presentation - 2004
DISADVANTAGES OF ANN BASED MISUSE DETECTION
• Need accurate training of the system
• Black Box nature of the neural network
• The weight and transfer function of various network nodes are Frozen after a network has achieved a level of success in identification of event
NA
TIO
NA
L IN
ST
ITU
TE
OF
SC
IEN
CE
& T
EC
HN
OL
OG
Y
Presented by:Manoj Kumar Gantayat CS:200118258
Technical Seminar Presentation - 2004
CONCLUSION
The early results of tests of these technologies show significant promise, and our future work will involve the refinement of the approach and the development of a full-scale demonstration system
NA
TIO
NA
L IN
ST
ITU
TE
OF
SC
IEN
CE
& T
EC
HN
OL
OG
Y
Presented by:Manoj Kumar Gantayat CS:200118258
Technical Seminar Presentation - 2004
THANK YOU