Artificial neural network model & hidden layers in multilayer artificial neural networks
Artificial neural network for misuse detection
-
Upload
likan-patra -
Category
Technology
-
view
1.951 -
download
5
Transcript of Artificial neural network for misuse detection
![Page 1: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/1.jpg)
![Page 2: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/2.jpg)
INTRUSION DETECTION SYSTEMS (IDS)
• Host-based IDS• Network-based IDS• Vulnerability-assessment IDS
COMPONENT OF Of IDS
• An information source that provides a stream of event records• An analysis engine that identifies signs of intrusions• A response component that gene rates reactions based on the outcome of the analysis engine.
![Page 3: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/3.jpg)
NEURAL NETWORKS
![Page 4: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/4.jpg)
NEURAL NETWORK IDS PROTOTYPES
1. Percetron Model:
A single neuron with adjustable synapses and threshold.
![Page 5: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/5.jpg)
2. Backpropagation Model
3. Perceptron-Backpropagation Hybrid Model
![Page 6: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/6.jpg)
Neural Network Intrusion Detection Systems
• Computer attack
• Typical characteristics of User
• Computer Viruses
• Malicious Software in Computer Network
![Page 7: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/7.jpg)
NEGPAIM MODEL
![Page 8: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/8.jpg)
NEURAL ENGINE• Based Anomaly intrusion detection
• Establish profiles of normal user and compare user behaviors to those profiles
• Investigation of total behaviors of the user
Disadvantages
• A statistical assumption is required
![Page 9: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/9.jpg)
IMPLEMENTATION
• Uses Multi-layer Pecptron Network
First Stage :
1. Training a set of historical Data
2. Only once for each user
Second Stage:
1. Engine accept input Data
2. Compare with the historical Data
![Page 10: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/10.jpg)
IMPLEMENTATION OF ANN
1. Incorporating into Modified or Existing Expert system
• The incoming Data is Filtered by Neural Network for suspicious event
• The False alarm should be reduced
Disadvantages:
• Need for update to recognize the new attack
![Page 11: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/11.jpg)
2. Neural Network as Stand alone System
• Data is received from Network Stream and analyzed for misuse
• Indicative of data is forwarded to automated intrusion response system
![Page 12: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/12.jpg)
LEVEL OF PROCESSING OF DATA
LEVEL 1: The element of data is selected from packet as Protocol ID, Source Port, Destination Port, Source Address, Destination Address, ICMP type, ICMP Code, Raw data length, Raw.
LEVEEL 2: Converting the nine element data to a standardized numeric representation.
LEVEL 3: Conversion of result data into ASCII coma delimited format that could be used by Neural Network.
![Page 13: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/13.jpg)
ADVANTAGES OF ANN BASED MISUSE DETECTION
• Analyzing the Data which is incomplete of distorted
• Speed of neural Network
• A particular event was indicative attack can be known
• To Learn the characteristics of Misuse attack
![Page 14: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/14.jpg)
DISADVANTAGES OF ANN BASED MISUSE DETECTION
• Need accurate training of the system
• Black Box nature of the neural network
• The weight and transfer function of various network nodes are Frozen after a network has achieved a level of success in identification of event
![Page 15: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/15.jpg)
The early results of tests of these technologies show significant promise, and our future work will involve the refinement of the approach and the development of a full-scale demonstration system
![Page 16: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/16.jpg)
THANK YOU
![Page 17: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/17.jpg)
![Page 18: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/18.jpg)
INTRUSION DETECTION SYSTEMS (IDS)
• Host-based IDS• Network-based IDS• Vulnerability-assessment IDS
COMPONENT OF Of IDS
• An information source that provides a stream of event records• An analysis engine that identifies signs of intrusions• A response component that gene rates reactions based on the outcome of the analysis engine.
![Page 19: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/19.jpg)
NEURAL NETWORKS
![Page 20: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/20.jpg)
NEURAL NETWORK IDS PROTOTYPES
1. Percetron Model:
A single neuron with adjustable synapses and threshold.
![Page 21: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/21.jpg)
2. Backpropagation Model
3. Perceptron-Backpropagation Hybrid Model
![Page 22: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/22.jpg)
Neural Network Intrusion Detection Systems
• Computer attack
• Typical characteristics of User
• Computer Viruses
• Malicious Software in Computer Network
![Page 23: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/23.jpg)
NEGPAIM MODEL
![Page 24: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/24.jpg)
NEURAL ENGINE• Based Anomaly intrusion detection
• Establish profiles of normal user and compare user behaviors to those profiles
• Investigation of total behaviors of the user
Disadvantages
• A statistical assumption is required
![Page 25: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/25.jpg)
IMPLEMENTATION
• Uses Multi-layer Pecptron Network
First Stage :
1. Training a set of historical Data
2. Only once for each user
Second Stage:
1. Engine accept input Data
2. Compare with the historical Data
![Page 26: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/26.jpg)
IMPLEMENTATION OF ANN
1. Incorporating into Modified or Existing Expert system
• The incoming Data is Filtered by Neural Network for suspicious event
• The False alarm should be reduced
Disadvantages:
• Need for update to recognize the new attack
![Page 27: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/27.jpg)
2. Neural Network as Stand alone System
• Data is received from Network Stream and analyzed for misuse
• Indicative of data is forwarded to automated intrusion response system
![Page 28: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/28.jpg)
LEVEL OF PROCESSING OF DATA
LEVEL 1: The element of data is selected from packet as Protocol ID, Source Port, Destination Port, Source Address, Destination Address, ICMP type, ICMP Code, Raw data length, Raw.
LEVEEL 2: Converting the nine element data to a standardized numeric representation.
LEVEL 3: Conversion of result data into ASCII coma delimited format that could be used by Neural Network.
![Page 29: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/29.jpg)
ADVANTAGES OF ANN BASED MISUSE DETECTION
• Analyzing the Data which is incomplete of distorted
• Speed of neural Network
• A particular event was indicative attack can be known
• To Learn the characteristics of Misuse attack
![Page 30: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/30.jpg)
DISADVANTAGES OF ANN BASED MISUSE DETECTION
• Need accurate training of the system
• Black Box nature of the neural network
• The weight and transfer function of various network nodes are Frozen after a network has achieved a level of success in identification of event
![Page 31: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/31.jpg)
The early results of tests of these technologies show significant promise, and our future work will involve the refinement of the approach and the development of a full-scale demonstration system
![Page 32: Artificial neural network for misuse detection](https://reader034.fdocuments.us/reader034/viewer/2022052204/5562555ad8b42a1b4b8b50d2/html5/thumbnails/32.jpg)
THANK YOU