[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IDS: Re: Neural Network IDS research
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Archive: http://msgs.securepoint.com/ids
FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner@uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
-----------------------------------------------------------------------------
Oops : )
Try going here:
http://www.ieee.org/organizations/pubs/pub_preview/nn_toc.html
or to the National Science Foundation and in its Search NSF type "neural
networks". I found some other leads also here and there that should be able
to help.
I also found this person that may be able to help:
Darrell Duane, Jr.
dduane@duane.com
http://www.duane.com/~dduane
12312 Sleepy Lake Court
Fairfax, VA 22033-2837
(703) 385 2608
OBJECTIVE: To utilize Artificial Intelligence/Statistical techniques for
data analysis and model development.
EDUCATION: Master of Science, Electrical Engineering, George Mason
University, January 1997.
Thesis Topic: Using Genetic Algorithms to evolve Neural Networks for Pattern
Recognition.
Also, I found this:
"SRI did in fact do some neural network experiments,
and if you contact Debra Anderson at debra@csl.sri.com
you can find out if the code is available."
And this:
Reference
http://www1.acm.org/crossroads/xrds2-4/intrus.html
Discussion
This introduction to ID covers the basic issues, describing the need
and the major approaches that have been used or are being researched. In
this way Sundaram reviews anomaly and misuse detection and methods. Under
the anomaly category, he reviews training the system through statistical
approaches, predictive patterns, and neural networks. Under the misuse
category he identifies: rule matching through expert systems; keystroke
monitoring, where particular key-strokes combinations may be indicative of a
intrusion attempt; model-based ID; and state transition analysis, where the
temporal sequence of an attempted intrusion is taken into account. He ends
by stating that "intrusion detection is still a fledgling field of
research."
And this:
Reference
ftp://ftp.info.fundp.ac.be/pub/users/amo/thesis.ps.Z
Discussion
This dissertation describes a rule-based language called RUSSEL.
However, Chapter 2 provides a good review of related work in intrusion
detection. Mounji discusses, and provides examples of, tools that employ
either the anomaly or misuse approach, and methods that support these
approaches. Thus he identifies neural networks, predictive pattern
recognition and data clustering as examples of techniques supporting anomaly
detection. Within the misuse category he identifies rule base expert
systems, state transition, and colored Petri nets as possible approaches. He
also identifies benefits and drawbacks of the anomaly approach. Within the
misuse category, he only discusses benefits and drawbacks of STAT, a tool
that uses a state-transition approach to misuse detection. He concludes the
section with a discussion of the current problems of ID systems.
And this:
A Distributed Autonomous-Agent Network-Intrusion Detection and Response
System
Joseph Barrus
Enable Incorporated
11440 W. Bernardo Ct., Suite 290
San Diego, CA 92127
jbarrus@enableinc.com
Neil C. Rowe
Code CS/Rp
Naval Postgraduate School
Monterey, CA 93943
Abstract
We propose a distributed architecture with autonomous agents to monitor
security-related activity within a network. Each agent operates
cooperatively yet independently of the others, providing for efficiency,
real-time response and distribution of resources. This architecture provides
significant advantages in scalability, flexibility, extensibility, fault
tolerance, and resistance to compromise.
We also propose a scheme of escalating levels of alertness, and a way to
notify other agents on other computers in a network of attacks so they can
take preemptive or reactive measures. We designed a neural network to
measure and determine alert threshold values. A communication protocol is
proposed to relay these alerts throughout the network. We illustrate our
design with a detailed scenario.
And this:
Artificial Neural Networks for Misuse Detection James Cannady School of
Computer and Information Sciences Nova Southeastern University Fort
Lauderdale, FL 33314 cannadyj@scis.nova.edu
I'm sure you'll be able to find what you're looking for now.
----- Original Message -----
From: "George Noel" <noelg@acm.org>
To: <ids@uow.edu.au>
Sent: Tuesday, February 06, 2001 7:23 AM
Subject: IDS: Neural Network IDS research
> Archive: http://msgs.securepoint.com/ids
> FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm
> FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html
> IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems... email questions to ids-owner@uow.edu.au
> NOTE: Remove this section from reply msgs otherwise the msg will bounce.
> SPAM: DO NOT send unsolicted mail to this list.
> UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
> --------------------------------------------------------------------------
---
> Hello!
>
> I am looking for recent research (in the last 3-4 years) on intrusion
> detection systems using neural networks. All I have found so far has been
> almost ten years old. Does anyone know of a good place to look for this
> information?
>
> Thanks!
>
> George
>
>
|
