Intrusion Detection With Neural Networks (1998)
Jake Ryan, Meng-Jang Lin, and Risto Miikkulainen
With the rapid expansion of computer networks during the past few years, security has become a crucial issue for modern computer systems. A good way to detect illegitimate use is through monitoring unusual user activity. Methods of intrusion detection based on hand-coded rule sets or predicting commands on-line are laborous to build or not very reliable. This paper proposes a new way of applying neural networks to detect intrusions. We believe that a user leaves a 'print' when using the system; a neural network can be used to learn this print and identify each user much like detectives use thumbprints to place people at crime scenes. If a user's behavior does not match his/her print, the system administrator can be alerted of a possible security breech. A backpropagation neural network called NNID (Neural Network Intrusion Detector) was trained in the identification task and tested experimentally on a system of 10 users. The system was 96% accurate in detecting unusual activity, with 7% false alarm rate. These results suggest that learning user profiles is an effective way for detecting intrusions.
View:
PDF
Citation:
In Michael I. Jordan and Michael J. Kearns and Sara A. Solla, editors, Advances in Neural Information Processing Systems 10, 943-949, Department of Computer Sciences, The University of Texas at Austin, 1998. Cambridge, MA: MIT Press. neural networks, supervised learning, AI.
Bibtex:

Risto Miikkulainen Faculty risto [at] cs utexas edu
Jake Ryan Undergraduate Alumni