THESIS
2001
xiv, 91 leaves : ill. ; 30 cm
Abstract
Network intrusion detection has emerged as one of the ways to enforce computer security in recent years. It is the problem of detecting intrusive activities by using network data as the source. The commonest way is to hand-code the attack signatures into rules for detection. This approach is slow and expensive. Consequently, other techniques have been proposed to tackle the problem. Many of these techniques have to use both normal and intrusion data to build their classifiers. In practice, however, intrusion data are usually limited in quantity for model training. Therefore, we propose to solve the network intrusion detection problem by using a novelty detection approach. In particular, the probabilistic neural network (PNN) model based on the use of Parzen windows for nonparametric den...[
Read more ]
Network intrusion detection has emerged as one of the ways to enforce computer security in recent years. It is the problem of detecting intrusive activities by using network data as the source. The commonest way is to hand-code the attack signatures into rules for detection. This approach is slow and expensive. Consequently, other techniques have been proposed to tackle the problem. Many of these techniques have to use both normal and intrusion data to build their classifiers. In practice, however, intrusion data are usually limited in quantity for model training. Therefore, we propose to solve the network intrusion detection problem by using a novelty detection approach. In particular, the probabilistic neural network (PNN) model based on the use of Parzen windows for nonparametric density estimation is used. Our method can build an intrusion detection system using only normal network traffic records.
We have tested our system on the dataset used in the KDD Cup 1999 contest. Results show that our system performs favorably when compared to the winning system of the contest. The winning system, which is based on an ensemble of decision trees with bagged boosting, uses many intrusion records and much more normal data records for classifier training. This shows that our model is promising for solving the network intrusion problem. Besides, a speedup scheme for our model is presented. Moreover, we propose a service-based PNN model which is based on the detection of individual network service traffic. Experimental results for this model are also presented.
Post a Comment