NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY
Technical Seminar Presentation - 2004
ARTIFICIAL NEURAL NETWORK FOR MISUSE DETECTION by MANOJ KUMAR GANTAYAT (
[email protected]) Roll # CS200117145 Under the Guidance of
MR. S.K.MEHER Presented by:Manoj Kumar Gantayat
CS:200118258
NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY
Technical Seminar Presentation - 2004
INTRODUCTION INTRUSION DETECTION SYSTEMS (IDS) • Host-based IDS • Network-based IDS • Vulnerability-assessment IDS
COMPONENT OF Of IDS • An information source that provides a stream of event records • An analysis engine that identifies signs of intrusions • A response component that gene rates reactions based on the outcome of the analysis engine.
Presented by:Manoj Kumar Gantayat
CS:200118258
NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY
Technical Seminar Presentation - 2004
NEURAL NETWORKS
Presented by:Manoj Kumar Gantayat
CS:200118258
NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY
Technical Seminar Presentation - 2004
NEURAL NETWORK IDS PROTOTYPES 1. Percetron Model:
A single neuron with adjustable synapses and threshold. Presented by:Manoj Kumar Gantayat
CS:200118258
NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY
Technical Seminar Presentation - 2004
2. Backpropagation Model
3. Perceptron-Backpropagation Hybrid Model
Presented by:Manoj Kumar Gantayat
CS:200118258
NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY
Technical Seminar Presentation - 2004
Neural Network Intrusion Detection Systems • Computer attack • Typical characteristics of User • Computer Viruses • Malicious Software in Computer Network
Presented by:Manoj Kumar Gantayat
CS:200118258
NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY
Technical Seminar Presentation - 2004
NEGPAIM MODEL
Presented by:Manoj Kumar Gantayat
CS:200118258
NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY
Technical Seminar Presentation - 2004
NEURAL ENGINE • Based Anomaly intrusion detection • Establish profiles of normal user and compare user behaviors to those profiles • Investigation of total behaviors of the user
Disadvantages • A statistical assumption is required
Presented by:Manoj Kumar Gantayat
CS:200118258
NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY
Technical Seminar Presentation - 2004
IMPLEMENTATION • Uses Multi-layer Pecptron Network First Stage : 1. Training a set of historical Data 2. Only once for each user Second Stage: 1. Engine accept input Data 2. Compare with the historical Data
Presented by:Manoj Kumar Gantayat
CS:200118258
NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY
Technical Seminar Presentation - 2004
IMPLEMENTATION OF ANN 1. Incorporating into Modified or Existing Expert system • The incoming Data is Filtered by Neural Network for suspicious event • The False alarm should be reduced
Disadvantages: • Need for update to recognize the new attack
Presented by:Manoj Kumar Gantayat
CS:200118258
NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY
Technical Seminar Presentation - 2004
2. Neural Network as Stand alone System • Data is received from Network Stream and analyzed for misuse • Indicative of data is forwarded to automated intrusion response system
Presented by:Manoj Kumar Gantayat
CS:200118258
NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY
Technical Seminar Presentation - 2004
LEVEL OF PROCESSING OF DATA LEVEL 1: The element of data is selected from packet as Protocol ID, Source Port, Destination Port, Source Address, Destination Address, ICMP type, ICMP Code, Raw data length, Raw. LEVEEL 2: Converting the nine element data to a standardized numeric representation. LEVEL 3: Conversion of result data into ASCII coma delimited format that could be used by Neural Network.
Presented by:Manoj Kumar Gantayat
CS:200118258
NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY
Technical Seminar Presentation - 2004
ADVANTAGES OF ANN BASED MISUSE DETECTION • Analyzing the Data which is incomplete of distorted • Speed of neural Network • A particular event was indicative attack can be known • To Learn the characteristics of Misuse attack
Presented by:Manoj Kumar Gantayat
CS:200118258
NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY
Technical Seminar Presentation - 2004
DISADVANTAGES OF ANN BASED MISUSE DETECTION • Need accurate training of the system • Black Box nature of the neural network • The weight and transfer function of various network nodes are Frozen after a network has achieved a level of success in identification of event
Presented by:Manoj Kumar Gantayat
CS:200118258
NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY
Technical Seminar Presentation - 2004
CONCLUSION The early results of tests of these technologies show significant promise, and our future work will involve the refinement of the approach and the development of a full-scale demonstration system
Presented by:Manoj Kumar Gantayat
CS:200118258
NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY
Technical Seminar Presentation - 2004
THANK YOU
Presented by:Manoj Kumar Gantayat
CS:200118258