Training a neural-network based intrusion detector to recognize novel attacks

摘要: While many commercial intrusion detection systems (IDS) are deployed, the protection they afford is modest. State-of-the-art IDS produce voluminous alerts, most false alarms, and function mainly by recognizing signatures of known attacks so that novel slip past them. Attempts have been made to create recognize signature "normal," in hope will then detect attacks, or novel. These often confounded extreme variability nominal behavior. The paper describes an experiment with composed a hierarchy neural networks (NN) functions as true anomaly detector. This result achieved monitoring selected areas network behavior, such protocols, predictable advance. this does not cover entire attack space, considerable number carried out violating expectations protocol/operating system designer. Within focus, NNs trained using data spans normal space. detectors able were specifically presented during training. We show small gives better than single large Some techniques can be used only anomalies, but distinguish among