Ryan, J., Lin, M.-J., and Miikkulainen, R. Intrusion Detection with Neural Networks. Advances in Neural Information Processing Systems, M. I. Jordan, M. J. Kearns, and S. A. Solla, Eds., vol. 10, The MIT Press, pp. 943--949, Denver, CO, 1998.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....for intrusion detection in order for the IDS to achieve maximal performance. Since most of the intrusions can be uncovered by examining patterns of user activities, many intrusion detection systems have been built by utilizing the recognized attack and misuse patterns to develop learning machines [1,2,3,4,5,6,7,8,9]. In our earlier work, support vector machines (SVMs) are found to be superior to neural networks in many important respects of intrusion detection [10,11,12] so we will illustrate feature ranking use SVMs. The data we used in our experiments originated from MIT s Lincoln Lab. It was developed ....

Ryan J, Lin M-J, Miikkulainen R (1998) Intrusion Detection with Neural Networks. Advances in Neural Information Processing Systems 10, Cambridge, MA: MIT Press.

....soft computing techniques and also their ensemble for building models based on experimental data. Since most of the intrusions can be uncovered by examining pattems of user activities, many IDSs have been built by utilizing the recognized attack and misuse pattems to develop learning machines [3,4,5,6,7,8,9]. In our recent work, SVMs are found to be superior to ANNs in many important respects of intrusion detection [9] In this paper we will concentrate on using the ensemble of support vector machines and neural networks with different training functions to achieve better classification accuracies. ....

Ryan J., Lin M-J., Miikkulainen R. (1998) "intrusion Detection with Neural Networks," Advances in Neural Information Processing Systems 10, Cambridge, MA: MIT Press.

....tool that is capable of (mostly) real time intrusion detection is the goal of the researchers in IDSs. Various artificial intelligence techniques have been utilized to automate the intrusion detection process to reduce human intervention; several such techniques include neural networks [3,4,5,6,7], and machine learning [8] Several data mining techniques have been introduced to identify key features or parameters that define intrusions [9,10,11,12] In this paper, we explore Multivariate Adaptive Regression Splines (MARS) SVMs and neural networks, to perform intrusion detection based on ....

Ryan J., Lin M-J., Miikkulainen R. (1998) "Intrusion Detection with Neural Networks," Advances in Neural Information Processing Systems 10, Cambridge, MA: MIT Press.

....that the behavior deviates from the model. 3. PREVIOUS WORK There have been many previous intrusion detection systems that use the anomaly detection scheme. NNID (Neural Network Intrusion Detection) uses neural networks to predict the next command a user will enter based on previous commands [4]. Haystack, a combined anomaly detection misuse detection IDS models individual users as well as groups of users. It assigns initial profiles to new users, and updates the profiles once a pattern of actual behavior is recognized [5] ImSafe, a tool that has its roots in anomaly detection, ....

J. Ryan, L. Meng-Jane, and R. Miikkulainen. Intrusion Detection with Neural Networks. In Advances in Neural Information Processing Systems 10, May 1998.

....which is itself a problem of great interest in building models based on experimental data. Since most of the intrusions can be uncovered by examining patterns of user activities, many IDSs have been built by utilizing the recognized attack and misuse patterns to develop learning machines [3,4,5,6,7,8,9,10,11]. In our recent work, SVMs are found to be superior to ANNs in many important respects of intrusion detection [12,13,14] we will concentrate on SVMs and briefly summarize the results of ANNs. The data we used in our experiments originated from MIT s Lincoln Lab. It was developed for intrusion ....

Ryan J., Lin M-J., Miikkulainen R. (1998) "Intrusion Detection with Neural Networks," Advances in Neural Information Processing Systems 10, Cambridge, MA: MIT Press.

....for intrusion detection have first been introduced as an alternative to statistical techniques in the IDES intrusion detection expert system to model users behavior [5] In particular the typical sequence of commands executed by each users is learned. Similar approaches have been presented later [6]. A different approach to anomaly detection based on neural networks is proposed in [7] While previous works have addressed the anomaly detection problem by analyzing the audit records produced by the operating system, in [7] anomalies are detected by looking at the usage of network protocols. A ....

....Classification results are reported in terms of the overall classification error, the average classification cost computed according to the cost matrix shown in Table 1, and the false alarm rate. Other researchers used the cost matrix shown in Table 1 to weight errors according to their severity [6]) Table 1: Cost matrix used to evaluate the confusion matrix related to each classifie r Assigned class Normal U2R R2L Probing DoS Normal 0 2 2 1 2 U2R 3 0 2 2 2 R2L 4 2 0 2 2 Probing 1 2 2 0 2 True class DoS 2 2 2 1 0 The overall performances of neural networks, except for the network ....

J. Ryan, M.J. Lin, R. Miikkulainen, "Intrusion Detection with Neural Networks", in: Advances in Neural Information Processing Systems 10, M. Jordan et al., Eds., Cambridge, MA: MIT Press, 1998 pp. 943-949.

....methods for anomaly detection, typically in combination with other methods. More recent anomaly detection methods employ a wide variety of classification schemes to identify anomalous activities. These schemes include, among others, rule induction [14, 15, 16] artificial) neural networks [17, 18, 19], fuzzy set theory [20] classical machine learning algorithms [21, 22] artificial immune systems [23, 24] signal processing methods [25] and temporal sequence learning [26, 27] A challenge that all developers of anomaly detectionbased intrusion detection classifiers must address is feature ....

Ryan, J., Lin, M.J., and Miikkulainen, R., "Intrusion Detection with Neural Networks," presented at Proceedings of the 10th Advances in Neural Information Processing Systems Conference, Denver, CO, 1998.

....methods for anomaly detection, typically in combination with other methods. More recent anomaly detection methods employ a wide variety of classification schemes to identify anomalous activities. These schemes include, among others, rule induction [14, 15, 16] artificial) neural networks [17, 18, 19], fuzzy set theory [20] classical machine learning algorithms [21, 22] artificial immune systems [23, 24] signal processing methods [25] and temporal sequence learning [26, 27] A challenge that all developers of anomaly detectionbased intrusion detection classifiers must address is feature ....

Ryan, J., Lin, M.J., and Miikkulainen, R., "Intrusion Detection with Neural Networks," presented at Proceedings of the 10th Advances in Neural Information Processing Systems Conference, Denver, CO, 1998.

....life. There is some support for the hypothesis that the user identi cation problem is uniformly dicult for a large class of algorithms. A number of other researchers have examined this problem or close variants and found comparable results under a wide variety of methods including neural networks [112], Markov chains [42, 93] multi step Markov chains, Lempel Ziv compression, and command unexpectedness [113] An unpublished comprehensive study, which examined many of these in a uni ed framework, found them all to be competitive and none to be strictly dominant in this domain [94] Based on ....

J. Ryan, M-J. Lin, and R. Miikkulainen. Intrusion detection with neural networks. In Proceedings of AAAI-97 Workshop on AI Approaches to Fraud Detection and Risk Management, pages 72-77. AAAI Press, 1997.

....detection, anomaly detection systems characterize behavior of individual users and issue alarms of intrusions, based on anomalies in behavior. Since traces of actual computer intrusions are rare and difficult to obtain, we chose a variant of this task common in computer intrusion research [6, 10, 15]. In this variant, the goal is to predict, based on commands typed, when the user of a given account is not the actual legitimate user. With such a task, typically one user at a time is chosen to be the legitimate user and one to be the intruder. The task then becomes one of characterizing the ....

Ryan, J., Lin, M.-J., and Miikkulainen, R. Intrusion detection with neural networks. In AI Approaches to Fraud Detection and Risk Management (1997), Fawcett, Haimowitz, Provost, and Stolfo, Eds., AAAI Press.

....detection systems like IDES (Lunt et al. 1992) NIDES and Emerald (Porras and Neumann 1997) use both approaches, presumably because neither one is uniformly superior to the other. In this paper we only consider the anomaly detection approach. This approach lends itself to a statistical treatment. Ryan et al. 1998) suggested that each user on a computer system leaves a print that could be captured by training a neural network with historical data. When for new data from any user the neural network predicts that the data is more likely to stem from another user in the historical data, then an alarm for a ....

....monitoring to gather more information on this issue. Currently all software is written in S PLUS (MathSoft, 1995) an interpreted language programming environment. The pilot project will assess the ability of our S PLUS implementation to keep up with the accounting flow generated by many users. Ryan et al. 1998) use a neural network approach and test classification errors based on 10 users. They have 11 successive days of data, 8 of which are chosen at random and used for training the neural net, which then tried to distinguish users among the other three days. They report a false alarm rate of 7 and ....

Ryan J, Lin M, Miikkulainen R (1998) Intrusion detection with neural networks, in Jordan MI, Kearns MJ, Solla SA (eds.) Advances in Neural Information Processing Systems 10 (NIPS'97, Denver, CO), Cambridge, MA: MIT Press.

....detection systems like IDES (Lunt et al. 1992) NIDES and Emerald (Porras and Neumann 1997) use both approaches, presumably because neither one is uniformly superior to the other. In this paper we only consider the anomaly detection approach, which lends itself to a statistical treatment. Ryan et al. 1998) suggested that each user on a computer system leaves a print that could be captured by training a neural network with historical data. When for new data from any user the neural network predicts that the data is more likely to stem from another user in the historical data, then an alarm for a ....

....as the more conventional likelihood ratio tests, but not much more powerful. It is somewhat disappointing that the principal components dimension reduction did not provide more power in addition to the benefits of easy updating. Further research is needed to understand this better. 4 Discussion Ryan et al. 1998) use a neural network approach and test classification errors based on 10 users. They have 11 successive days of data, 8 of which are used for training. One of the users only had little data. They report a false alarm rate of 7 and 4 missing alarms. Our test is more challenging in that we test ....

Ryan, J. , Lin,M., and Miikkulainen, R. (1998). "Intrusion Detection with Neural Networks" . In Jordan, M.

....be undone with a rollback; ffl e.confidence, an intrusion detection policy that determines the required confidence in the identity of the subject before the effects of this method invocation are made permanent. That is, we come up with a representation of the amount of trust we have in a subject. [4] The exact form of the intrusion detection policy a set of constants, a regular expression, or a reference to a CORBA object, for example depends on our experience with intrusion detection systems. As an initial step, we plan to represent the intrusion detection policy with two numbers ....

....Let N x be the set of normal behaviors. For all behaviors b 2 B x , the quantity 1 Gamma P (b) measures how far b differs from the behaviors in N x . For example, one could determine P (b) by comparing the relative frequency of commands in b with their relative frequencies in the runs of N x [4]. The set U x is empty. The intrusion detection policy sets some value for r x , and a x is undefined. Neither of these two classes, however, support our model of using optimism to aid in the detection of intrusion. For our purposes, an intrusion detection system should provide the following ....

Jake Ryan, Meng-Jang Lin, and Risto Miikkulainen. Intrusion detection with neural networks. In Advances in Neural Information Processing Systems 10, M. I. Jordan, M. J. Kearns, S. A. Solla, eds., MIT Press, 1998.

No context found.

Ryan, J., Lin, M.-J., and Miikkulainen, R. Intrusion Detection with Neural Networks. Advances in Neural Information Processing Systems, M. I. Jordan, M. J. Kearns, and S. A. Solla, Eds., vol. 10, The MIT Press, pp. 943--949, Denver, CO, 1998.

No context found.

J. Ryan, M-J. Lin, R. Miikkulainen, Intrusion detection with neural networks, in: Advances in Neural Information Processing Systems, vol. 10, MIT Press, Cambridge, MA, 1998.

No context found.

J. Ryan, M. J. Lin, R. Miikkulainen. Intrusion Detection with Neural Networks. Advances in Neural Information Processing Systems 10, Cambridge, MA: MIT Press, 1998.

No context found.

Ryan J., Lin M-J., Miikkulainen R., 1998. Intrusion Detection with Neural Networks. Advances in Neural Information Processing Systems 10, Cambridge, MA: MIT Press.

No context found.

J. Ryan and M. Lin, "Intrusion Detection with Neural Networks", Advances in Neural Information Processing Systems 10, MIT Press, June, 1998.

No context found.

Jake Ryan, Meng-Jang-Lin, and Risto Miikkulainen, Intrusion detection with neural networks, Draft, The University of Texas at Austin, 1998.

No context found.

Jake Ryan, Meng-Jang Lin, and Risto Miikkulainen. Intrusion detection with neural networks. In Michael I. Jordan, Michael J. Kearns, and Sara A. Solla, editors, Advances in Neural Information Processing Systems, volume 10. The MIT Press, 1998.

No context found.

J. Ryan, M.J. Lin, R. Miikkulainen, "Intrusion detection with neural networks", in Advances in Neural Information Processing Systems 10, M. Jordan et al., Eds., Cambridge, MA: MIT Press, pp. 943-949, 1998.

No context found.

Jake Ryan, Meng-Jang Lin, and Risto Miikkulainen. Intrusion detection with neural networks. In Proceedings of AAAI-97 Workshop on AI Approaches to Fraud Detection and Risk Management, pages 72--77. AAAI Press, 1997.

No context found.

Ryan, J., Lin, M.-J., and Miikkulainen, R. (1998). Intrusion Detection with Neural Networks. In Advances in Neural Information Processing Systems 10 (Proceedings of NIPS'97, Denver, CO). MIT Press.

No context found.

Ryan, J., Lin, M., and Miikkulainen, R. (1997). Intrusion Detection with Neural Networks. AI Approaches to Fraud Detection and Risk Management: Papers from the 1997 AAAI Workshop (Providence, Rhode Island), pp. 72-79. Menlo Park, CA: AAAI.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC