Intrusion Detection with Neural Networks

Jake Ryan, Meng-Jang Lin and Risto Miikkulainen

With the rapid expansion of computer networks the past few years, security has become a crucial issue for modern computer systems. A good way to detect illegitimate use is monitoring unusual user activity, but some methods of intrusion detection like on-line systems learning to predict commands or systems using hand-coded rule sets are laborous and not very reliable. This paper proposes a new way of applying neural networks to detect intrusions. We believe a user leaves a 'print' when using the system; a neural network can be used to learn this print and identify each user much like detectives use thumbprints to place people at crime scenes. If a user’s behavior does not match his/her print, the system administrator can be alerted of a possible security breech. A backpropagation neural network called NNID (Neural Network Intrusion Detector) was trained in the identification task and tested experimentally on a system of 10 users. The system was 96% accurate in detecting unusual activity, with 7% false alarm rate. These results suggest that learning user profiles is an effective tool for detecting intrusions.

This page is copyrighted by AAAI. All rights reserved. Your use of this site constitutes acceptance of all of AAAI's terms and conditions and privacy policy.