Jake Ryan, Meng-Jang Lin and Risto Miikkulainen
With the rapid expansion of computer networks the past few years, security has become a crucial issue for modern computer systems. A good way to detect illegitimate use is monitoring unusual user activity, but some methods of intrusion detection like on-line systems learning to predict commands or systems using hand-coded rule sets are laborous and not very reliable. This paper proposes a new way of applying neural networks to detect intrusions. We believe a user leaves a 'print' when using the system; a neural network can be used to learn this print and identify each user much like detectives use thumbprints to place people at crime scenes. If a user’s behavior does not match his/her print, the system administrator can be alerted of a possible security breech. A backpropagation neural network called NNID (Neural Network Intrusion Detector) was trained in the identification task and tested experimentally on a system of 10 users. The system was 96% accurate in detecting unusual activity, with 7% false alarm rate. These results suggest that learning user profiles is an effective tool for detecting intrusions.