科技报告详细信息
Experiments on Adaptive Techniques for Host-Based Intrusion Detection
DRAELOS, TIMOTHY J. ; COLLINS, MICHAEL J. ; DUGGAN, DAVID P. ; THOMAS, EDWARD V. ; WUNSCH, DONALD
Sandia National Laboratories
关键词: Data Analysis;    Pattern Recognition;    Intrusion Detection Systems;    98 Nuclear Disarmament, Safeguards, And Physical Protection;    Learning;   
DOI  :  10.2172/787645
RP-ID  :  SAND2001-3065
RP-ID  :  AC04-94AL85000
RP-ID  :  787645
美国|英语
来源: UNT Digital Library
PDF
【 摘 要 】

This research explores four experiments of adaptive host-based intrusion detection (ID) techniques in an attempt to develop systems that can detect novel exploits. The technique considered to have the most potential is adaptive critic designs (ACDs) because of their utilization of reinforcement learning, which allows learning exploits that are difficult to pinpoint in sensor data. Preliminary results of ID using an ACD, an Elman recurrent neural network, and a statistical anomaly detection technique demonstrate an ability to learn to distinguish between clean and exploit data. We used the Solaris Basic Security Module (BSM) as a data source and performed considerable preprocessing on the raw data. A detection approach called generalized signature-based ID is recommended as a middle ground between signature-based ID, which has an inability to detect novel exploits, and anomaly detection, which detects too many events including events that are not exploits. The primary results of the ID experiments demonstrate the use of custom data for generalized signature-based intrusion detection and the ability of neural network-based systems to learn in this application environment.

【 预 览 】
附件列表
Files Size Format View
787645.pdf 2156KB PDF download
  文献评价指标  
  下载次数:16次 浏览次数:32次