CCE Theses and Dissertations

An Adaptive Neural Network Approach to Intrusion Detection and Response

Date of Award

2000

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Graduate School of Computer and Information Sciences

Advisor

Sumitra Mukherjee

Committee Member

Junping Sun

Committee Member

Gregory Simco

Abstract

Computer network attacks seek to achieve one or more objectives against the targeted system. The attack may be designed to gain access to sensitive data, modify records, or conduct activities designed to deny authorized users access to system resources. An effective defense against these incidents requires both the timely and accurate detection of the events and a response to the incident that mitigates the damage caused by the attack. While there is an increasing need for a system capable of accurately identifying network attacks there are very few effective methods capable of detecting these incidents.

The constantly changing nature of network attacks requires a flexible defensive system that is capable of analyzing the enormous amount of network traffic and identifying attacks from the available data. The ability to effectively respond to an attack after it has been detected is also very limited. As a result, a rapid and well-organized attack can result in substantial damage to a targeted system before defensive measures can be activated. The goal of this research was the design of an innovative approach to the protection of computer networks that used adaptive neural network techniques to identify and respond to attempts to deny authorized users access to system resources.

Since it is impossible to represent all of the possible system states and types of attacks that could occur the ability of the neural network-based system to adapt to changes in the network environment depended upon an incremental learning capability that was developed as part of this research. The adaptive neural network system incorporated a modified reinforcement learning approach to enhance the identification of new network attacks. This capability allowed the intrusion detection system to autonomously improve its analytical ability in response to changes in the threats against the protected network and then take an action that minimized the damage to the protected system. A prototype adaptive neural network architecture was implemented and evaluated in a simulated computer network environment.

This document is currently not available here.

  Link to NovaCat

Share

COinS