Investigation of a Neural Network Implementation of a TCP Packet Anomaly Detection System

PDF

Authors
  1. Dondo, M.
  2. Treurniet, J.
Corporate Authors
Defence R&D Canada - Ottawa, Ottawa ONT (CAN)
Abstract
We present the design and implementation of an artificial neural network (ANN) system of multi-layer perceptron classifiers to detect suspicious TCP traffic at a single packet level. The advantage to using ANNs for the detection of attacks is that they do not only rely on attack signatures, as in many common signaturebased IDSs. Rather they are capable of learning broader definitions of attack attributes. The use of ANNs in this approach also enhances the processing speed where real-time applications require the processing of substantial amounts of data at high speeds. The ANN model was tested on labelled sets of attack data obtained from the DARPA IDS Evaluation. The model was successful in detecting a variety of attacks, including denial of service attacks, probing activity and other suspicious activity. Future work will examine the application of an ANN to sequences of related packets to detect attacks.

Il y a un résumé en français ici.

Report Number
DRDC-OTTAWA-TM-2004-208 — Technical Memorandum
Date of publication
01 May 2004
Number of Pages
60
DSTKIM No
CA025458
CANDIS No
523102
Format(s):
CD ROM

Permanent link

Document 1 of 1

Date modified: