A neural network application for attack detection in computer networks

This work presents a network intrusion detection method, created to identify and classify illegitimate information in TCP/IP packet payload based on the Snort signature set that represents possible attacks to a network. For this development, a type of neural network named Hamming net was used. The choice of this network is based on the interest to investigate its adequacy to classify network events in real-time, due to its capability to learn faster than other neural network models, such as, multilayer perceptrons with backpropagation and Kohonen maps. A Hamming net does not require exhaustive training to learn. TCP/IP packet payloads were used as input pattern to the Hamming net and Snort signature as exemplar patterns. The challenges faced in modeling the input and exemplar data and the strategies adopted to capture and scan relevant data in TCP/IP packets and in Snort signatures are described in this paper. In addition, the application architecture, the processing stages and some test results are presented.