Title :
Detecting anomalous and unknown intrusions against programs
Author :
Ghosh, Anup K. ; Wanken, James ; Charron, Frank
Author_Institution :
Reliable Software Technol., Sterling, VA, USA
Abstract :
The ubiquity of the Internet connection to desktops has been both a boon to business as well as a cause for concern for the security of digital assets that may be unknowingly exposed. Firewalls have been the most commonly deployed solution to secure corporate assets against intrusions, but firewalls are vulnerable to errors in configuration, ambiguous security policies, data-driven attacks through allowed services, and insider attacks. The failure of firewalls to adequately protect digital assets from computer-based attacks has been a boon to commercial intrusion detection tools. Two general approaches to detecting computer security intrusions in real time are misuse detection and anomaly detection. Misuse detection attempts to detect known attacks against computer systems. Anomaly detection uses knowledge of users´ normal behavior to detect attempted attacks. The primary advantage of anomaly detection over misuse detection methods is the ability to detect novel and unknown intrusions. This paper presents a study in employing neural networks to detect the existence of anomalous and unknown intrusions against a software system using the anomaly detection approach
Keywords :
computer crime; computer software; neural nets; real-time systems; Internet connection; allowed services; ambiguous security policies; anomalous intrusion detection; anomaly detection; computer programs; computer security; computer-based attacks; configuration errors; corporate assets; data-driven attacks; digital asset security; firewalls; insider attacks; misuse detection; neural networks; real-time detection; software system; unknown intrusion detection; users´ normal behavior; Business; Computer errors; Computer networks; Computer security; Data security; Internet; Intrusion detection; Neural networks; Protection; Software systems;
Conference_Titel :
Computer Security Applications Conference, 1998. Proceedings. 14th Annual
Conference_Location :
Phoenix, AZ
Print_ISBN :
0-8186-8789-4
DOI :
10.1109/CSAC.1998.738646