Application of artificial neural networks and related techniques to intrusion detection

The increasing complexity of today´s information technology (IT) together with our dependency upon it, has led to a situation in which a security breach not only has effects for individuals but can also affect the availability of critical services (power supply, communication) or result in significant financial loss. Criminals and terrorists want to exploit system vulnerabilities to capitalise on modern society´s interwovenness with IT. To counter this, organisations try to secure their IT assets to enforce security policies, to be compliant with legal and regulatory requirements and ultimately to deter unauthorised intruders from gaining access to them. At the core, the goal of intrusion detection systems is the identification of suspicious traffic flowing within, leaving or entering an organisation. To identify such traffic, intrusion detection systems may focus on data within a single host or on integrated information from various network segments. Identified traffic can then be reported to responsible authorities to take an appropriate course of action. This report is concerned with the state-of-the-art in intrusion detection systems. Systems leveraging information gathered from a single host, i.e. host-based intrusion detection systems, are presented as well as approaches observing and analysing information flowing across networks, i.e. network-based intrusion detection systems. Specific focus is placed on systems that make use of artificial neural networks and variations thereof to separate suspicious and potentially malicious traffic from ordinary traffic.