Investigation of neural network classification of computer network attacks

Document Type

Conference Proceeding

Publication Date

12-1-2003

Abstract

This paper investigates the neural network classification of computer network attacks using statistical anomaly detection, carried out by HIDE. HIDE is a hierarchical, multi-tier, multi-observation-window, anomaly based network intrusion detection system, prototyped in our laboratory for the US Army's Tactical Internet. HIDE monitors several network traffic parameters simultaneously, constructs a probability density function (PDF) for each, statistically compares it to a reference PDF of normal behavior using a similarity metric, then combines the results into an anomaly status vector that is classified by a neural network classifier. Many simulation experiments have been carried out focusing on the Denial of Service (DOS) class of attacks, including UDP, ICMP and TCP flooding attacks. We investigated the detection effectiveness of the Perception (P), Backpropagation (BP), Perceptron- Backpropagation-Hybrid (PBH), Fuzzy ARTMAP, and Radial-Based Function (RBF) artificial neural network (ANN) classifiers. We present here results on several data sets from different UDP flooding scenarios. The results showed that the PBH and BP classifiers outperform all others. ICMP and TCP DOS attacks behave similarly to the UDP ones. © 2003 IEEE.

Identifier

77954316519 (Scopus)

ISBN

[0780377249, 9780780377240]

Publication Title

Proceedings Itre 2003 International Conference on Information Technology Research and Education

External Full Text Location

https://doi.org/10.1109/ITRE.2003.1270688

First Page

590

Last Page

594

This document is currently not available here.

Share

COinS