Neural detection of malicious network activities using a new direct parsing and feature extraction technique
Low, Cheng Hong
Fargues, Monique P.
MetadataShow full item record
The aim of this thesis is to develop an intrusion detection system (IDS) software, which learns to detect and classify network attacks and intrusions through prior training data. With the added criteria of operating in real-time applications, ways of improving the efficiency of the IDS without sacrificing the probability of correct classification (PCC) are also considered. Knowledge Data and Discovery Cup 99 data is used to evaluate the IDS architecture. Two neural network (NN) architectures were designed and compared through simulation; the first architecture uses a single NN, while the second uses the merged output of three NNs in parallel. Results show that a three-parallel NN implementation has similar classification performance and a shorter training time than with a single NN implementation. PCC is on the order of 93% for denial-of-service attacks and 96% for normal traffic. The classification results for the R2L and U2R attacks are poor due to the lack of available training data.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Garcia, Colleen Elizabeth. (Monterey, California. Naval Postgraduate School, 2010-06);In August 2008, a military conflict between Georgia and Russia occurred in South Ossetia and Abkhazia. Russian military action in this conflict was immediately preceded by a number of cyber attacks against a variety of ...
Wheeler, Seth A. (Monterey, California. Naval Postgraduate School, 2009-12);Popular consensus exists that the 2007 surge of U.S. forces in Iraq led to an improved security environment. The surge was designed to reduce violence and improve security by protecting the Iraqi population - a change ...
Rowe, Neil C.; Custy, E. John; Duong, Binh T. (Monterey, California. Naval Postgraduate School, 2007);Honeypots are computer systems designed for no purpose other than recording attacks on them. Cyber-attackers avoid them since honeypots jeopardize the secrecy of attack methods and it is hard to launch attacks from them. ...