Learn about Intrusion Detection Systems

Incorporating Artificial Intelligence Techniques with IDS

"ANNs with IDS have shown very promising results in detecting attacks..."

  Why is IDS Needed?
  Intrusion Overview
  What is IDS?
  Desirable Features
  Anomaly-Based
  Misuse-Based
  Host-Based
  Network-Based
  Current IDS Limitations
  IDS Implementations
  Room to Improve
  Using AI in IDS
In order to provide a solution to the pitfalls of modern day IDS implementations, Data Mining and Artificial Intelligence techniques may provide the answer. The particular techniques that show the most promise in addressing the shortcoming of IDS are Artificial Neural Networks (ANN) technology.

Artificial Neural Networks IDS  (ANNIDS)

An Artificial Neural Networks (ANN) is an information-processing system inspired by models formulated from the workings of the brain. The brain contains billions of specialized cells called neurons.

These cells are organized into a very complicated intercommunicating network. Typically each neuron is connected to tens of thousands of others neurons.

These connections permit neurons to pass electrical signals between each other. Each connection has a varying strength (or weight) associated with it, allowing varying levels of influence between the neurons.

Many aspects of brain function, particularly the learning and predicting process, are closely associated with the adjustment of these connection strengths.

The architecture of an Artificial Neural Networks is very similar to the previously described architecture of the brain. Typically an Artificial Neural Networks consists of many hundreds of processing units that are interconnected in a complex communication network.

Each processing unit (or node) is a simplified model of a real neuron that sends signals to the other nodes to which it is connected. The strength of these connections may be varied in order for the network to perform different tasks corresponding to different patterns of activity.

One of the major pitfalls to the currently available IDS systems is the inability to recognize new or variant attacks.  Current misuse detecting IDS obviously cannot offer any form of intrusion detection against new or variant attacks because the signature that represents those new attacks isn't available.

Studies have shown that the current anomaly detecting IDS failed, on average, ~80% of the time in detecting new (or variant) DOS and remote-to-local attacks.  Recent studies in the incorporation of Artificial Neural Networks with Intrusion Detection Systems have shown very promising results in detecting these attacks.

IDStutorial.com, Copyright © 2007 - 2010 All Rights Reserved. Copying content from this website is strictly not allowed and will be pursued by legal channels when found. The information on this site is the opinions of the author, it is not guaranteed to be correct, and is to be used for information purposes only.