Advanced Intrusion Detection Techniques
Abstract
In Phase I the Prediction Systems. Inc. /New Jersey Institute of Technology (PSI/NJIT) team successfully demonstrated the applicability of Artificial Intelligence techniques. including Neural Networks (NN) and other techniques to intrusion detection problems. Sufficient components of the Hierarchical Intrusion Detection Engine (HIDE) were built to demonstrate that our adaptive approach could effectively detect a flooding attack in computer networks. In Phase II. Network Security Solution joined the PSI/NJIT team. The combined PNN team expanded on and reinforced components built in Phase I HIDE Phase II expanded on the use of probability density functions. introduced wavelet compression to conserve bandwidth, use of External Events and Large Deviation theory for anomaly detection. new representation transforms for operator effectiveness, dynamic adaptation 10 track changing network conditions, and an external sensitivity control for quick operator adjustments. Refinements were also made to the even pre-processor, Kolmogorov-Simirnov statistics, and to the neural network. Hierarchical Combing Map Generators were also added to HIDE. The PNN also analyzed the TI in terms of HIDE needs and assessed the impact of HIDE on the current FBCB2 and the TI. Successful testing of HIDE 2.0 with the DARPA 1998 data set indicated that it was significantly better than intrusion detection alternatives.
Document Details
- Document Type
- Technical Report
- Publication Date
- Feb 06, 2003
- Accession Number
- ADA410454
Entities
People
- John H. Fikus
- Robert E. Wassmer