Investigation of a Neural Network Implementation of a TCP Packet Anomaly Detection System

Abstract

We present the design and implementation of an artificial neural network (ANN) system of multi-layer perceptron classifiers to detect suspicious TCP traffic at a single packet level. The advantage to using ANNs for the detection of attacks is that they do not only rely on attack signatures, as in many common signature-based IDSs. Rather they are capable of learning broader definitions of attack attributes. The use of ANNs in this approach also enhances the processing speed where real-time applications require the processing of substantial amounts of data at high speeds. The ANN model was tested on labelled sets of attack data obtained from the DARPA IDS Evaluation. The model was successful in detecting a variety of attacks, including denial of service attacks, probing activity and other suspicious activity. Future work will examine the application of an ANN to sequences of related packets to detect attacks.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 01, 2004
Accession Number
ADA436375

Entities

People

  • J. Treurniet
  • M. Dondo

Organizations

  • Defence Research and Development Canada

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Anomaly Detection
  • Application Protocols
  • Change Detection
  • Computer Networks
  • Denial Of Service Attack
  • Detection
  • Detectors
  • Digital Communications
  • Information Science
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Network Protocols
  • Neural Networks
  • Operating Systems
  • Port Scanners
  • Transport Protocols

Fields of Study

  • Computer science

Readers

  • Aerodynamics/Aeronautics.
  • Computer Networking
  • Neural Network Machine Learning.

Technology Areas

  • AI & ML
  • AI & ML - Neural Networks