Neural Detection of Malicious Network Activities Using a New Direct Parsing and Feature Extraction Technique.

摘要

The aim of this thesis is to develop an intrusion detection system (IDS) software, which learns to detect and classify network attacks and intrusions through prior training data. With the added criteria of operating in real-time applications, ways of improving the efficiency of the IDS without sacrificing the probability of correct classification (PCC) are also considered. Knowledge Data and Discovery Cup 99 data is used to evaluate the IDS architecture. Two neural network (NN) architectures were designed and compared through simulation; the first architecture uses a single NN, while the second uses the merged output of three NNs in parallel. Results show that a three-parallel NN implementation has similar classification performance and a shorter training time than with a single NN implementation. PCC is on the order of 93% for denial-of-service attacks and 96% for normal traffic. The classification results for the R2L and U2R attacks are poor due to the lack of available training data.