A cooperative connectionist IDS model to identify independent anomalous SNMP situations

  1. Emilio Corchado Rodríguez 1
  2. Álvaro Herrero 1
  3. José Manuel Sáiz 1
  1. 1 Department of Civil Engineering, University of Burgos
Buch:
Actas del III Taller Nacional de Minería de Datos y Aprendizaje
  1. Ruiz Sánchez, Roberto
  2. Riquelme, José C.
  3. Aguilar Ruiz, Jesús Salvador

Verlag: Thomson-Paraninfo

ISBN: 84-9732-449-8

Datum der Publikation: 2005

Seiten: 179-184

Art: Buch-Kapitel

Zusammenfassung

This research approaches the anomalous situations detection issue from a pattern recognition point of view, where a connectionist model is applied to identify user behavior patterns. The aim of this multidisciplinary research is the design of a system capable of detecting anomalous situations for a computer network. The connectionist architecture used here has never been applied to the Intrusion Detection (ID) and network security fields before this research. This work line demonstrates that connectionist models are capable of satisfying the requirements and dynamic features of the ID problem. By exploiting the strengths of neural networks in recognition, classification and generalization, this work illustrates the effectiveness of these techniques to the ID field. The presented Intrusion Detection System (IDS) is used as a method to investigate the traffic that travels along the analysed network, detecting SNMP (Simple Network Management Protocol) anomalous traffic patterns. It is also shown how the system is capable of detecting independent SNMP anomalous situations. It helps network administrators to decide if these anomalous situations are real intrusions or not.