سیستم تشخیص نفوذ هوشمند با استفاده از شبکه عصبی مصنوعی / Intelligent intrusion detection systems using artificial neural networks

سیستم تشخیص نفوذ هوشمند با استفاده از شبکه عصبی مصنوعی Intelligent intrusion detection systems using artificial neural networks

  • نوع فایل : کتاب
  • زبان : انگلیسی
  • ناشر : Elsevier
  • چاپ و سال / کشور: 2018

توضیحات

رشته های مرتبط مهندسی کامپیوتر، فناوری اطلاعات
گرایش های مرتبط هوش مصنوعی، امنیت اطلاعات، شبکه های کامپیوتری
مجله فناوری اطلاعات و ارتباطات بیان – ICT Express
دانشگاه Sheffield Hallam University – Sheffield – UK
شناسه دیجیتال – doi https://doi.org/10.1016/j.icte.2018.04.003
منتشر شده در نشریه الزویر
کلمات کلیدی انگلیسی Machine learning; Intrusion detection systems; Computer security; Artificial Intelligence

Description

1. Introduction Network Intrusion Detection Systems (NIDS) are essential in modern computing infrastructure to help monitor and identify undesirable and malicious network traffic (such as unauthorised system access or poorly configured systems). The majority of commercial NIDS are signature based, where a set of rules are used to determine what constitutes undesirable network traffic by monitoring patterns in that traffic. Whilst such systems are highly effective against known threats, signature based detection fails when attack vectors are unknown or known attacks are modified to get around such rules [2]. As well as struggling to identify unknown or modified threats, signature based detection in NIDS in real-world scenarios are frequently plagued by false positives. This is particularly problematic in the detection of malicious shellcode – a high impact threat vector allowing attackers to obtain unauthorised commandline access to both conventional computer systems and cyber–physical systems such as smart grid infrastructure – as shellcode patterns can be difficult to distinguish from benign network traffic [3]. For example, while working as a network security consultant for the Shop Direct Group (UK) using the network intrusion detection tools. Sguil and Snort from the Debian based Linux distribution Security Onion, it was noticed that signatures designed to match shellcode frequently also matched other non shellcode binaries e.g. DLLs as well as jpg image files. The frequency of these false positives was such that the signatures themselves ultimately had to be disabled, rendering them useless. This experience with the false positive problem with shellcode and signature based systems is very common, Microsoft discuss this at length in their patent of methods to detect malicious shellcode with reduced false positives in memory [3]. Shellcode is frequently used as a payload in system penetration tools due to the enhanced access and further leverage they offer to an attacker [4]. This paper outlines a non-signature based detection mechanism for malicious shellcode based around Artificial Neural Networks. Results presented show that this novel classification approach is capable of detecting shellcode with extremely high accuracy and minimal numbers of false positives. The proposed approach is validated using repeated 10-fold cross-validation and is then tested with respect to creation of false positive alerts on a large dataset of typical network traffic file contents (achieving a false positive rate of less than 2%). The rest of this paper is organised as follows: Section 2 provides a background to intrusion detection systems and artificial neural networks, before Section 3 provides a brief introduction to the particular instances that motivated the creation of this system and the results achieved by the proposed AI based intrusion detection system. Section 4 then concludes with the main achievements of this research and some potential avenues for further work.
اگر شما نسبت به این اثر یا عنوان محق هستید، لطفا از طریق "بخش تماس با ما" با ما تماس بگیرید و برای اطلاعات بیشتر، صفحه قوانین و مقررات را مطالعه نمایید.

دیدگاه کاربران


لطفا در این قسمت فقط نظر شخصی در مورد این عنوان را وارد نمایید و در صورتیکه مشکلی با دانلود یا استفاده از این فایل دارید در صفحه کاربری تیکت ثبت کنید.

بارگزاری