Show simple item record

dc.contributor.advisorTuğlular, Tuğkanen
dc.contributor.authorDemiray, Sadettinen
dc.date.accessioned2014-07-22T13:51:14Z
dc.date.available2014-07-22T13:51:14Z
dc.date.issued2005en
dc.identifier.urihttp://hdl.handle.net/11147/3284
dc.descriptionThesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2005en
dc.descriptionIncludes bibliographical references (leaves: 68-69)en
dc.descriptionText in English Abstract: Turkish and Englishen
dc.descriptionxi, 92 leavesen
dc.description.abstractMisuse Intrusion Detection Systems are rule-based systems that search attack patterns in the data source. Detection ability of misuse detectors is limited to known attack patterns; hence unknown attacks may be missed. In addition, writing new signatures for novel attacks can be troublesome and time consuming. Similarly behavior based IDSs suffered from high rates of false alarms. Artificial neural networks have generalization ability, thus they can be used with intrusion detection system in order to identify normal and attack packets without the need of writing rules. We proposed to use neural networks with network-based IDS. To achieve this, system was trained and tested with both normal and malicious network packets. Backpropagation and Levenberg-Marquardt algorithms were used to train neural networks. For each of these training algorithms a 3-layer and a 4-layer MLP network sets were generated. In addition, self-organizing maps were used to classify attack instances. DARPA 1999 Intrusion Detection Evaluation dataset was used for training and testing, but lack of enough attack patterns in evaluation dataset made us to create a testbed to obtain sufficient malicious traffic. After training was completed, trained neural networks were tested against training dataset and test dataset, which is not part of the training dataset. Results of the experiments showed that, none of the trained backpropagation networks could identify attacks in training and/or testing data sets. But results of the Levenberg-Marquardt networks were more promising as nine of the trained Levenberg-Marquardt networks could identify attack and normal network packets in training and test datasets.en
dc.language.isoengen
dc.publisherIzmir Institute of Technologyen
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.subjectNeural networken
dc.subjectBack propagation networksen
dc.subject.lccTK5105.59 .D36 2005en
dc.subject.lcshComputer networks--Security measuresen
dc.titleImproving misuse detection with neural networksen
dc.typemasterThesisen
dc.contributor.departmentIzmir Institute of Technology. Computer Engineeringen
dc.relation.publicationcategoryTezen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record