Advertisement

Identification of Anomalous SNMP Situations Using a Cooperative Connectionist Exploratory Projection Pursuit Model

  • Álvaro Herrero
  • Emilio Corchado
  • José Manuel Sáiz
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3578)

Abstract

Thework presented in this paper shows the capability of a connectionist model, based on a statistical technique called Exploratory Projection Pursuit (EPP), to identify anomalous situations related to the traffic which travels along a computer network. The main novelty of this research resides on the fact that the connectionist architecture used here has never been applied to the field of IDS (Intrusion Detection Systems) and network security. The IDS presented is used as a method to investigate the traffic which travels along the analysed network, detecting SNMP (Simple Network Management Protocol) anomalous traffic patterns. In this paper we have focused our attention on the study of two interesting and dangerous anomalous situations: a port sweep and a MIB (Management Information Base) information transfer. The presented IDS is a useful visualization tool for network administrators to study anomalous situations related to SNMP and decide if they are intrusions or not. To show the power of the method, we illustrate our research by using real intrusion detection scenario specific data sets.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Myerson, J.M.: Identifying Enterprise Network Vulnerabilities. International Journal of Network Management 12(3), 135–144 (2002)CrossRefGoogle Scholar
  2. 2.
    Hätönen, K., Höglund, A., Sorvari, A.: A Computer Host-Based User Anomaly Detection System Using the Self-Organizing Map. International Joint Conference of Neural Networks 5, 411–416 (2000)Google Scholar
  3. 3.
    Zanero, S., Savaresi, S.M.: Unsupervised Learning Techniques for an Intrusion Detection System. In: ACM Symposium on Applied Computing, pp. 412–419 (2004)Google Scholar
  4. 4.
    Ghosh, A., Schwartzbard, A., Schatz, A.: Learning Program Behavior Profiles for Intrusion Detection. In: Workshop on Intrusion Detection and Network Monitoring, pp. 51–62 (1999)Google Scholar
  5. 5.
    Debar, H., Becker, M., Siboni, D.: A Neural Network Component for an Intrusion Detection System. In: IEEE Symposium on Research in Computer Security and Privacy, Oakland, California (1992)Google Scholar
  6. 6.
    Corchado, E., Herrero, A., Baruque, B., Saiz, J.M.: Intrusion Detection System Based on a Cooperative Topology Preserving Method. In: International Conference on Adaptive and Natural Computing Algorithms. LNCS, pp. 454–457. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Friedman, J., Tukey, J.: A Projection Pursuit Algorithm for Exploratory Data Analysis. IEEE Transaction on Computers 23, 881–890 (1974)zbMATHCrossRefGoogle Scholar
  8. 8.
    Hyvärinen, A.: Complexity Pursuit: Separating Interesting Components from Time Series. Neural Computation 13(4), 883–898 (2001)zbMATHCrossRefGoogle Scholar
  9. 9.
    Corchado, E., MacDonald, D., Fyfe, C.: Maximum and Minimum Likelihood Hebbian Learning for Exploratory Projection Pursuit. Data Mining and Knowledge Discovery 8(3), 203–225 (2004)CrossRefMathSciNetGoogle Scholar
  10. 10.
    Fyfe, C., Corchado, E.: Maximum Likelihood Hebbian Rules. In: European Symposium on Artificial Neural Networks (2002)Google Scholar
  11. 11.
    Denning, D.: An Intrusion Detection Model. IEEE Transactions on Software Engineering SE-13(2) (1987)Google Scholar
  12. 12.
    Corchado, E., Han, Y., Fyfe, C.: Structuring Global Responses of Local Filters Using Lateral Connections. Journal of Experimental and Theoretical Artificial Intelligence 15(4), 473–487 (2003)zbMATHCrossRefGoogle Scholar
  13. 13.
    Corchado, E., Fyfe, C.: Connectionist Techniques for the Identification and Suppression of Interfering Underlying Factors. International Journal of Pattern Recognition and Artificial Intelligence 17(8), 1447–1466 (2003)CrossRefGoogle Scholar
  14. 14.
    Corchado, E., Corchado, J.M., Sáiz, L., Lara, A.: Constructing a Global and Integral Model of Business Management Using a CBR System. In: First International Conference on Cooperative Design, Visualization and Engineering, pp. 141–147 (2004)Google Scholar
  15. 15.
    Seung, H.S., Socci, N.D., Lee, D.: The Rectified Gaussian Distribution. Advances in Neural Information Processing Systems 10, 350–356 (1998)Google Scholar
  16. 16.
    Fyfe, C.: A Neural Network for PCA and Beyond. Neural Processing Letters 6(1-2), 33–41 (1997)CrossRefMathSciNetGoogle Scholar
  17. 17.
    Cisco Secure Consulting: Vulnerability Statistics Report (2000)Google Scholar
  18. 18.
    Case, J., Fedor, M.S., Schoffstall, M.L., Davin, C.: Simple Network Management (SNMP). RFC-1157 (1990)Google Scholar
  19. 19.
    Oja, E.: Neural Networks, Principal Components and Subspaces. International Journal of Neural Systems 1, 61–68 (1989)CrossRefMathSciNetGoogle Scholar
  20. 20.
    Foster, I., Kesselman, C.: The Grid: Blueprint for a New Computing Infrastructure, 1st edn. Morgan Kaufmann Publishers, San Francisco (1998)Google Scholar
  21. 21.
    Kenny, S.: Towards a Grid-wide Intrusion Detection System. In: European Grid Conference. LNCS. Springer, Heidelberg (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Álvaro Herrero
    • 1
  • Emilio Corchado
    • 1
  • José Manuel Sáiz
    • 1
  1. 1.Department of Civil EngineeringUniversity of BurgosSpain

Personalised recommendations