Evolutionary neural networks for anomaly detection based on the behavior of a program

Sang Jun Han; Sung Bae Cho

doi:10.1109/TSMCB.2005.860136

Evolutionary neural networks for anomaly detection based on the behavior of a program

Sang Jun Han, Sung Bae Cho

College of Computing

Research output: Contribution to journal › Article › peer-review

115 Citations (Scopus)

Abstract

The process of learning the behavior of a given program by using machine-learning techniques (based on system-call audit data) is effective to detect intrusions. Rule learning, neural networks, statistics, and hidden Markov models (HMMs) are some of the kinds of representative methods for intrusion detection. Among them, neural networks are known for good performance in learning system-call sequences. In order to apply this knowledge to real-world problems successfully, it is important to determine the structures and weights of these call sequences. However, finding the appropriate structures requires very long time periods because there are no suitable analytical solutions. In this paper, a novel intrusion-detection technique based on evolutionary neural networks (ENNs) is proposed. One advantage of using ENNs is that it takes less time to obtain superior neural networks than when using conventional approaches. This is because they discover the structures and weights of the neural networks simultaneously. Experimental results with the 1999 Defense Advanced Research Projects Agency (DARPA) Intrusion Detection Evaluation (IDEVAL) data confirm that ENNs are promising tools for intrusion detection.

Original language	English
Pages (from-to)	559-570
Number of pages	12
Journal	IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Volume	36
Issue number	3
DOIs	https://doi.org/10.1109/TSMCB.2005.860136
Publication status	Published - 2006 Jun

Bibliographical note

Funding Information:
Manuscript received August 3, 2004; revised April 4, 2005. This work was supported by the Ubiquitous Autonomic Computing and Network Project, the Ministry of Information and Communication (MIC), 21st Century Frontier R&D Program in Korea. This paper was recommended by Associate Editor Mark J. Embrechts.

All Science Journal Classification (ASJC) codes

Control and Systems Engineering
Software
Information Systems
Human-Computer Interaction
Computer Science Applications
Electrical and Electronic Engineering

Access to Document

10.1109/TSMCB.2005.860136

Cite this

@article{ba1747f657da4690a6d99ed9e48c32f3,

title = "Evolutionary neural networks for anomaly detection based on the behavior of a program",

abstract = "The process of learning the behavior of a given program by using machine-learning techniques (based on system-call audit data) is effective to detect intrusions. Rule learning, neural networks, statistics, and hidden Markov models (HMMs) are some of the kinds of representative methods for intrusion detection. Among them, neural networks are known for good performance in learning system-call sequences. In order to apply this knowledge to real-world problems successfully, it is important to determine the structures and weights of these call sequences. However, finding the appropriate structures requires very long time periods because there are no suitable analytical solutions. In this paper, a novel intrusion-detection technique based on evolutionary neural networks (ENNs) is proposed. One advantage of using ENNs is that it takes less time to obtain superior neural networks than when using conventional approaches. This is because they discover the structures and weights of the neural networks simultaneously. Experimental results with the 1999 Defense Advanced Research Projects Agency (DARPA) Intrusion Detection Evaluation (IDEVAL) data confirm that ENNs are promising tools for intrusion detection.",

author = "Han, {Sang Jun} and Cho, {Sung Bae}",

note = "Funding Information: Manuscript received August 3, 2004; revised April 4, 2005. This work was supported by the Ubiquitous Autonomic Computing and Network Project, the Ministry of Information and Communication (MIC), 21st Century Frontier R&D Program in Korea. This paper was recommended by Associate Editor Mark J. Embrechts.",

year = "2006",

month = jun,

doi = "10.1109/TSMCB.2005.860136",

language = "English",

volume = "36",

pages = "559--570",

journal = "IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics",

issn = "1083-4419",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "3",

}

TY - JOUR

T1 - Evolutionary neural networks for anomaly detection based on the behavior of a program

AU - Han, Sang Jun

AU - Cho, Sung Bae

N1 - Funding Information: Manuscript received August 3, 2004; revised April 4, 2005. This work was supported by the Ubiquitous Autonomic Computing and Network Project, the Ministry of Information and Communication (MIC), 21st Century Frontier R&D Program in Korea. This paper was recommended by Associate Editor Mark J. Embrechts.

PY - 2006/6

Y1 - 2006/6

N2 - The process of learning the behavior of a given program by using machine-learning techniques (based on system-call audit data) is effective to detect intrusions. Rule learning, neural networks, statistics, and hidden Markov models (HMMs) are some of the kinds of representative methods for intrusion detection. Among them, neural networks are known for good performance in learning system-call sequences. In order to apply this knowledge to real-world problems successfully, it is important to determine the structures and weights of these call sequences. However, finding the appropriate structures requires very long time periods because there are no suitable analytical solutions. In this paper, a novel intrusion-detection technique based on evolutionary neural networks (ENNs) is proposed. One advantage of using ENNs is that it takes less time to obtain superior neural networks than when using conventional approaches. This is because they discover the structures and weights of the neural networks simultaneously. Experimental results with the 1999 Defense Advanced Research Projects Agency (DARPA) Intrusion Detection Evaluation (IDEVAL) data confirm that ENNs are promising tools for intrusion detection.

AB - The process of learning the behavior of a given program by using machine-learning techniques (based on system-call audit data) is effective to detect intrusions. Rule learning, neural networks, statistics, and hidden Markov models (HMMs) are some of the kinds of representative methods for intrusion detection. Among them, neural networks are known for good performance in learning system-call sequences. In order to apply this knowledge to real-world problems successfully, it is important to determine the structures and weights of these call sequences. However, finding the appropriate structures requires very long time periods because there are no suitable analytical solutions. In this paper, a novel intrusion-detection technique based on evolutionary neural networks (ENNs) is proposed. One advantage of using ENNs is that it takes less time to obtain superior neural networks than when using conventional approaches. This is because they discover the structures and weights of the neural networks simultaneously. Experimental results with the 1999 Defense Advanced Research Projects Agency (DARPA) Intrusion Detection Evaluation (IDEVAL) data confirm that ENNs are promising tools for intrusion detection.

UR - http://www.scopus.com/inward/record.url?scp=33744529638&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33744529638&partnerID=8YFLogxK

U2 - 10.1109/TSMCB.2005.860136

DO - 10.1109/TSMCB.2005.860136

M3 - Article

C2 - 16761810

AN - SCOPUS:33744529638

SN - 1083-4419

VL - 36

SP - 559

EP - 570

JO - IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

JF - IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

IS - 3

ER -

Evolutionary neural networks for anomaly detection based on the behavior of a program

Abstract

Bibliographical note

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this