14th Annual Computer Security Applications Conference
December 7-11, 1998
Phoenix, Arizona
Abstract
Detecting Anomalous and Unknown Intrusions Against Programs
The ubiquity of the Internet connection to desktops has been both boon
to business as well as cause for concern for the security of digital
assets that may be unknowingly exposed. Firewalls have been the most
commonly deployed solution to secure corporate assets against
intrusions, but firewalls are vulnerable to errors in configuration,
ambiguous security policies, data-driven attacks through allowed
services, and insider attacks. The failure of firewalls to adequately
protect
digital assets from computer-based attacks has been boon to commercial
intrusion detection tools. Two general approaches to detecting
computer security intrusions in real-time are misuse detection and
anomaly detection. Misuse detection attempts to detect known attacks
against computer systems. Anomaly detection uses knowledge of users'
normal behavior to detect attempted attacks. The primary advantage of
anomaly detection over misuse detection methods is the ability to
detect novel and unknown intrusions. This paper presents a study in
employing neural networks to detect the existence of anomalous and
unknown intrusions against a software system using the anomaly
detection approach.