Intrusion Detection With Neural Networks (1998)
Jake Ryan, Meng-Jang Lin, and Risto Miikkulainen
With the rapid expansion of computer networks during the past few years, security has become a crucial issue for modern computer systems. A good way to detect illegitimate use is through monitoring unusual user activity. Methods of intrusion detection based on hand-coded rule sets or predicting commands on-line are laborous to build or not very reliable. This paper proposes a new way of applying neural networks to detect intrusions. We believe that a user leaves a 'print' when using the system; a neural network can be used to learn this print and identify each user much like detectives use thumbprints to place people at crime scenes. If a user's behavior does not match his/her print, the system administrator can be alerted of a possible security breech. A backpropagation neural network called NNID (Neural Network Intrusion Detector) was trained in the identification task and tested experimentally on a system of 10 users. The system was 96% accurate in detecting unusual activity, with 7% false alarm rate. These results suggest that learning user profiles is an effective way for detecting intrusions.
In Advances in Neural Information Processing Systems 10, Michael I. Jordan and Michael J. Kearns and Sara A. Solla (Eds.), pp. 943-949 1998. Cambridge, MA: MIT Press.

Risto Miikkulainen Faculty risto [at] cs utexas edu
Jake Ryan Undergraduate Alumni