HostedDB - Dedicated UNIX Servers
paperF13_11 4.  Further Work The preliminary results from our experimental feed-forward neural network give a positive indication of the potential offered by this approach, but a significant amount of research remains before it can function as an effective intrusion detection system.  A complete system will require the ability to directly receive inputs from a network data stream.  The most difficult component of the analysis of network traffic by a neural network is the ability to effectively analyze the information in the data portion of an IP datagram.  The various commands that are included in the data often provide the most critical element in the process of determining if an attack is occurring against a network. The most effective neural network architecture is also an issue that must be addressed.  A feed- forward neural network that used a backpropagation algorithm was chosen because of its simplicity and reliability in a variety of applications.  However, alternatives such as the self- organizing feature map also possess advantages in misuse detection that may promote their use. In addition, an effective neural network-based approach to misuse detection must be highly adaptive.  Most neural network architectures must be retrained if the system is to be capable of improving its analysis in response to changes in the input patterns, (e.g., “new” events are recognized with a consistent probability of being an attack until the network is retrained to improve the recognition of these events).  Adaptive resonance theory ([2]) and self-organizing maps ([16]) offer an increased level of adaptability for neural networks, and these approaches are being investigated for possible use in an intrusion detection system. Finally, regardless of the initial implementation of a neural network-based intrusion detection system for misuse detection it will be essential for the approach to be thoroughly tested in order to gain acceptance as a viable alternative to expert systems.  Work has been conducted on taxonomies for testing intrusion detection systems ([3, 22]) that offer a standardized method of validating new technologies.  Because of the questions that are certain to arise from the application of neural networks to intrusion detection, the use of these standardized methods is especially important.