Detalhes bibliográficos
| Ano de defesa: |
2008 |
| Autor(a) principal: |
Sousa, Eusam Pereira de |
| Orientador(a): |
Monteiro, José Augusto Suruagy
 |
| Banca de defesa: |
Martins, Joberto Sérgio Barbosa
,
Bertoni, Fabiana Cristina
|
| Tipo de documento: |
Dissertação
|
| Tipo de acesso: |
Acesso aberto |
| Idioma: |
por |
| Instituição de defesa: |
Universidade Salvador
|
| Programa de Pós-Graduação: |
Programa de Pós-Graduação em Sistemas e Computação
|
| Departamento: |
Sistemas e Computação
|
| País: |
BR
|
| Palavras-chave em Português: |
|
| Palavras-chave em Inglês: |
|
| Área do conhecimento CNPq: |
|
| Link de acesso: |
http://teste.tede.unifacs.br:8080/tede/handle/tede/257
|
Resumo: |
The probability of occurring attacks in computers networks, and as a consequence the emergence of traffic anomalies, increased with the complexity growth of computer networks. The identification, analysis, and treatment of these anomalies in the shortest time possible have become more important and an essential part in network management. The main goal of an intrusion detection system (IDS) is to be able to achieve a high hit and a low false alarm rates. Anomaly based IDS using techniques that seek to identify differences based on comparison of traffic patterns deemed normal, with anomalous patterns. Using the generalization ability of neural networks, it was possible to make the classification of attacks present on the connection record base, made available by the International Data Mining Competition KDD Cup 1999, including attacks not yet known by the neural network, during its training stage. The results obtained in this work were compared with those from the competition winner, to assess the effectiveness of the method. Then, it was submitted to the neural network only the connection record characteristics considered relevant, based on the results obtained by Zincir-Heywood et al (2005), i.e., those features extremely useful for an accurate determination of the attack class that a connection record belongs to. In this way, the neural network had its size reduced, reducing the attacks classification time without compromising its hit rate. Furthermore, with the objective of reducing the neural network learning and classification times, in order to facilitate the use of this technique in the real-time intrusion detection, it has been used some heuristics available in the literature to improve the neural network performance |
