Investigation of a Neural Network Implementation of a TCP Packet Anomaly Detection System

Abstract : We present the design and implementation of an artificial neural network (ANN) system of multi-layer perceptron classifiers to detect suspicious TCP traffic at a single packet level. The advantage to using ANNs for the detection of attacks is that they do not only rely on attack signatures, as in many common signature-based IDSs. Rather they are capable of learning broader definitions of attack attributes. The use of ANNs in this approach also enhances the processing speed where real-time applications require the processing of substantial amounts of data at high speeds. The ANN model was tested on labelled sets of attack data obtained from the DARPA IDS Evaluation. The model was successful in detecting a variety of attacks, including denial of service attacks, probing activity and other suspicious activity. Future work will examine the application of an ANN to sequences of related packets to detect attacks.