The Application Of Neural Networks to UNIX Computer Security

Abstract

Computer security can be divided into two distinct areas, preventive security and the detection of security violations. Of the two, a greater degree of research and emphasis has been applied to prevention, while detection has been relatively overlooked. This is a costly oversight as preventive measures are never infallible. To date the detection of intruder violation on computer systems is a field heavily dominated by expert systems. However, the major drawbacks attributed to these systems including their heavy demand on system resources and their poor handling of the dynamic nature of user behaviour [10, 11], have made their use infeasible. In practice, the effectiveness of intruder detection is heavily reliant upon the skills of the presiding system administrators and their knowledge of the behaviour of their users. The present study approaches the problem from a pattern recognition point of view, where a neural network is used to capture user behaviour patterns. It proposes that neural networks are not only capable of outperforming its heavier expert systems counterparts but in many ways better suits the demands and dynamic nature of the problem. In exploiting the strengths of neural networks in recognition, classification and generalisation this research illustrates the effectiveness of the neural network contribution to the application of intruder detection. 1