Accession Number : ADA329518

Title :   Detecting Anomalous and Unknown Intrusions against Programs in Real-Time.

Descriptive Note : Final rept. 24 Feb-26 Sep 97,

Corporate Author : RELIABLE SOFTWARE TECHNOLOGIES CORP STERLING VA

Personal Author(s) : Ghosh, Anup ; McGraw, Gary ; Wanken, James ; Charron, Frank

PDF Url : ADA329518

Report Date : 25 SEP 1997

Pagination or Media Count : 30

Abstract : This report discusses the research and results discovered under a Phase I SBIR program awarded by DARPA and the U.S. Missile Command contract number DAAH01-97-C-R095. The main objective of this Phase I research grant is to study the feasibility in using connectionist approaches to detecting the existence of anomalous or unknown intrusions against programs in real-time. The research resulted in the development of a prototype that can be used to train a neural network on both normal and anomalous usage and behavior of programs. The prototype was applied to the usage of Web-based applications as well as to the usage and behavior of a system utility program. Initial results demonstrate the viability of this approach to detecting unknown attacks against systems through misuse and anomalous behavior of software programs. In addition to presenting the empirical results, we discuss theoretical issues in the constraints of this approach, as well as the commercial potential we see in this approach. Though many avenues of research, development, and commercialization still exist, the initial results from this Phase I project demonstrate the feasibility of using connectionist networks to detecting anomalous usage and behavior in programs.

Descriptors :   *SOFTWARE ENGINEERING, *EXPERT SYSTEMS, COMPUTER PROGRAMS, NEURAL NETS, COMMERCE, SECURITY, DEBUGGING(COMPUTERS), INTRUSION DETECTION, MAGNETIC ANOMALY DETECTION.

Subject Categories : Computer Programming and Software
      Computer Systems Management and Standards

Distribution Statement : APPROVED FOR PUBLIC RELEASE