Stefano, Stefano Zanero wrote: > I'm currently working around an academic project to evaluate how > and if neural network (NN) systems can be used as outlyer > detectors on system logs, to spot potential security breaches or > anomalies. I had a similar topic for my PhD thesis almost 10 years ago. You should be able to get some information about my work from my SSP'92 and IJCNN'92 papers. What's never been published about this work is that we did a field trial (the results are in the thesis, and I'll try to make it available online, at least in french, soon). The two saliant results were that the approach worked very well for users with a well defined work profile, and to differentiate root activity between automated tasks and manual intervention. The system would train itself automatically and retrain if necessary. The drawback of the approach was that for a few users with very varying activities, the NN would not converge. In all cases the NN would provide results along with a confidence in these results. > 3) the chosen approach, for those with experience with neural algorithms, is > unsupervised learning, but this could change if we feel that supervised > learning is appropriate and feasible. I was using a simple recurrent neural network, using backpropagation in a semi-automated way. The NNs were large (several hundred neurons) but the encoding was such that only a few of them were active at a time, hence very fast computation. Hervé -- Hervé Debar <mailto:herve.debarat_private> Tel: +33 (0)2 31 75 92 61 GSM: +33 (0)6 74 09 09 66 France Télécom R&D Fax: +33 (0)2 31 75 93 13 42 rue des Coutures (-/-) BP 6243 (-/-) F-14066 Caen Cedex 4
This archive was generated by hypermail 2b30 : Mon Jul 29 2002 - 07:51:49 PDT