Abstract not found

Intrusion Detection systems (IDSs) have previously been built by hand. These systems have difficulty successfully classifying intruders, and require a significant amount of computational overhead making it difficult to create robust real-time IDS systems. Artificial Intelligence techniques can reduce the human effort required to build these systems and can improve their performance. Learning and induction are used to improve the performance of search problems, while clustering has been used for data analysis and reduction. AI has recently been used in Intrusion Detection (ID) for anomaly detection, data reduction and induction, or discovery, of rules explaining audit data. We survey uses of artificial intelligence methods in ID, and present an example using feature selection to improve the classification of network connections. The network connection classification problem is related to ID since intruders can create "private" communications services undetectable by normal means. We als...

In this paper we discuss the approach of using a personal security assistant for interacting with mobile agents visiting your computer. Current agent security approaches are often based on trust in an external authority who guarantees that the agent is correct#benign or that your local resources have all been assigned correct access-restrictions. We argue that a more rewarding security policy is to grant the visiting agent access to resources on the assumption that it will do useful work for you and behave as expected. Not disqualifying agents from doing useful work for you on the grounds that you have no previous experience from them facilitates the introduction of new agents into the market since trusting the sender is less crucial. The paper contains a discussion on the security approach taken in most of todays agent systems and how security is enforced byIntrusion Detection Systems. We give a rationale for using an interactivePersonal Security Assistant as an aid for detecting malicious agents visiting enduser agentenvironments and sketch the architecture and design criteria of such an assistant. We discuss how malicious programs could be identi #ed and mention some preliminary experiments with Java-applets. # Submitted to NEW SECURITY PARADIGMS '96 Workshop, Lake Arrowhead, CA, September 16-19, 1996. This work was supported by a grant from NUTEK, the Swedish National Board for Industrial and Technical Development. 1 1

Real world classification applications usually have many features. This increases the complexity of the classification task. Choosing a subset of the features may increase accuracy and reduce complexity of the acquired knowledge. We present a new feature subset selection method by using sorted feature relevance. We tested the new method on real world and artificial datasets and compared its results with existing methods. We showed that the new method chooses good subsets by searching fewer states than the existing methods. In the new method, we first sort the features according to their relevance and test the subsets formed by the most relevant features to find a starting subset for searching the subset space. We show that this technique speeds up the search considerably for most of the problem domains.

Neural Networks are very successful in acquiring hidden knowledge in datasets. Their most important weakness is that the knowledge they acquire is represented in a form not understandable to humans. Understandability problem of Neural Networks can be solved by extracting Decision Rules or Decision Trees from the trained network. There are several Decision Rule extraction methods and Mark Craven's TREPAN which extracts MofN type Decision Trees from trained networks. We introduced new splitting techniques for extracting classical Decision Trees from trained Neural Networks. We showed that the new method (DecText) is effective in extracting high fidelity trees from trained networks. We also introduced a new discretization technique to make DecText be able to handle continuous features and a new pruning technique for finding simplest tree with the highest fidelity.