Answer the question
In order to leave comments, you need to log in
What existing IDS (Intrusion Detection Systems) use neural networks?
As far as I understand, most intrusion detection systems use signature or statistical methods. Which IDS fully or partially use neural networks?
And the second sub-question: why are neural networks not so widely used in this area, what are the significant drawbacks?
Answer the question
In order to leave comments, you need to log in
The use of ANNs in IDS is currently more experimental. There are many scientific papers where they try to find appropriate solutions. As for ready-made systems - I don't think that IDS available to the general public will include either neural networks or other ML solutions either today, or tomorrow, or in the future. Closed and corporate systems - quite and they are already slowly available and used. This is because as soon as you make such a decision public, its value drops to zero. This is about the same as opening the scheme of your defense on the battlefield. Add here what is called Adversarial Machine Learning and the development of this direction literally in the last two or three years. Therefore, everyone builds his own defense and keeps its description as the most valuable trade secret.
By the way, some ML modules are even built into Splunk. But precisely as a tool, and not as a solution, i.e. take it, write your own decisions and apply if you want. In addition, from my point of view and according to the information that I have, systems based on statistical and Data Mining approaches today give a much greater chance of getting a positive result and are used much more widely than systems based on the use of neural networks.
There are also problems associated with the complexity of the subject area itself. Finding anomalies in traffic, and even more so in user behavior, turned out to be much more difficult (and - in my opinion - more interesting) than developing half-toy solutions for recommender trading systems, currency quotes prediction systems, or funny but of little use "systems for detecting people without masks" . But less pretentious and fashionable. Therefore, there are not so many posts on blogs and websites on the subject. In addition, the solution in this area cannot be "relied" on one method, as is often the case in other software - which means that they should be more complex and complex, and the specialists working here should have a much broader scientific outlook, specialize in a whole range of Machibe Learning methods, and in addition - it’s also not bad to understand information security as such. Those. nothing can be done from the raid from the word "absolutely", spectacular pictures will not work. This means there is much less noise around.
There are other problems as well. Some of them are well analyzed in one of the latest works (2019) that I came across on this topic, which can be found under the title "Machine Learning in Cyber-Security - Problems, Challenges and Data Sets", the first author is Idan Amit. There is a fundamental absence of training datasets and much more. If you're interested, google it.
However, it cannot be said that there are no books and other scientific information on the subject at all. My personal list of only books on this topic (not about neural networks, but about Machine Learning in CyberSecurity in different aspects) - contains about 25 titles, though in Russian there is only one, not quite new and leaves much to be desired in quality (I will not advertise ). And the number of articles exceeds two hundred, and these are only those that seemed useful to me.
Somehow like this. I'm not sure that I satisfied your curiosity, but I hope that I gave food for independent thought.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question