Applying Genetic Programming to Evolve Learned Rules for Network Anomaly Detection
نویسندگان
چکیده
The DARPA/MIT Lincoln Laboratory off-line intrusion detection evaluation data set is the most widely used public benchmark for testing intrusion detection systems. But the presence of simulation artifacts attributes would cause many attacks in this dataset to be easily detected. In order to eliminate their influence on intrusion detection, we simply omit these attributes in the processes of both training and testing. We also present a GP-based rule learning approach for detecting attacks on network. GP is used to evolve new rules from the initial learned rules through genetic operations. Our results show that GP-based rule learning approach outperforms the original rule learning algorithm, detecting 84 of 148 attacks at 100 false alarms despite the absence of several simulation artifacts attributes.
منابع مشابه
New scheduling rules for a dynamic flexible flow line problem with sequence-dependent setup times
In the literature, the application of multi-objective dynamic scheduling problem and simple priority rules are widely studied. Although these rules are not efficient enough due to simplicity and lack of general insight, composite dispatching rules have a very suitable performance because they result from experiments. In this paper, a dynamic flexible flow line problem with sequence-dependent se...
متن کاملDetecting New Forms of Network Intrusion Using Genetic Programming
How to find and detect novel or unknown network attacks is one of the most important objectives in current intrusion detection systems. In this paper, a rule evolution approach based on Genetic Programming (GP) for detecting novel attacks on networks is presented and four genetic operators, namely reproduction, mutation, crossover, and dropping condition operators, are used to evolve new rules....
متن کاملIntrusion Detection using Fuzzy Data Mining
With the rapid expansion of computer networks during the past few years, security has become a crucial issue for modern computer systems. A good way to detect illegitimate use is through monitoring unusual user activity. The solution is an Intrusion Detection System (IDS) which is used to identify attacks and to react by generating an alert or blocking the unwanted data. For IDS, use of genetic...
متن کاملAssessment Methodology for Anomaly-Based Intrusion Detection in Cloud Computing
Cloud computing has become an attractive target for attackers as the mainstream technologies in the cloud, such as the virtualization and multitenancy, permit multiple users to utilize the same physical resource, thereby posing the so-called problem of internal facing security. Moreover, the traditional network-based intrusion detection systems (IDSs) are ineffective to be deployed in the cloud...
متن کاملApplying Knowledge Discovery in Database Techniques in Modeling Packet Header Anomaly Intrusion Detection Systems
This paper describes packet header anomaly intrusion detection system modeling. The essence of the discussion in this paper is on applying knowledge discovery in database technique to produce expert production rules which is one of the main components of our model which we call as Protocol based Packet Header Anomaly Detector (PbPHAD) Intrusion Detection System. PbPHAD is designed to detect the...
متن کامل