With the expansion of Internet and its importance, the types and number of the attacks have also grown making intrusion detection an increasingly important technique. In this work we have realized a misuse detection system based on genetic algorithm (GA) approach. For evolving and testing new rules for intrusion detection the KDD99Cup training and testing dataset were used. To be able to proces...

'Logging User Actions in Relational Mode' (LUARM) is an open source audit engine for Linux. It provides a near real-time snapshot of a number of user action data such as file access, program execution and network endpoint user activities, all organized in easily searchable relational tables. LUARM attempts to solve two fundamental problems of the insider IT misuse domain. The first concerns the...

The objective of this is to develop a Fuzzy aided Application layer Semantic Intrusion Detection System (FASIDS) which works in the application layer of the network stack. FASIDS consist of semantic IDS and Fuzzy based IDS. Rule based IDS looks for the specific pattern which is defined as malicious. A non-intrusive regular pattern can be malicious if it occurs several times with a short time in...

This report considers the application of Artificial Intelligence (AI) techniques to the problem of misuse detection within telecommunications environments. A broad survey of techniques is provided, that covers inter alia rule based systems, case based reasoning, pattern matching, clustering and feature extraction, artificial neural networks, genetic algorithms, artificial immune systems, agent ...

A Generic Architecture for Insider Misuse Monitoring in I T Systems Aung Htike Phyo BSc (Hons) Intrusion Detection Systems (IDS) have been widely deployed within many organisations' IT nenvorks to delect network penetration attacks by outsiders and privilege escalation attacks by insiders. However, traditional IDS are ineffective for detecting o f abuse o f legitimate privileges by authorised u...

Cryptographic systems are the most widely used techniques for information security. These systems however have their own pitfalls as they rely on prevention as their sole means of defense. That is why most of the organizations are attracted to the intrusion detection systems. The intrusion detection systems can be broadly categorized into two types, Anomaly and Misuse Detection systems. An anom...

This paper describes an expert system development toolset called the Production-Based Expert System Toolset (P-BEST) and how it is employed in the development of a modern generic signature-analysis engine for computer and network misuse detection. For more than a decade, earlier versions of P-BEST have been used in intrusion detection research and in the development of some of the most wellknow...

The notion of Computer Policy is fundamental to the study of computer security models, the analysis of computer vulnerabilities, the development of intrusion detection tools, and the development of misuse detection tools. Security only makes sense in relation to security policies that specify what is being protected, how it must be protected, who has access to what is being protected, etc. Poli...

As the computer environment changes significantly, several mechanisms such as firewall are developed and intrusion detection system (IDS) is the representative among them. However, because many IDSs are modeled and evaluated with known intrusion patterns, they have inertia not to detect the intrusions which are unknown or transformed. In this paper, we propose an IGA-based method to generate th...