Design of an Evolutionary Approach for Intrusion Detection

2007

Abstract Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of intrusions, defined as attempts to compromise the confidentiality, integrity, availability, or to bypass the security mechanisms of a computer or network. This paper proposes the development of an Intrusion Detection Program (IDP) which could detect known attack patterns.

2012

Intrusion Detection systems are increasingly a key part of system defence. Various approaches to Intrusion Detection are currently being used but false alarm rate is higher in those approaches. Network Intrusion Detection involves differentiating the attacks like DOS, U2L, R2L and Probe from the Normal user on the internet. Due to the variety of network behaviors and the rapid development of attack fashions, it’s necessary to develop an efficient model to detect all kinds of attacks. Building an effective IDS is an enormous knowledge engineering task. Characteristics of computational intelligence systems such as adaptation, fault tolerance, high computational speed and error resilience in the face of noisy information fit the requirements of building a good intrusion model. In this paper, we propose a network intrusion detection model based on evolutionary optimization technique called Genetic Network Programming (GNP) with sub attribute utilization mechanism. The proposed model is ...

The Internet has become a part of daily life and an essential tool today. Internet has been used as an important component of business models. Therefore, It is very important to maintain a high level security to ensure safe and trusted communication of information between various organizations.

2020

Recently, with the technological and digital revolution, the security of data is very crucial as a massive amount of data is generated from various networks. Intrusion Detection System (IDS) has been observed to be perhaps the best solution because of its capability to distinguish between attacks that originate within or outside a corporate network. In this study, the most significant features for enhancing the IDS efficiency and creating a smaller dataset in order to reduce the execution time for detecting attacks are selected from the sizeable network dataset. This research designed an anomaly-based detection, by adopting the modified Cuckoo Search Algorithm (CSA), called Mutation Cuckoo Fuzzy (MCF) for feature selection and Evolutionary Neural Network (ENN) for classification. The proposed search algorithm uses mutation to more accurately examine the search space, to allow candidates to escape local minima. Moreover, the value of the solution is evaluated based on the objective function and the Fuzzy C Means (FCM) clustering method used to provide the best results for the overlapping dataset and create the fuzzy membership search domain which includes all possible compromise solutions. A proposed model has been practically used to the problem of intrusion detection as well as been validated using the NSL-KDD dataset. The experimental results reveal that reducing features by selecting and utilizing the most relevant features can improve execution time and at the same time enhance the efficiency and performance of IDS. INDEX TERMS Intrusion detection systems (IDSs), multilayer perceptron (MLP), multiverse optimization (MVO), cuckoo search algorithm (CSA), feature selection (FS), NSL-KDD dataset.

2015

The process of clustering technique plays an important role in intrusion detection system. The processes of clustering technique grouped the network traffic data on the basis of similarity and validate the traffic data. The process of clustering suffered from the problem of large number of iteration and loss of data. Now a day’s various authors used various optimization technique for the controlling the number of iteration and selection of seed. In this paper present review of intrusion detection techniques for clustering data using KDDCUP dataset which include both normal and abnormal data.

2008

In this paper a network Intrusion Detection System ) is proposed. The analysis engine of the IDS is modeled by the ENN and its ability to predict attacks in a network environment is evaluated. The ENN is trained by a Particle Swarm Optimization (PSO) algorithm using labeled data from the KDD cup `99 competition. The results from the experiments are compared to the results by the same competition and give positive results in the recognition of DoS and Probe attacks.

International journal of engineering research and technology, 2021

The Intrusion Detection System (IDS) plays a significant part in security schemes. Network IDS (NIDS) seems to have a position in the detection of harmful and unauthorized networks and systems among its various forms. The identification of Denial of Service (DoS) and Probe-based threats in most NIDS investigations was reasonably reliable in the literary works. Consequently, in the current Big-Data based Hierarchic-Deep-Learning System (BDHDLS) for multiple datasets, the detection rate of many other threat segments remains weak. Machine Learning has the capabilities to solve such an inaccuracy problem. In this research, an Optimized Genetic Algorithm (OGA) architecture was proposed for generating strongly optimized results for security analysts both in minor and major attack categories. The evolutionary design is developed utilizing the standard Genetic algorithm with optimization of Shift based Reverse-Logic Crossover. In the training process where the best particle in the GA interacts with the poor particle in the internal GA to produce new solutions which improve the detection of mutant threats. This means that the optimization method develops the right guidelines for important groups of attacks. Various tests were carried out over multiple datasets with varying settings. The results indicate that the proposed method is more accurate than many established methods and more effective.

Proceedings of the 2007 GECCO conference companion on Genetic and evolutionary computation - GECCO '07, 2007

Captain, USAF Approved: AFIT/GCS/ENG/07-05 Dedicated to my mother of 63 years who unexpectedly passed away near the completion of this research. You never pushed me to be someone you wanted; rather, you trusted and supported every decision I made for myself. I know you'll be at my graduation-just not in the seat next to me. iv AFIT/GCS/ENG/07-05 Abstract Today's predominantly-employed signature-based intrusion detection systems are reactive in nature and storage-limited. Their operation depends upon catching an instance of an intrusion or virus after a potentially successful attack, performing post-mortem analysis on that instance and encoding it into a signature that is stored in its anomaly database. The time required to perform these tasks provides a window of vulnerability to DoD computer systems. Further, because of the current maximum size of an Internet Protocol-based message, the database would have to be able to maintain 256 65535 possible signature combinations. In order to tighten this response cycle within storage constraints, this thesis presents an Artificial Immune System-inspired Multiobjective Evolutionary Algorithm intended to measure the vector of tradeoff solutions among detectors with regard to two independent objectives: best classification fitness and optimal hypervolume size. Modeled in the spirit of the human biological immune system and intended to augment DoD network defense systems, our algorithm generates network traffic detectors that are dispersed throughout the network. These detectors promiscuously monitor network traffic for exact and variant abnormal system events based on only the detector's own data structure and the application domain truth set, responding heuristically. The application domain employed for testing was the MIT-DARPA 1999 intrusion detection data set, composed of 7.2 million packets of notional Air Force Base network traffic. Results show our proof-of-concept algorithm correctly classifies at best 86.48% of the normal and 99.9% of the abnormal events, attributed to a detector affinity threshold typically between 39-44%. Further, four of the 16 intrusion sequences were classified with a 0% false positive rate. v Acknowledgments My first thanks always to my Lord and Savior Jesus Christ for giving me all I have. Proverbs 16:9 states, "A man's heart deviseth his way, but the LORD directeth his steps." It is to my good fortune the LORD decided I should attend AFIT. This knowledge and experience serve a greater purpose I have yet to discover. My sincere thanks and heartfelt appreciation to my thesis advisor, Dr. Gary Lamont for showing me that insight begins with the pedagogical example. I also wish to thank my academic advisor and thesis committee member Dr. Paul Williams, Maj, USAF, for his hours of technical expertise and thesis I first looked at that inspired me to formulate the methodology and mechanics of my core research. Thanks to Dr. Peterson who gave and taught the tools to decipher this research's data sets, saving me hours of analysis. I also wish to thank Lt. Col. Timothy Halloran, USAF, for his software engineering precepts and provided project skeletons that unwittingly became the foundation of my software design, GUI layout and seamless use of XML in data saving and loading.

Due to the wide range application of internet and computer networks, the securing of information is indispensable one. In order to secure the information system more effectively, various distributed intrusion detection has been developed in the literature. In this paper, we utilize the oppositional genetic algorithm for Distributed Network Intrusion Detection utilizing the oppositional set based population selection mechanism. This system is mostly useful for detecting unauthorized & malicious attack in distributed network. Here, Oppositional genetic algorithm (OGA) is utilized in OGA ensemble for learning the intrusion detection behavior of networks. Also, OGA ensemble is adapted for distributed intrusion detection system by creating the network profile which classifies normal and abnormal behavior of network. For experimentation, network profile contains different classifier which uses training data set of KDD Cup 99 to generate intrusion rules. For validation, we utilize the confusion matrix, sensitivity, specificity and accuracy and the results are proved that the proposed OGEdIDS are better for intrusion detection.

With the increasing number of intrusions in systems' and networks' infrastructures, Intrusion Detection Systems (IDS) have become an active area of research to develop reliable and effective solutions to detect and counter them. The use of Evolutionary Algorithms in IDS has proved its maturity over the times. Although most of the research works have been based on the use of genetic algorithms in IDS, this paper presents an approach toward the generation of rules for the identification of anomalous connections using evolution Strategies . The emphasis is given on how the problem can be modeled into ES primitives and how the fitness of the population can be evaluated in order to find the local optima, therefore resulting in an optimal rules that can be used for detecting intrusions in intrusion detection systems.

International Journal of Engineering Research and Technology (IJERT), 2012

https://www.ijert.org/genetic-algorithm-methodology-for-intrusion-detection-system https://www.ijert.org/research/genetic-algorithm-methodology-for-intrusion-detection-system-IJERTV1IS10450.pdf Network security is of primary concerned now days for large organizations. Various types of Intrusion Detection Systems (IDS) are available in the market like Host based, Network based or Hybrid depending upon the detection technology used by them. Modern IDS have complex requirements. With data integrity, confidentiality and availability, they must be reliable, easy to manage and with low maintenance cost. Various modifications are being applied to IDS regularly to detect new attacks and handle them. In this paper, we are focusing on genetic algorithm (GA) and data mining based Intrusion Detection System.

The paper provides an introduction to the basic concepts of intrusion detection and genetic algorithms. The generic implementation of genetic algorithms using pseudo code is presented. Pseudo code for genetic algorithm based intrusion detection method is also included for clear understanding. The paper also provides an overview of the advantages and disadvantages of genetic algorithms in general, and as applied to intrusion detection in particular. This survey will provide helpful insight into the related literature and implementation of genetic algorithms in intrusion detection systems. It will also be a good source of information for people interested in the genetic algorithms based intrusion detection systems.

2011

Network intrusion detection has remained a field of rigorous research over the past few years. Advances in computing performance, in terms of processing power and storage, have allowed the use of resource-intensive intelligent algorithms, to detect intrusive activities, in a timely manner. Genetic Algorithms have emerged as a powerful domain-independent technique to facilitate searching of the most effective set of rules, to differentiate between normal and anomalous network traffic. The scope of research for developing cutting-edge and effective GA-based intrusion detection systems, has rapidly expanded to keep pace with variant attack types, increasingly witnessed from the adversary class. In this paper, we propose a GA-based technique for effectively identifying network intrusion attempts, and clearly differentiating these from normal network traffic. The performance of the proposed scheme is studied and analyzed on the KDD-99 intrusion benchmark data set. We performed a simulation-based analysis of the proposed scheme, with results strengthening our findings, and providing us directions for future work.

Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication - ICUIMC '13, 2013

Intrusion Detection Systems (IDSs) deal with large amount of data containing irrelevant and redundant features, which leads to slow training and testing processes, heavy computational resources and low detection accuracy. Therefore, the features selection is an important issue in intrusion detection. In this paper, we investigate the use of evolution algorithms for features selection approach in IDS. We compared the performance of three feature selection algorithms: Genetic Algorithms (GAs), Particle Swarm Optimization (PSO) and Differential Evolution (DE) using KDD Cup 1999 dataset. Our results show that DE is clearly and consistently superior compared to GAs and PSO for feature selection problems, both in respect to classification accuracy as well as number of features.

2015

The Internet has become a part of daily life and an essential tool today. Internet has been used as an important component of business models. Therefore, It is very important to maintain a high level security to ensure safe and trusted communication of information between various organizations. Intrusion detection is one of the important security constraints for maintaining the integrity of information. Various approaches have been applied in past that are less effective to curb the menace of intrusion. There are large amount of network traffic captured in terms of number of features and number of record, so it is very difficult to process all the network traffic before making any decision about normal or abnormal. So it is having longer training time and complexity. Thus the purpose is to provide an intrusion detection system (IDS), by modifying the genetic algorithm to network intrusion detection system. As we have applied attribute subset reduction on the basis of Information gai...