Evolutionary design of intrusion detection programs
Ajith Abraham2007
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
Abstract Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of intrusions, defined as attempts to compromise the confidentiality, integrity, availability, or to bypass the security mechanisms of a computer or network. This paper proposes the development of an Intrusion Detection Program (IDP) which could detect known attack patterns.
Related papers
Design of an Evolutionary Approach for Intrusion Detection
The Scientific World Journal, 2013
A novel evolutionary approach is proposed for effective intrusion detection based on benchmark datasets. The proposed approach can generate a pool of noninferior individual solutions and ensemble solutions thereof. The generated ensembles can be used to detect the intrusions accurately. For intrusion detection problem, the proposed approach could consider conflicting objectives simultaneously like detection rate of each attack class, error rate, accuracy, diversity, and so forth. The proposed approach can generate a pool of noninferior solutions and ensembles thereof having optimized trade-offs values of multiple conflicting objectives. In this paper, a three-phase, approach is proposed to generate solutions to a simple chromosome design in the first phase. In the first phase, a Pareto front of noninferior individual solutions is approximated. In the second phase of the proposed approach, the entire solution set is further refined to determine effective ensemble solutions considerin...
An Evolution Strategy Approach toward Rule-Set Generation for Intrusion Detection Systems (IDS)
With the increasing number of intrusions in systems' and networks' infrastructures, Intrusion Detection Systems (IDS) have become an active area of research to develop reliable and effective solutions to detect and counter them. The use of Evolutionary Algorithms in IDS has proved its maturity over the times. Although most of the research works have been based on the use of genetic algorithms in IDS, this paper presents an approach toward the generation of rules for the identification of anomalous connections using evolution Strategies . The emphasis is given on how the problem can be modeled into ES primitives and how the fitness of the population can be evaluated in order to find the local optima, therefore resulting in an optimal rules that can be used for detecting intrusions in intrusion detection systems.
Cyber Security and the Evolution of Intrusion Detection Systems
Information Management & Computer Security
Recently cyber security has emerged as an established discipline for computer systems and infrastructures with a focus on protection of valuable information stored on those systems from adversaries who want to obtain, corrupt, damage, destroy or prohibit access to it. Several information security techniques are available today to protect information systems against unauthorized use, duplication, alteration, destruction and virus attacks. An Intrusion Detection System (IDS) is a program that analyzes what happens or has happened during an execution and tries to find indications that the computer has been misused. This article presents some of the challenges in designing efficient intrusion detection systems which could provide high accuracy, low false alarm rate and reduced number of features. Finally, we present how some of the computational intelligence paradigms could be used in designing intrusion detection systems in a distributed environment.
An artificial immune system-inspired multiobjective evolutionary algorithm with application to the detection of distributed computer network intrusions
Proceedings of the 2007 GECCO conference companion on Genetic and evolutionary computation - GECCO '07, 2007
Captain, USAF Approved: AFIT/GCS/ENG/07-05 Dedicated to my mother of 63 years who unexpectedly passed away near the completion of this research. You never pushed me to be someone you wanted; rather, you trusted and supported every decision I made for myself. I know you'll be at my graduation-just not in the seat next to me. iv AFIT/GCS/ENG/07-05 Abstract Today's predominantly-employed signature-based intrusion detection systems are reactive in nature and storage-limited. Their operation depends upon catching an instance of an intrusion or virus after a potentially successful attack, performing post-mortem analysis on that instance and encoding it into a signature that is stored in its anomaly database. The time required to perform these tasks provides a window of vulnerability to DoD computer systems. Further, because of the current maximum size of an Internet Protocol-based message, the database would have to be able to maintain 256 65535 possible signature combinations. In order to tighten this response cycle within storage constraints, this thesis presents an Artificial Immune System-inspired Multiobjective Evolutionary Algorithm intended to measure the vector of tradeoff solutions among detectors with regard to two independent objectives: best classification fitness and optimal hypervolume size. Modeled in the spirit of the human biological immune system and intended to augment DoD network defense systems, our algorithm generates network traffic detectors that are dispersed throughout the network. These detectors promiscuously monitor network traffic for exact and variant abnormal system events based on only the detector's own data structure and the application domain truth set, responding heuristically. The application domain employed for testing was the MIT-DARPA 1999 intrusion detection data set, composed of 7.2 million packets of notional Air Force Base network traffic. Results show our proof-of-concept algorithm correctly classifies at best 86.48% of the normal and 99.9% of the abnormal events, attributed to a detector affinity threshold typically between 39-44%. Further, four of the 16 intrusion sequences were classified with a 0% false positive rate. v Acknowledgments My first thanks always to my Lord and Savior Jesus Christ for giving me all I have. Proverbs 16:9 states, "A man's heart deviseth his way, but the LORD directeth his steps." It is to my good fortune the LORD decided I should attend AFIT. This knowledge and experience serve a greater purpose I have yet to discover. My sincere thanks and heartfelt appreciation to my thesis advisor, Dr. Gary Lamont for showing me that insight begins with the pedagogical example. I also wish to thank my academic advisor and thesis committee member Dr. Paul Williams, Maj, USAF, for his hours of technical expertise and thesis I first looked at that inspired me to formulate the methodology and mechanics of my core research. Thanks to Dr. Peterson who gave and taught the tools to decipher this research's data sets, saving me hours of analysis. I also wish to thank Lt. Col. Timothy Halloran, USAF, for his software engineering precepts and provided project skeletons that unwittingly became the foundation of my software design, GUI layout and seamless use of XML in data saving and loading.
An evolutionary, agent-based model to aid in computer intrusion detection and prevention
2005
We have developed a realistic agent-based simulation model of hacker behavior. In the model, hacker scripts are generated using a simple but powerful "hacker grammar" that has the potential to cover all possible hacker scripts. The model can be used to characterize the evidence generated by any hacker script, including new scripts that appear every day, and to train inexperienced investigators and incident handlers how to deal with a compromised system and look for evidence. The model can also be used in order to design sophisticated artificial intelligence techniques to automate intrusion detection and evidence collection. Finally, we summarize an extension of this work in which an evolutionary algorithm was used to evolve scripts that achieve certain goals without being detected.
Genetic algorithm for intrusion detection system in computer network
Indonesian Journal of Electrical Engineering and Computer Science
Internet connection nowadays has become one of the essential requirements to execute our daily activities effectively. Among the major applications of wide Internet connections is local area network (LAN) which connects all internet-enabled devices in a small-scale area such as office building, computer lab etc. This connection will allow legit user to access the resources of the network anywhere as long as authorization is acquired. However, this might be seen as opportunities for some people to illegally access the network. Hence, the occurrence of network hacking and privacy breach. Therefore, it is very vital for a computer network administrator to install a very protective and effective method to detect any network intrusion and, secondly to protect the network from illegal access that can compromise the security of the resources in the network. These resources include sensitive and confidential information that could jeopardise someone’s life or sovereignty of a country if man...
Performance Evaluation of a Genetic Algorithm Based Approach to Network Intrusion Detection System
International Conference on Aerospace Sciences & Aviation Technology, 2009
The purpose of the work described in this paper is to provide an intrusion detection system (IDS), by applying genetic algorithm (GA) to network intrusion detection system. Parameters and evolution process for GA are discussed in detail and implemented. This approach uses information theory to filter the traffic data and thus reduce the complexity. We use a linear structure rule to classify the network behaviors into normal and abnormal behaviors. This approach applied to the KDD99 benchmark dataset and obtained high detection rate up to 99.87% as well as low false positive rate 0.003%. Finally the results of this approach compared with available machine learning techniques.
Intrusion Detection Systems: Threats, Taxonomy, Tuning
Journal of Financial Crime, 1998
A New Technique by Design an Efficient System for Intrusion Detection
The basic standard of detect of intrusion is based on the assumption that intrusive activities are noticeably different from normal ones and thus are detectable. In past surveys, the capability of fuzzy systems to solve different kinds of problems confirmed. New attacks are emerging every day, detect of intrusion systems play a basic role in identifying possible attacks to the system, and give proper responses. Evolutionary Fuzzy System with the learning capability of Evolutionary Algorithms hybridizes the approximate reasoning method of fuzzy systems. Propose of this paper is to demonstrate the ability of Evolutionary Fuzzy to deal with detect of intrusion classification problem as a new real-world application area. The Evolutionary Fuzzy System would be capable of extracting accurate fuzzy classification in computer network rules to detect normal and intrusive behaviors from network traffic data and applies them. The experimental results were performed with detect of intrusion benchmark dataset which has information on computer networks, and intrusive behaviors during normal. Results of our model have been compared with several famous detect of intrusion systems.
A STUDY ON INTRUSION DETECTION
IAEME, 2019
ABTRACT Intrusion Detection System (IDS) is meant to be a software application which monitors the network or system activities and finds if any malicious operations take place. Tremendous growth and practice of internet raises concerns about how to protect and communicate the digital data in a safe manner. Nowadays, hackers use different types of attacks for getting the valuable information. Many intrusion detection techniques, methods and algorithms assist to identify these attacks. This main objective of this paper is to provide a complete study about the description of intrusion detection, history, life cycle, types of intrusion detection methods, types of attacks, different tools and techniques, research needs, tasks and applications.
Related papers
An Evolutionary Approach to Intrusion Detection System using Genetic Algorithm
2012
With the rapid change and development in the sector of Information Technology and in Network technologies; the value of data and information is also increased. Today lot of valuable data is generated using many computers based application and stored back to the company database. But unfortunately, the threat to the same data is also increasing rapidly. So, development of a proper Intrusion Detection System which provides a right alarm is a hot topic today. There are many areas which helps to build such devices and software applications like Data mining techniques, network protocol system, decision tree, clustering, SNORT, Genetic Algorithm etc. This paper presents a technique of applying evolutionary algorithm i.e. Genetic Algorithm to Intrusion Detection System. It also provides a brief introduction to the parameters and evolution process of a GA and how to implement it in real IDS. Keywords—Data mining, DDOS, Evolutionary algorithm, Genetic Algorithm, Intrusion, IDS, SNORT, Threats
Intrusion detection in web applications: Evolutionary approach
2009 International Multiconference on Computer Science and Information Technology, 2009
A novel approach based on applying a modern metaheuristic Gene Expression Programming (GEP) to detecting web application attacks is presented in the paper. This class of attacks relates to malicious activity of an intruder against applications, which use a database for storing data. The application uses SQL to retrieve data from the database and web server mechanisms to put them in a web browser. A poor implementation allows an attacker to modify SQL statements originally developed by a programmer, which leads to stealing or modifying data to which the attacker has not privileges. While the attack consists in modification of SQL queries sent to the database, they are the only one source of information used for detecting attacks. Intrusion detection problem is transformed into classification problem, which the objective is to classify SQL queries between either normal or malicious queries. GEP is used to find a function used for classification of SQL queries. Experimental results are presented on the basis of SQL queries of different length. The findings show that the efficiency of detecting SQL statements representing attacks depends on the length of SQL statements. Additionally we studied the impact of classification threshold on the obtained results.
Genetic Algorithm Methodology for Intrusion Detection System
International Journal of Engineering Research and Technology (IJERT), 2012
https://www.ijert.org/genetic-algorithm-methodology-for-intrusion-detection-system https://www.ijert.org/research/genetic-algorithm-methodology-for-intrusion-detection-system-IJERTV1IS10450.pdf Network security is of primary concerned now days for large organizations. Various types of Intrusion Detection Systems (IDS) are available in the market like Host based, Network based or Hybrid depending upon the detection technology used by them. Modern IDS have complex requirements. With data integrity, confidentiality and availability, they must be reliable, easy to manage and with low maintenance cost. Various modifications are being applied to IDS regularly to detect new attacks and handle them. In this paper, we are focusing on genetic algorithm (GA) and data mining based Intrusion Detection System.
Applying genetic programming to intrusion detection
1995
Abstract This paper presents a potential solution to the intrusion detection problem in cmnputer security. It uses a combination of work in the fields of Artificial Life and computer security. It shows how an intrusion detection system can be implemented using autonomous agents, and how these agents can be built using Genetic Programming. It also shows how Automatically Defined Functions (ADFs) can be used to evolve genetic programs that contain multiple data types and yet retain type-safety.
An Efficient Model for Network Intrusion Detection System based on an Evolutionary Computational Intelligence Approach
2012
Intrusion Detection systems are increasingly a key part of system defence. Various approaches to Intrusion Detection are currently being used but false alarm rate is higher in those approaches. Network Intrusion Detection involves differentiating the attacks like DOS, U2L, R2L and Probe from the Normal user on the internet. Due to the variety of network behaviors and the rapid development of attack fashions, it’s necessary to develop an efficient model to detect all kinds of attacks. Building an effective IDS is an enormous knowledge engineering task. Characteristics of computational intelligence systems such as adaptation, fault tolerance, high computational speed and error resilience in the face of noisy information fit the requirements of building a good intrusion model. In this paper, we propose a network intrusion detection model based on evolutionary optimization technique called Genetic Network Programming (GNP) with sub attribute utilization mechanism. The proposed model is ...
An Implementation of Intrusion Detection System Using Genetic Algorithm
International Journal of Network Security & Its Applications, 2012
Nowadays it is very important to maintain a high level security to ensure safe and trusted communication of information between various organizations. But secured data communication over internet and any other network is always under threat of intrusions and misuses. So Intrusion Detection Systems have become a needful component in terms of computer and network security. There are various approaches being utilized in intrusion detections, but unfortunately any of the systems so far is not completely flawless. So, the quest of betterment continues. In this progression, here we present an Intrusion Detection System (IDS), by applying genetic algorithm (GA) to efficiently detect various types of network intrusions. Parameters and evolution processes for GA are discussed in details and implemented. This approach uses evolution theory to information evolution in order to filter the traffic data and thus reduce the complexity. To implement and measure the performance of our system we used the KDD99 benchmark dataset and obtained reasonable detection rate.
GENETIC APPROACH TO INTRUSION DETECTION SYSTEM
IAEME PUBLICATION, 2019
This paper exhibits a general diagram of hereditary methodology interruption discovery frameworks and the strategies utilized in these frameworks, giving brief purposes of the structure standards and the significant patterns. In this paper, we will concentrate on the hereditary calculation strategy and how it could be utilized in interruption location frameworks giving a few instances of frameworks and analyses proposed in this field. At that point utilized a man-made brainpower procedures are broadly utilized here, for example, hereditary calculations.
Analysis of Intrusion Detection Systems
2014
With the development of information technologies, the amount of vulnerabilities and threats to various data processing systems is increasing, therefore specialized means of security are required to ensure their normal operation and to prevent intrusions, and a promising area that is actively developing in the field of information security is the detection of cyber attacks and the prevention of intrusions in information systems from the unauthorized side. In order to detect network intrusions there are used modern methods, models, tools and complex technical solutions for intrusion detection and prevention systems, which can remain effective when new or modified types of cyber threats appear. Therefore, there was conducted a generalized analysis of the intrusion detection systems software based on a certain basic set of characteristics («Cyber Attack Class», «Adaptability», «Detection Methods», «System Control», «Scalability», «Observation Level», «Reaction to Cyber Attack», «Security» and «Operating System Support»). It will give certain opportunities for choosing such tools and for developing the most effective security mechanisms during cyber attacks.
Artificial Intrusion Detection Techniques: A Survey
International Journal of Computer Network and Information Security, 2014
Networking has become the most integral part of our cyber society. Everyone wants to connect themselves with each other. With the advancement of network technology, we find this most vulnerable to breach and take information and once information reaches to the wrong hands it can do terrible things. During recent years, number of attacks on networks have been increased which drew the attention of many researchers on this field. There have been many researches on intrusion detection lately. Many methods have been devised which are really very useful but they can only detect the attacks which already took place. These methods will always fail whenever there is a foreign attack which is not famous or which is new to the networking world. In order to detect new intrusions in the network, researchers have devised artificial intelligence technique for Intrusion detection prevention system. In this paper we are going to cover what types evolutionary techniques have been devised and their significance and modification.
Genetic Algorithms in Intrusion Detection Systems: A Survey
The paper provides an introduction to the basic concepts of intrusion detection and genetic algorithms. The generic implementation of genetic algorithms using pseudo code is presented. Pseudo code for genetic algorithm based intrusion detection method is also included for clear understanding. The paper also provides an overview of the advantages and disadvantages of genetic algorithms in general, and as applied to intrusion detection in particular. This survey will provide helpful insight into the related literature and implementation of genetic algorithms in intrusion detection systems. It will also be a good source of information for people interested in the genetic algorithms based intrusion detection systems.
This document is currently being converted. Please check back in a few minutes.