A Cache Oblivious based GA Solution for Clustering Problem in IDS

In this we present an efficient solution for eliminating false positives in intrusion detection systems using a parallelized version of Genetic Algorithm. Genetic algorithm uses selection, mutation and crossover operations eliminating most of the false positives in a reasonable time. Almost all existing versions are sequential without exploiting the capabilities of newer multiprocessors or distributed systems. By parallelizing genetic operations in the context of intrusion detection systems we reduce the total complexities. This parallelized approach gives better solution than sequential one by taking advantage of the parallel architecture. We propose the use of cache oblivious technique in our algorithm to provide efficient memory transfers. The complexity of this algorithm is O((N/B) logM/B N1/3/3 + N1/ 3) which is very much lesser when compared to other sorting algorithms.

[1]  Marco Furini,et al.  International Journal of Computer and Applications , 2010 .

[2]  Stefan Axelsson,et al.  The base-rate fallacy and the difficulty of intrusion detection , 2000, TSEC.

[3]  Jianxin Wang,et al.  A GA-based Solution to an NP-hard Problem of Clustering Security Events , 2006, 2006 International Conference on Communications, Circuits and Systems.

[4]  Sara Matzner,et al.  An application of machine learning to network intrusion detection , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[5]  Chris Clifton,et al.  Developing custom intrusion detection filters using data mining , 2000, MILCOM 2000 Proceedings. 21st Century Military Communications. Architectures and Technologies for Information Superiority (Cat. No.00CH37155).

[6]  Lisa Talbot,et al.  Data Mining for Improving Intrusion Detection , 2000 .

[7]  Octavio Nieto-Taladriz,et al.  Improving network security using genetic algorithm approach , 2007, Comput. Electr. Eng..

[8]  Wei Li,et al.  Using Genetic Algorithm for Network Intrusion Detection , 2004 .

[9]  Klaus Julisch,et al.  Mining alarm clusters to improve alarm handling efficiency , 2001, Seventeenth Annual Computer Security Applications Conference.

[10]  Klaus Julisch,et al.  Clustering intrusion detection alarms to support root cause analysis , 2003, TSEC.

[11]  Stefanos Manganaris,et al.  A Data Mining Analysis of RTID Alarms , 2000, Recent Advances in Intrusion Detection.