An Evolutionary Approach to Generate Fuzzy Anomaly Signatures

This paper describes the generation of fuzzy signatures to detect some cyber attacks. This approach is an enhancement to our previous work, which was based on the principle of negative selection for generating anomaly detectors using genetic algorithms. The present work includes a different genetic representation scheme for evolving efficient fuzzy detectors. To determine the performance of the proposed approach, which is named Evolving Fuzzy Rules Detectors (EFR), experiments were conducted with three different data sets. One data set contains wireless data, generated using network simulator (NS2) while the other two data sets are publicly available. Results exhibited that our approach outperformed the previous techniques.

[1]  Fabio A. González,et al.  An immunity-based technique to characterize intrusions in computer networks , 2002, IEEE Trans. Evol. Comput..

[2]  D. Dasgupta,et al.  Combining negative selection and classification techniques for anomaly detection , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[3]  Fabio A. González,et al.  An Imunogenetic Technique To Detect Anomalies In Network Traffic , 2002, GECCO.

[4]  Andrew M. Tyrrell Computer Know Thy Self!: A Biological Way to Look at Fault-Tolerance , 1999, EUROMICRO.

[5]  Gregg H. Gunsch,et al.  An artificial immune system architecture for computer security applications , 2002, IEEE Trans. Evol. Comput..

[6]  Ralph R. Martin,et al.  A Sequential Niche Technique for Multimodal Function Optimization , 1993, Evolutionary Computation.

[7]  D. Dasgupta Artificial Immune Systems and Their Applications , 1998, Springer Berlin Heidelberg.

[8]  Ron Kohavi,et al.  The Case against Accuracy Estimation for Comparing Induction Algorithms , 1998, ICML.

[9]  A.M. Tyrell,et al.  Computer know thy self!: a biological way to look at fault-tolerance , 1999, Proceedings 25th EUROMICRO Conference. Informatics: Theory and Practice for the New Millennium.

[10]  Jonatan Gómez,et al.  Evolving Fuzzy Classifiers for Intrusion Detection , 2002 .

[11]  Dipankar Dasgupta,et al.  Novelty detection in time series data using ideas from immunology , 1996 .

[12]  Salvatore J. Stolfo,et al.  Using artificial anomalies to detect unknown and known network intrusions , 2003, Knowledge and Information Systems.

[13]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[14]  D. Dasgupta,et al.  A MORE BIOLOGICALLY MOTIVATED GENETIC ALGORITHM: THE MODEL AND SOME RESULTS , 1994 .

[15]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[16]  Dipankar Dasgupta,et al.  Tool Breakage Detection in Milling Operations using a Negative-Selection Algorithm , 1995 .

[17]  Fabio A. González,et al.  An immuno-fuzzy approach to anomaly detection , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..

[18]  Samir W. Mahfoud Crowding and Preselection Revisited , 1992, PPSN.

[19]  Jeffrey O. Kephart,et al.  A biologically inspired immune system for computers , 1994 .

[20]  Carlos A. Coello Coello,et al.  A parallel implementation of an artificial immune system to handle constraints in genetic algorithms: preliminary results , 2002, IEEE Congress on Evolutionary Computation.