Evolving Fuzzy Classifiers for Intrusion Detection

The normal and the abnormal behaviors in networked computers are hard to predict as the boundaries cannot be well defined. This prediction process may generate false alarms in many anomaly based intrusion detection systems. However, with fuzzy logic, the false alarm rate in determining intrusive activities can be reduced; a set of fuzzy rules (non-crisp fuzzy classifiers) can be used to define the normal and abnormal behavior in a computer network, and a fuzzy inference algorithm can be applied over such rules to determine when an intrusion is in progress. The main problem with this approach is to generate good fuzzy classifiers to detect intrusions. This paper proposes a technique to generate fuzzy classifiers using genetic algorithms that can detect anomalies and some specific intrusions. The main idea is to evolve two rules, one for the normal class and other for the abnormal class using a profile data set (a preprocessed DARPA data set is used (1)) with information related to the computer network during the normal behavior and during intrusive (abnormal) behavior. This paper exhibits some results and reports the performance of evolved fuzzy classifiers in intrusion detection.

[1]  D. Dasgupta,et al.  Mobile security agents for network traffic analysis , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[2]  Wei-Yin Loh,et al.  A Comparison of Prediction Accuracy, Complexity, and Training Time of Thirty-Three Old and New Classification Algorithms , 2000, Machine Learning.

[3]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[4]  Eugene H. Spafford,et al.  Applying Genetic Programming to Intrusion Detection , 1995 .

[5]  Graham J. Williams,et al.  On-line unsupervised outlier detection using finite mixtures with discounting learning algorithms , 2000, KDD '00.

[6]  Jonatan Gómez,et al.  Using Competitive Operators and a Local Selection Scheme in Genetic Search , 2002, GECCO Late Breaking Papers.

[7]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[8]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[9]  Salvatore J. Stolfo,et al.  Mining Audit Data to Build Intrusion Detection Models , 1998, KDD.

[10]  Graham J. Williams,et al.  On-Line Unsupervised Outlier Detection Using Finite Mixtures with Discounting Learning Algorithms , 2000, KDD '00.

[11]  Arthur B. Maccabe,et al.  The architecture of a network level intrusion detection system , 1990 .

[12]  Tom Fawcett,et al.  Analysis and Visualization of Classifier Performance: Comparison under Imprecise Class and Cost Distributions , 1997, KDD.

[13]  Lotfi A. Zadeh,et al.  Fuzzy Sets , 1996, Inf. Control..

[14]  Hisao Ishibuchi,et al.  Linguistic Rule Extraction by Genetics-Based Machine Learning , 2000, GECCO.

[15]  Salvatore J. Stolfo,et al.  Using artificial anomalies to detect unknown and known network intrusions , 2003, Knowledge and Information Systems.

[16]  William L. Fithen,et al.  State of the Practice of Intrusion Detection Technologies , 2000 .

[17]  Susan M. Bridges,et al.  FUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED TO INTRUSION DETECTION , 2002 .

[18]  J. Juan Liu,et al.  An extended genetic rule induction algorithm , 2000, CEC.

[19]  Marc Dacier,et al.  Intrusion detection , 1999, Comput. Networks.

[20]  Sushil Jajodia,et al.  Enhancing Profiles for Anomaly Detection Using Time Granularities , 2002, J. Comput. Secur..

[21]  O. Nasraoui,et al.  Complete expression trees for evolving fuzzy classifier systems with genetic algorithms and application to network intrusion detection , 2002, 2002 Annual Meeting of the North American Fuzzy Information Processing Society Proceedings. NAFIPS-FLINT 2002 (Cat. No. 02TH8622).

[22]  Ron Kohavi,et al.  The Case against Accuracy Estimation for Comparing Induction Algorithms , 1998, ICML.

[23]  Alex Alves Freitas,et al.  Discovering comprehensible classification rules by using Genetic Programming: a case study in a medical domain , 1999, GECCO.