A genetic clustering technique for Anomaly-based Intrusion Detection Systems

The Security of network resources, computer systems and data has become a great issue resulting from the advent of the internet and the threats that comes with it. To ensure a good level of security, Intrusion Detection Systems (IDS) have been widely deployed and many techniques to detect, identify and classify attacks have been proposed, developed and tested either offline or online. In this paper, we propose a clustering-based detection technique using a genetic algorithm named Genetic Clustering for Anomaly-based Detection (GC-AD). GC-AD uses a dissimilarity measure to form k clusters. It, then, applies a genetic process where each chromosome represents the centroids of the k clusters. A two-stage fitness function is proposed. i) We introduce a confidence interval to refine the clusters in order to obtain partitions that are more homogeneous. ii) We compute and maximize the inter-cluster variance over the generations. The accuracy of our technique is tested on different subset from KDD99 dataset. The results are discussed and compared to k-means clustering algorithm.

[1]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[2]  Amr M. Gody,et al.  Relevant Feature Selection Model Using Data Mining for Intrusion Detection System , 2014, ArXiv.

[3]  Georg Carle,et al.  Traffic Anomaly Detection Using K-Means Clustering , 2007 .

[4]  Zbigniew Michalewicz,et al.  An Experimental Comparison of Binary and Floating Point Representations in Genetic Algorithms , 1991, ICGA.

[5]  Payel Gupta,et al.  Genetic Algorithm Technique Used to Detect Intrusion Detection , 2011 .

[6]  Juan E. Tapiador,et al.  Anomaly detection methods in wired networks: a survey and taxonomy , 2004, Comput. Commun..

[7]  Sabine Fenstermacher,et al.  Genetic Algorithms Data Structures Evolution Programs , 2016 .

[8]  Ali S. Hadi,et al.  Finding Groups in Data: An Introduction to Chster Analysis , 1991 .

[9]  Dorothea Heiss-Czedik,et al.  An Introduction to Genetic Algorithms. , 1997, Artificial Life.

[10]  Santosh Kumar,et al.  Genetic Algorithms in Intrusion Detection Systems: A Survey , 2014 .

[11]  Zbigniew Michalewicz,et al.  Genetic Algorithms + Data Structures = Evolution Programs , 1996, Springer Berlin Heidelberg.

[12]  Wei Li,et al.  Using Genetic Algorithm for Network Intrusion Detection , 2004 .

[13]  Gary B. Lamont,et al.  Evolutionary Algorithms for Solving Multi-Objective Problems , 2002, Genetic Algorithms and Evolutionary Computation.

[14]  Li Guo,et al.  Survey and Taxonomy of Feature Selection Algorithms in Intrusion Detection System , 2006, Inscrypt.

[15]  David E. Goldberg,et al.  Genetic Algorithms in Search Optimization and Machine Learning , 1988 .

[16]  Malcolm I. Heywood,et al.  Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 , 2005, PST.

[17]  Peter J. Rousseeuw,et al.  Finding Groups in Data: An Introduction to Cluster Analysis , 1990 .

[18]  Jaideep Srivastava,et al.  A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection , 2003, SDM.

[19]  Neha Tripathi,et al.  A Survey on Intrusion Detection Systems , 2015 .

[20]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.