An evolutionary approach to generate fuzzy anomaly (attack) signatures

We describe the generation of fuzzy signatures to detect some cyber attacks. This approach is an enhancement to our previous work, which was based on the principle of negative selection for generating anomaly detectors using genetic algorithms. The present work includes a different genetic representation scheme for evolving efficient fuzzy detectors. To determine the performance of the proposed approach, which is named Evolving Fuzzy Rule Detectors (EFR), experiments were conducted with three different data sets. One data set contains wireless data, generated using network simulator (NS2) while the other two data sets are publicly available (from Lincoln Lab). Results exhibited that the proposed approach outperformed the previous techniques.

[1]  Fabio A. González,et al.  An immunity-based technique to characterize intrusions in computer networks , 2002, IEEE Trans. Evol. Comput..

[2]  D. Dasgupta,et al.  Combining negative selection and classification techniques for anomaly detection , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[3]  Ralph R. Martin,et al.  A Sequential Niche Technique for Multimodal Function Optimization , 1993, Evolutionary Computation.

[4]  Fabio A. González,et al.  An Imunogenetic Technique To Detect Anomalies In Network Traffic , 2002, GECCO.

[5]  D. Dasgupta Artificial Immune Systems and Their Applications , 1998, Springer Berlin Heidelberg.

[6]  Samir W. Mahfoud Crowding and Preselection Revisited , 1992, PPSN.

[7]  Jeffrey O. Kephart,et al.  A biologically inspired immune system for computers , 1994 .

[8]  Jonatan Gómez,et al.  Evolving Fuzzy Classifiers for Intrusion Detection , 2002 .

[9]  Salvatore J. Stolfo,et al.  Using artificial anomalies to detect unknown and known network intrusions , 2003, Knowledge and Information Systems.

[10]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  C. A. Coello Coello,et al.  A parallel implementation of an artificial immune system to handle constraints in genetic algorithms: preliminary results , 2002, Proceedings of the 2002 Congress on Evolutionary Computation. CEC'02 (Cat. No.02TH8600).

[12]  A.M. Tyrell,et al.  Computer know thy self!: a biological way to look at fault-tolerance , 1999, Proceedings 25th EUROMICRO Conference. Informatics: Theory and Practice for the New Millennium.

[13]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[14]  Ron Kohavi,et al.  The Case against Accuracy Estimation for Comparing Induction Algorithms , 1998, ICML.

[15]  Gregg H. Gunsch,et al.  An artificial immune system architecture for computer security applications , 2002, IEEE Trans. Evol. Comput..

[16]  D. Dasgupta,et al.  A MORE BIOLOGICALLY MOTIVATED GENETIC ALGORITHM: THE MODEL AND SOME RESULTS , 1994 .

[17]  Dipankar Dasgupta,et al.  An Anomaly Entection Algorithm Inspired by the Immune Syste , 1999 .

[18]  Fabio A. González,et al.  An immuno-fuzzy approach to anomaly detection , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..