A Pareto-based multi-objective evolutionary algorithm for automatic rule generation in network intrusion detection systems

Attacks against computer systems are becoming more complex, making it necessary to continually improve the security systems, such as intrusion detection systems which provide security for computer systems by distinguishing between hostile and non-hostile activity. Intrusion detection systems are usually classified into two main categories according to whether they are based on misuse (signature-based) detection or on anomaly detection. With the aim of minimizing the number of wrong decisions, a new Pareto-based multi-objective evolutionary algorithm is used to optimize the automatic rule generation of a signature-based intrusion detection system (IDS). This optimizer, included within a network IDS, has been evaluated using a benchmark dataset and real traffic of a Spanish university. The results obtained in this real application show the advantages of using this multi-objective approach.

[1]  Kiyoshi Kobayashi,et al.  Minimizing False Positives of a Decision Tree Classifier for Intrusion Detection on the Internet , 2008, Journal of Network and Systems Management.

[2]  A. Halim Zaim,et al.  A hybrid intrusion detection system design for computer network security , 2009, Comput. Electr. Eng..

[3]  Kevin P. Anchor,et al.  Extending the Computer Defense Immune System : Network Intrusion Detection with a Multiobjective Evolutionary Programming Approach , 2002 .

[4]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[5]  Gary B. Lamont,et al.  Multi-objective Mobile Network Anomaly Intrusion , 2006 .

[6]  Arthur B. Maccabe,et al.  The architecture of a network level intrusion detection system , 1990 .

[7]  Peter Mell,et al.  NIST Special Publication on Intrusion Detection Systems , 2001 .

[8]  Jesus E. Diaz-Verdejo,et al.  A Snort-based approach for the development and deployment of hybrid IDS , 2007, IEEE Latin America Transactions.

[9]  Lih-Chyau Wuu,et al.  Building intrusion pattern miner for snort network intrusion detection system , 2003, IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings..

[10]  Nong Ye,et al.  Statistical process control for computer intrusion detection , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[11]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[12]  Jay Beale,et al.  Snort 2.1 Intrusion Detection, Second Edition , 2004 .

[13]  A. S. Sodiya,et al.  Issue S in Informing Science and Information Technology a Strategic Review of Existing Mobile Agent- Based Intrusion Detection Systems , 2022 .

[14]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[15]  Ben Soh,et al.  Incorporating Data Mining Tools into a New Hybrid-IDS to Detect Known and Unknown Attacks , 2006, UIC.

[16]  James C. Foster,et al.  Intrusion Detection Systems , 2004 .

[17]  Consolación Gil,et al.  Design of a Snort-Based Hybrid Intrusion Detection System , 2009, IWANN.

[18]  Maria Dolores Gil Montoya,et al.  A Multi-Objective Evolutionary Algorithm for Network Intrusion Detection Systems , 2011, IWANN.

[19]  Ying Chen,et al.  Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes , 2007, IEEE Transactions on Dependable and Secure Computing.

[20]  P. Hajela,et al.  Genetic search strategies in multicriterion optimal design , 1991 .

[21]  Peter Mell,et al.  Intrusion Detection Systems , 2001 .

[22]  Pokkuluri Kiran Sree,et al.  Power-Aware Hybrid Intrusion Detection System (PHIDS) using Cellular Automata in Wireless AdHoc Networks , 2013, ArXiv.

[23]  Gary B. Lamont,et al.  Evolutionary Algorithms for Solving Multi-Objective Problems , 2002, Genetic Algorithms and Evolutionary Computation.

[24]  Sushil Jajodia,et al.  Detecting Novel Network Intrusions Using Bayes Estimators , 2001, SDM.

[25]  Lothar Thiele,et al.  Multiobjective evolutionary algorithms: a comparative case study and the strength Pareto approach , 1999, IEEE Trans. Evol. Comput..

[26]  Gary B. Lamont,et al.  Evolutionary Algorithms for Solving Multi-Objective Problems (Genetic and Evolutionary Computation) , 2006 .

[27]  Prabhat Hajela,et al.  Genetic search strategies in multicriterion optimal design , 1991 .

[28]  David E. Goldberg,et al.  Genetic Algorithms in Search Optimization and Machine Learning , 1988 .

[29]  WenJie Tian,et al.  Network intrusion detection analysis with neural network and particle swarm optimization algorithm , 2010, 2010 Chinese Control and Decision Conference.

[30]  Arputharaj Kannan,et al.  A genetic-algorithm based neural network short-term forecasting framework for database intrusion prediction system , 2006, Soft Comput..

[31]  Gilbert L. Peterson,et al.  An Artificial Immune System-Inspired Multiobjective Evolutionary Algorithm with Application to the Detection of Distributed Computer Network Intrusions , 2007, ICARIS.