Development of an Evolutionary Framework for Autonomous Rule Creation for Intrusion Detection

Network intrusion detection system (IDS) plays a major role in any security based architecture. Various IDS have been developed to detect the intrusions that occur in the real world. The most commonly used network security tool used is Snort IDS. Snort is a rule-based system that generates alerts for the matching network patterns. Most of the rules stored in the Snort database fail to generate alerts for real network traffic. It is necessary to create rules that detect the attacks efficiently. In this paper we have made an attempt to autonomously generate rules using the evolutionary approach. The rules produced were tested for Darpa 1999, ISCX 2012 and ICMP network packets and were able to detect attacks with a high detection rate.

[1]  Lih-Chyau Wuu,et al.  Building intrusion pattern miner for snort network intrusion detection system , 2003, IEEE 37th Annual 2003 International Carnahan Conference onSecurity Technology, 2003. Proceedings..

[2]  Qing-Wei Liu,et al.  Intrusion scenarios detection based on data mining , 2008, 2008 International Conference on Machine Learning and Cybernetics.

[3]  Hao Wang,et al.  NetSpy: Automatic Generation of Spyware Signatures for NIDS , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[4]  Maria Dolores Gil Montoya,et al.  A Multi-Objective Evolutionary Algorithm for Network Intrusion Detection Systems , 2011, IWANN.

[5]  Maria Dolores Gil Montoya,et al.  A Pareto-based multi-objective evolutionary algorithm for automatic rule generation in network intrusion detection systems , 2013, Soft Comput..

[6]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[7]  Ying Chen,et al.  Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes , 2007, IEEE Transactions on Dependable and Secure Computing.

[8]  Jim Alves-Foss,et al.  Autonomous rule creation for intrusion detection , 2011, 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[9]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[10]  Saiyan Saiyod,et al.  Improving Intrusion Detection System based on Snort rules for network probe attack detection , 2014, 2014 2nd International Conference on Information and Communication Technology (ICoICT).

[11]  Rakesh Agarwal,et al.  Fast Algorithms for Mining Association Rules , 1994, VLDB 1994.