An Intelligent Decision Support System for Intrusion Detection and Response

The paper describes the design of a genetic classifier-based intrusion detection system, which can provide active detection and automated responses during intrusions. It is designed to be a sense and response system that can monitor various activities on the network (i.e. looks for changes such as malfunctions, faults, abnormalities, misuse, deviations, intrusions, etc.). In particular, it simultaneously monitors networked computer's activities at different levels (such as user level, system level, process level and packet level) and use a genetic classifier system in order to determine a specific action in case of any security violation. The objective is to find correlation among the deviated values (from normal) of monitored parameters to determine the type of intrusion and to generate an action accordingly. We performed some experiments to evolve set of decision rules based on the significance of monitored parameters in Unix environment, and tested for validation.

[1]  T.F. Lunt,et al.  Real-time intrusion detection , 1989, Digest of Papers. COMPCON Spring 89. Thirty-Fourth IEEE Computer Society International Conference: Intellectual Leverage.

[2]  Jeffrey Horn,et al.  Handbook of evolutionary computation , 1997 .

[3]  Erland Jonsson,et al.  An Approach to UNIX Security Logging 1 , 1998 .

[4]  Dipankar Dasgupta Immunity-Based Intrusion Detection System: A General Framework , 1999 .

[5]  Marc Dacier,et al.  A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.

[6]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[7]  Harold Joseph Highland,et al.  The 17th NSCS abstructArtificial Intelligence and Intrusion Detection: Current and Future Directions : Jeremy Frank, University of California, Davis, CA , 1995 .

[8]  David E. Goldberg,et al.  Genetic Algorithms in Search Optimization and Machine Learning , 1988 .

[9]  Eugene H. Spafford,et al.  Applying Genetic Programming to Intrusion Detection , 1995 .

[10]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[11]  Dipankar Dasgupta,et al.  Metacognition in Software Agents Using Classifier Systems , 1998, AAAI/IAAI.

[12]  Eugene H. Spafford,et al.  Defending a Computer System Using Autonomous Agents , 1995 .

[13]  D. E. Goldberg,et al.  Genetic Algorithms in Search , 1989 .

[14]  B. G. de Boer,et al.  Classifier systems: a useful approach to machine learning? , 1994 .

[15]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[16]  M. E. R. “If” , 1921, Definitions.

[17]  Zbigniew Michalewicz,et al.  Evolutionary Algorithms in Engineering Applications , 1997, Springer Berlin Heidelberg.

[18]  D. E. Goldberg,et al.  Genetic Algorithms in Search, Optimization & Machine Learning , 1989 .

[19]  Stefan Axelsson,et al.  An Approach to UNIX Security Logging , 1998 .