Evaluating Sequential Combination of Two Light-Weight Genetic Algorithm based Solutions to Intrusion Detection

In this work we have presented a genetic algorithm approach for classifying normal connections and intrusions. We have created a serial combination of two light-weight genetic algorithm-based intrusion detection systems where each of the systems exhibits certain deficiency. In this way we have managed to mitigate the deficiencies of both of them. The model was verified on KDD99 intrusion detection dataset, generating a solution competitive with the solutions reported by the state-ofthe- art, while using small subset of features from the original set that contains forty one features. The most significant features were identified by deploying principal component analysis and multi expression programming. Furthermore, our system is adaptable since it permits retraining by using new data.

[1]  Gary M. Weiss Mining with rarity: a unifying framework , 2004, SKDD.

[2]  Octavio Nieto-Taladriz,et al.  Improving network security using genetic algorithm approach , 2007, Comput. Electr. Eng..

[3]  Ren Hui Gong,et al.  A software implementation of a genetic algorithm based approach to network intrusion detection , 2005, Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing and First ACIS International Workshop on Self-Assembling Wireless Network.

[4]  Chittur,et al.  Model Generation for an Intrusion Detection System Using Genetic Algorithms , 2001 .

[5]  John H. Holland,et al.  Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control, and Artificial Intelligence , 1992 .

[6]  Fabio Roli,et al.  Fusion of multiple classifiers for intrusion detection in computer networks , 2003, Pattern Recognit. Lett..

[7]  John McHugh,et al.  Defending Yourself: The Role of Intrusion Detection Systems , 2000, IEEE Software.

[8]  Hervé Debar,et al.  A serial combination of anomaly and misuse IDSes applied to HTTP traffic , 2004, 20th Annual Computer Security Applications Conference.

[9]  Frédéric Cuppens,et al.  Detecting Known and Novel Network Intrusions , 2006, SEC.

[10]  Charles Elkan,et al.  Results of the KDD'99 classifier learning , 2000, SKDD.

[11]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[12]  Wei Lu,et al.  Detecting New Forms of Network Intrusion Using Genetic Programming , 2004, Comput. Intell..

[13]  John H. Holland,et al.  Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control, and Artificial Intelligence , 1992 .

[14]  David E. Goldberg,et al.  Genetic Algorithms in Search Optimization and Machine Learning , 1988 .

[15]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.