As malicious intrusions (commonly termed " hacks ") into computer systems have become a growing problem, the need for accurately detecting these intrusions has risen. This paper presents a novel approach to detecting these intrusions by using a complex artificial intelligence method known as a genetic algorithm applied to an Intrusion Detection System. For this experiment, a genetic algorithm was written to learn how to detect malicious intrusions and separate them from normal use. The algorithm was then tested in a real-world simulation to gauge its effectiveness under unpredictable conditions. Abstract This experiment analyzed the effectiveness of a genetic algorithm applied to the detection of computer intrusions and malicious computer behavior. The use of genetic algorithms to detect malicious computer behavior is a novel approach to the computer network intrusion detection problem presented in designing an Intrusion Detection System. A genetic algorithm is a method of artificial intelligence problem-solving based on the theory of Darwinian evolution applied to mathematical models. The genetic algorithm designed for this experiment promoted a high detection rate of malicious behavior and a low false positive rate of normal behavior classified as malicious. The genetic algorithm was given " training data " from which an empirical model of malicious computer behavior was generated. This model was then tested over previously unseen data to gauge its real-world performance. The results presented show that the genetic algorithm was successfully able to generate an accurate empirical behavioral model from training data and then able to successfully apply this empirical knowledge to data never seen before. The final model produced had an overall accuracy level of 97.8%, which showed both a high detection rate and an extremely low false positive rate. From these results, it was concluded that genetic algorithms are a viable method for empirical model generation for computer intrusion detection. Genetic algorithms are now a possible alternative for the detection of malicious intrusions.
[1]
John R. Koza,et al.
Genetic programming - on the programming of computers by means of natural selection
,
1993,
Complex adaptive systems.
[2]
Eugene H. Spafford,et al.
Applying Genetic Programming to Intrusion Detection
,
1995
.
[3]
Salvatore J. Stolfo,et al.
Mining Audit Data to Build Intrusion Detection Models
,
1998,
KDD.
[4]
Terran Lane,et al.
Filtering Techniques for Rapid User Classification
,
1998
.
[5]
Sara Matzner,et al.
An application of machine learning to network intrusion detection
,
1999,
Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).
[6]
John J. Grefenstette,et al.
Evolutionary Algorithms for Reinforcement Learning
,
1999,
J. Artif. Intell. Res..
[7]
Salvatore J. Stolfo,et al.
Cost-based modeling for fraud and intrusion detection: results from the JAM project
,
2000,
Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.
[8]
Richard Lippmann,et al.
The 1999 DARPA off-line intrusion detection evaluation
,
2000,
Comput. Networks.
[9]
Salvatore J. Stolfo,et al.
Adaptive Model Generation for Intrusion Detection Systems
,
2000
.
[10]
Salvatore J. Stolfo,et al.
Modeling system calls for intrusion detection with dynamic window sizes
,
2001,
Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.
[11]
Salvatore J. Stolfo,et al.
Real time data mining-based intrusion detection
,
2001,
Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.