Cited By
View all- Wu SBanzhaf W(2010)ReviewApplied Soft Computing10.1016/j.asoc.2009.06.01910:1(1-35)Online publication date: 1-Jan-2010
Mining TCP/IP Traffic for Network Intrusion Detection by Using a Distributed Genetic Algorithm
Abstract
The detection of intrusions over computer networks (i.e., network access by non-authorized users) can be cast to the task of detecting anomalous patterns of network traffic. In this case, models of normal traffic have to be determined and compared against the current network traffic. Data mining systems based on Genetic Algorithms can contribute powerful search techniques for the acquisition of patterns of the network traffic from the large amount of data made available by audit tools.
We compare models of network traffic acquired by a system based on a distributed genetic algorithm with the ones acquired by a system based on greedy heuristics. Also we discuss representation change of the network data and its impact over the performances of the traffic models.
Network data made available from the Information Exploration Shootout project and the 1998 DARPA Intrusion Detection Evaluation have been chosen as experimental testbed.
References
[1]
W. Cohen. Fast effective rule induction. In Proceedings of International Machine Learning Conference 1995, Lake Tahoe, CA, 1995. Morgan Kaufmann.
[2]
D. Denning. An intrusion detection model. IEEE Transaction on Software Engineering, SE-13(2):222-232, 1987.
[3]
S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. A sense of self for unix processes. In Proceedings of 1996 IEEE Symposium on Computer Security and Privacy, 1996.
[4]
A. Ghosh, A. Schwartzbard, and M. Schatz. Learning program behavior profiles for intrusion detection. In USENIX Workshop on Intrusion Detection and Network Monitoring. USENIX Association, 1999.
[5]
A. Giordana and F. Neri. Search-intensive concept induction. Evolutionary Computation, 3 (4):375-416, 1995.
[6]
D. Goldberg. Genetic Algorithms in Search, Optimization, and Machine Learning. Addison-Wesley, Reading, Ma, 1989.
[7]
S. A. Hofmeyr, A. Somayaji, and S. Forrest. Intrusion detection using sequences of system calls. Journal of Computer Security, 6:151-180, 1998.
[8]
S. Kumar and E. Spafford. A pattern matching model for misuse detection. In National Computer Security Conference, pages 11-21, Baltimore, 1994.
[9]
T. Lane and C. Brodley. An application of machine learning to anomaly detection. In National Information Systems Security Conference, Baltimore, 1997.
[10]
T. Lane and C. Brodley. Approaches to online learning and conceptual drift for user identification in computer security. Technical report, ECE and the COAST Laboratory, Purdue University, Coast TR 98-12, 1998.
[11]
W. Lee, S. Stolfo, and K. Mok. Mining in a data-flow environment: experience in network intrusion detection. In Knowledge Discovery and Data Mining KDD'99, pages 114-124. ACM Press, 1999.
[12]
R. Lippmann, R. Cunningham, D. Fried, I. Graf, K. Kendall, S. Webster, and M. Zissmann. Results of the DARPA 1998 offline intrusion detection evaluation. In Recent Advances in Intrusion Detection 99, RAID'99, W. Lafayette, IN, 1999. Purdue University.
[13]
R.S. Michalski. A theory and methodology of inductive learning. In R. Michalski, J. Carbonell, and T. Mitchell, editors, Machine Learning, an Artificial Intelligence Approach, volume I, pages 83-134. Morgan Kaufmann, Los Altos, CA, 1983.
[14]
F. Neri and L. Saitta. Exploring the power of genetic search in learning symbolic classifiers. IEEE Trans. on Pattern Analysis and Machine Intelligence, PAMI- 18:1135-1142, 1996.
[15]
M. A. Potter, K. A. De Jong, and J. J. Grefenstette. A coevolutionary approach to learning sequential decision rules. In Sixth International Conference on Genetic Algorithms, pages 366-372, Pittsburgh, PA, 1995. Morgan Kaufmann.
[16]
J. R. Quinlan. C4.5: Programs for Machine Learning. Morgan Kaufmann, California, 1993.
Index Terms
- Mining TCP/IP Traffic for Network Intrusion Detection by Using a Distributed Genetic Algorithm
Recommendations
Mining TCP/IP traffic for network intrusion detection by using a distributed Genetic Algorithm
ECML'00: Proceedings of the 11th European Conference on Machine LearningThe detection of intrusions over computer networks (i.e., network access by non-authorized users) can be cast to the task of detecting anomalous patterns of network traffic. In this case, models of normal traffic have to be determined and compared ...
Modeling TCP/IP network traffic for intrusion detection by genetic evolution
GECCO'00: Proceedings of the 2nd Annual Conference on Genetic and Evolutionary ComputationThe detection of intrusions over computer networks (i.e., network access by non-authorized users) can be cast to the task of detecting anomalous patterns of network traffic. Learning systems based on Genetic Algorithms can contribute powerful search ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 31 May 2000
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 20 Dec 2024
Other Metrics
Citations
Cited By
View all- Wu SBanzhaf W(2010)ReviewApplied Soft Computing10.1016/j.asoc.2009.06.01910:1(1-35)Online publication date: 1-Jan-2010