Due to our increased dependence on Internet and growing number of intrusion incidents, building effective intrusion detection systems are essential for protecting Internet resources and yet it is a great challenge. In...Due to our increased dependence on Internet and growing number of intrusion incidents, building effective intrusion detection systems are essential for protecting Internet resources and yet it is a great challenge. In literature, many researchers utilized Artificial Neural Networks (ANN) in supervised learning based intrusion detection successfully. Here, ANN maps the network traffic into predefined classes i.e. normal or specific attack type based upon training from label dataset. However, for ANN-based IDS, detection rate (DR) and false positive rate (FPR) are still needed to be improved. In this study, we propose an ensemble approach, called MANNE, for ANN-based IDS that evolves ANNs by Multi Objective Genetic algorithm to solve the problem. It helps IDS to achieve high DR, less FPR and in turn high intrusion detection capability. The procedure of MANNE is as follows: firstly, a Pareto front consisting of a set of non-dominated ANN solutions is created using MOGA, which formulates the base classifiers. Subsequently, based upon this pool of non-dominated ANN solutions as base classifiers, another Pareto front consisting of a set of non-dominated ensembles is created which exhibits classification tradeoffs. Finally, prediction aggregation is done to get final ensemble prediction from predictions of base classifiers. Experimental results on the KDD CUP 1999 dataset show that our proposed ensemble approach, MANNE, outperforms ANN trained by Back Propagation and its ensembles using bagging & boosting methods in terms of defined performance metrics. We also compared our approach with other well-known methods such as decision tree and its ensembles using bagging & boosting methods.展开更多
The complexity of cloud environments challenges secure resource management,especially for intrusion detection systems(IDS).Existing strategies struggle to balance efficiency,cost fairness,and threat resilience.This pa...The complexity of cloud environments challenges secure resource management,especially for intrusion detection systems(IDS).Existing strategies struggle to balance efficiency,cost fairness,and threat resilience.This paper proposes an innovative approach to managing cloud resources through the integration of a genetic algorithm(GA)with a“double auction”method.This approach seeks to enhance security and efficiency by aligning buyers and sellers within an intelligent market framework.It guarantees equitable pricing while utilizing resources efficiently and optimizing advantages for all stakeholders.The GA functions as an intelligent search mechanism that identifies optimal combinations of bids from users and suppliers,addressing issues arising from the intricacies of cloud systems.Analyses proved that our method surpasses previous strategies,particularly in terms of price accuracy,speed,and the capacity to manage large-scale activities,critical factors for real-time cybersecurity systems,such as IDS.Our research integrates artificial intelligence-inspired evolutionary algorithms with market-driven methods to develop intelligent resource management systems that are secure,scalable,and adaptable to evolving risks,such as process innovation.展开更多
Genetic algorithm(GA) has received significant attention for the design and implementation of intrusion detection systems. In this paper, it is proposed to use variable length chromosomes(VLCs) in a GA-based network i...Genetic algorithm(GA) has received significant attention for the design and implementation of intrusion detection systems. In this paper, it is proposed to use variable length chromosomes(VLCs) in a GA-based network intrusion detection system.Fewer chromosomes with relevant features are used for rule generation. An effective fitness function is used to define the fitness of each rule. Each chromosome will have one or more rules in it. As each chromosome is a complete solution to the problem, fewer chromosomes are sufficient for effective intrusion detection. This reduces the computational time. The proposed approach is tested using Defense Advanced Research Project Agency(DARPA) 1998 data. The experimental results show that the proposed approach is efficient in network intrusion detection.展开更多
Anomaly classification based on network traffic features is an important task to monitor and detect network intrusion attacks.Network-based intrusion detection systems(NIDSs)using machine learning(ML)methods are effec...Anomaly classification based on network traffic features is an important task to monitor and detect network intrusion attacks.Network-based intrusion detection systems(NIDSs)using machine learning(ML)methods are effective tools for protecting network infrastructures and services from unpredictable and unseen attacks.Among several ML methods,random forest(RF)is a robust method that can be used in ML-based network intrusion detection solutions.However,the minimum number of instances for each split and the number of trees in the forest are two key parameters of RF that can affect classification accuracy.Therefore,optimal parameter selection is a real problem in RF-based anomaly classification of intrusion detection systems.In this paper,we propose to use the genetic algorithm(GA)for selecting the appropriate values of these two parameters,optimizing the RF classifier and improving the classification accuracy of normal and abnormal network traffics.To validate the proposed GA-based RF model,a number of experiments is conducted on two public datasets and evaluated using a set of performance evaluation measures.In these experiments,the accuracy result is compared with the accuracies of baseline ML classifiers in the recent works.Experimental results reveal that the proposed model can avert the uncertainty in selection the values of RF’s parameters,improving the accuracy of anomaly classification in NIDSs without incurring excessive time.展开更多
An intrusion detection (ID) model is proposed based on the fuzzy data mining method. A major difficulty of anomaly ID is that patterns of the normal behavior change with time. In addition, an actual intrusion with a...An intrusion detection (ID) model is proposed based on the fuzzy data mining method. A major difficulty of anomaly ID is that patterns of the normal behavior change with time. In addition, an actual intrusion with a small deviation may match normal patterns. So the intrusion behavior cannot be detected by the detection system.To solve the problem, fuzzy data mining technique is utilized to extract patterns representing the normal behavior of a network. A set of fuzzy association rules mined from the network data are shown as a model of “normal behaviors”. To detect anomalous behaviors, fuzzy association rules are generated from new audit data and the similarity with sets mined from “normal” data is computed. If the similarity values are lower than a threshold value,an alarm is given. Furthermore, genetic algorithms are used to adjust the fuzzy membership functions and to select an appropriate set of features.展开更多
Intrusion detection is a serious and complex problem.Undoubtedly due to a large number of attacks around the world,the concept of intrusion detection has become very important.This research proposes a multilayer bioin...Intrusion detection is a serious and complex problem.Undoubtedly due to a large number of attacks around the world,the concept of intrusion detection has become very important.This research proposes a multilayer bioinspired feature selection model for intrusion detection using an optimized genetic algorithm.Furthermore,the proposed multilayer model consists of two layers(layers 1 and 2).At layer 1,three algorithms are used for the feature selection.The algorithms used are Particle Swarm Optimization(PSO),Grey Wolf Optimization(GWO),and Firefly Optimization Algorithm(FFA).At the end of layer 1,a priority value will be assigned for each feature set.At layer 2 of the proposed model,the Optimized Genetic Algorithm(GA)is used to select one feature set based on the priority value.Modifications are done on standard GA to perform optimization and to fit the proposed model.The Optimized GA is used in the training phase to assign a priority value for each feature set.Also,the priority values are categorized into three categories:high,medium,and low.Besides,the Optimized GA is used in the testing phase to select a feature set based on its priority.The feature set with a high priority will be given a high priority to be selected.At the end of phase 2,an update for feature set priority may occur based on the selected features priority and the calculated F-Measures.The proposed model can learn and modify feature sets priority,which will be reflected in selecting features.For evaluation purposes,two well-known datasets are used in these experiments.The first dataset is UNSW-NB15,the other dataset is the NSL-KDD.Several evaluation criteria are used,such as precision,recall,and F-Measure.The experiments in this research suggest that the proposed model has a powerful and promising mechanism for the intrusion detection system.展开更多
Recently machine learning-based intrusion detection approaches have been subjected to extensive researches because they can detect both misuse and anomaly. In this paper, rough set classification (RSC), a modern learn...Recently machine learning-based intrusion detection approaches have been subjected to extensive researches because they can detect both misuse and anomaly. In this paper, rough set classification (RSC), a modern learning algorithm, is used to rank the features extracted for detecting intrusions and generate intrusion detection models. Feature ranking is a very critical step when building the model. RSC performs feature ranking before generating rules, and converts the feature ranking to minimal hitting set problem addressed by using genetic algorithm (GA). This is done in classical approaches using Support Vector Machine (SVM) by executing many iterations, each of which removes one useless feature. Compared with those methods, our method can avoid many iterations. In addition, a hybrid genetic algorithm is proposed to increase the convergence speed and decrease the training time of RSC. The models generated by RSC take the form of'IF-THEN' rules, which have the advantage of explication. Tests and comparison of RSC with SVM on DARPA benchmark data showed that for Probe and DoS attacks both RSC and SVM yielded highly accurate results (greater than 99% accuracy on testing set).展开更多
In this paper, we propose an analogy based immune recognition method that focuses on the implement of the clone selection process and the negative selection process by means of analogy similarity. This method is appli...In this paper, we propose an analogy based immune recognition method that focuses on the implement of the clone selection process and the negative selection process by means of analogy similarity. This method is applied in an IDS (Intrusion Detection System) following several steps. Firstly, the initial abnormal behaviours sample set is optimized through the combining of the AIS (Artificial Immune System) and the genetic algorithm. Then, the abnormity probability algorithm is raised considering the two sides of abnormality and normality. Finally, an intrusion detection system model is established based on the above algorithms and models.展开更多
Support vector machine (SVM) technique has recently become a research focus in intrusion detection field for its better generalization performance when given less priori knowledge than other soft-computing techniques....Support vector machine (SVM) technique has recently become a research focus in intrusion detection field for its better generalization performance when given less priori knowledge than other soft-computing techniques. But the randomicity of parameter selection in its implement often prevents it achieving expected performance. By utilizing genetic algorithm (GA) to optimize the parameters in data preprocessing and the training model of SVM simultaneously, a hybrid optimization algorithm is proposed in the paper to address this problem. The experimental results demonstrate that it’s an effective method and can improve the performance of SVM-based intrusion detection system further.展开更多
It's very difficult tha t the traditional intrusion detection methods based on accurate match adapt to the blur and uncertainty of user information and expert knowledge, it results in f...It's very difficult tha t the traditional intrusion detection methods based on accurate match adapt to the blur and uncertainty of user information and expert knowledge, it results in failing to report the variations of attack signature. In addition security itself includes fuzziness, the judgment standard of confidentiality, integrity and availability of system resource is uncertain. In this paper fuzzy intrusion detection based on partial match is presented to detect some types of attacks availably and alleviate some of the difficulties of above approaches, the architecture of fuzzy intrusion detection system(FIDS) is introduced and its performance is analyzed.展开更多
Due to the ever growing number of cyber attacks, especially of the online systems, development and operation of adaptive Intrusion Detection Systems (IDSs) is badly needed so as to protect these systems. It remains as...Due to the ever growing number of cyber attacks, especially of the online systems, development and operation of adaptive Intrusion Detection Systems (IDSs) is badly needed so as to protect these systems. It remains as a goal of paramount importance to achieve and a serious challenge to address. Different selection methods have been developed and implemented in Genetic Algorithms (GAs) to enhance the rate of detection of the IDSs. In this respect, the present study employed the eXtended Classifier System (XCS) for detection of intrusions by matching the incoming environmental message (packet) with a classifiers pool to determine whether the incoming message is a normal request or an intrusion. Fuzzy Clustering by Local Approximation Membership (FLAME) represents the new selection method used in GAs. In this study, Genetic Algorithm with FLAME selection (FGA) was used as a production engine for the XCS. For comparison purposes, different selection methods were compared with FLAME selection and all experiments and evaluations were performed by using the KDD’99 dataset.展开更多
Information systems are one of the most rapidly changing and vulnerable systems, where security is a major issue. The number of security-breaking attempts originating inside organizations is increasing steadily. Attac...Information systems are one of the most rapidly changing and vulnerable systems, where security is a major issue. The number of security-breaking attempts originating inside organizations is increasing steadily. Attacks made in this way, usually done by "authorized" users of the system, cannot be immediately traced. Because the idea of filtering the traffic at the entrance door, by using firewalls and the like, is not completely successful, the use of intrusion detection systems should be considered to increase the defense capacity of an information system. An intrusion detection system (IDS) is usually working in a dynamically changing environment, which forces continuous tuning of the intrusion detection model, in order to maintain sufficient performance. The manual tuning process required by current IDS depends on the system operators in working out the tuning solution and in integrating it into the detection model. Furthermore, an extensive effort is required to tackle the newly evolving attacks and a deep study is necessary to categorize it into the respective classes. To reduce this dependence, an automatically evolving anomaly IDS using neuro-genetic algorithm is presented. The proposed system automatically tunes the detection model on the fly according to the feedback provided by the system operator when false predictions are encountered. The system has been evaluated using the Knowledge Discovery in Databases Conference (KDD 2009) intrusion detection dataset. Genetic paradigm is employed to choose the predominant features, which reveal the occurrence of intrusions. The neuro-genetic IDS (NGIDS) involves calculation of weightage value for each of the categorical attributes so that data of uniform representation can be processed by the neuro-genetic algorithm. In this system unauthorized invasion of a user are identified and newer types of attacks are sensed and classified respectively by the neuro-genetic algorithm. The experimental results obtained in this work show that the system achieves improvement in terms of misclassification cost when compared with conventional IDS. The results of the experiments show that this system can be deployed based on a real network or database environment for effective prediction of both normal attacks and new attacks.展开更多
The wireless ad-hoc networks are decentralized networks with a dynamic topology that allows for end-to-end communications via multi-hop routing operations with several nodes collaborating themselves,when the destinati...The wireless ad-hoc networks are decentralized networks with a dynamic topology that allows for end-to-end communications via multi-hop routing operations with several nodes collaborating themselves,when the destination and source nodes are not in range of coverage.Because of its wireless type,it has lot of security concerns than an infrastructure networks.Wormhole attacks are one of the most serious security vulnerabilities in the network layers.It is simple to launch,even if there is no prior network experience.Signatures are the sole thing that preventive measures rely on.Intrusion detection systems(IDS)and other reactive measures detect all types of threats.The majority of IDS employ features from various network layers.One issue is calculating a huge layered features set from an ad-hoc network.This research implements genetic algorithm(GA)-based feature reduction intrusion detection approaches to minimize the quantity of wireless feature sets required to identify worm hole attacks.For attack detection,the reduced feature set was put to a fuzzy logic system(FLS).The performance of proposed model was compared with principal component analysis(PCA)and statistical parametric mapping(SPM).Network performance analysis like delay,packet dropping ratio,normalized overhead,packet delivery ratio,average energy consumption,throughput,and control overhead are evaluated and the IDS performance parameters like detection ratio,accuracy,and false alarm rate are evaluated for validation of the proposed model.The proposed model achieves 95.5%in detection ratio with 96.8%accuracy and produces very less false alarm rate(FAR)of 14%when compared with existing techniques.展开更多
针对入侵检测中数据特征维度高的问题,提出了改进粒子群联合禁忌搜索(IPSO-TS)的特征选择算法。采用遗传算子对粒子群算法进行了改进,得到了特征选择初始最优解;对该解进行禁忌搜索(TS)得到了特征子集的全局优化解。基于KDD CUP 99数据...针对入侵检测中数据特征维度高的问题,提出了改进粒子群联合禁忌搜索(IPSO-TS)的特征选择算法。采用遗传算子对粒子群算法进行了改进,得到了特征选择初始最优解;对该解进行禁忌搜索(TS)得到了特征子集的全局优化解。基于KDD CUP 99数据集的实验结果表明,相较遗传算子整合粒子群算法(CMPSO)、粒子群算法(PSO)和粒子群联合禁忌算法,IPSO-TS减少了至少29.2%的特征,缩短了至少15%的平均检测时间,提高了至少2.96%的平均分类准确率。展开更多
文摘Due to our increased dependence on Internet and growing number of intrusion incidents, building effective intrusion detection systems are essential for protecting Internet resources and yet it is a great challenge. In literature, many researchers utilized Artificial Neural Networks (ANN) in supervised learning based intrusion detection successfully. Here, ANN maps the network traffic into predefined classes i.e. normal or specific attack type based upon training from label dataset. However, for ANN-based IDS, detection rate (DR) and false positive rate (FPR) are still needed to be improved. In this study, we propose an ensemble approach, called MANNE, for ANN-based IDS that evolves ANNs by Multi Objective Genetic algorithm to solve the problem. It helps IDS to achieve high DR, less FPR and in turn high intrusion detection capability. The procedure of MANNE is as follows: firstly, a Pareto front consisting of a set of non-dominated ANN solutions is created using MOGA, which formulates the base classifiers. Subsequently, based upon this pool of non-dominated ANN solutions as base classifiers, another Pareto front consisting of a set of non-dominated ensembles is created which exhibits classification tradeoffs. Finally, prediction aggregation is done to get final ensemble prediction from predictions of base classifiers. Experimental results on the KDD CUP 1999 dataset show that our proposed ensemble approach, MANNE, outperforms ANN trained by Back Propagation and its ensembles using bagging & boosting methods in terms of defined performance metrics. We also compared our approach with other well-known methods such as decision tree and its ensembles using bagging & boosting methods.
文摘The complexity of cloud environments challenges secure resource management,especially for intrusion detection systems(IDS).Existing strategies struggle to balance efficiency,cost fairness,and threat resilience.This paper proposes an innovative approach to managing cloud resources through the integration of a genetic algorithm(GA)with a“double auction”method.This approach seeks to enhance security and efficiency by aligning buyers and sellers within an intelligent market framework.It guarantees equitable pricing while utilizing resources efficiently and optimizing advantages for all stakeholders.The GA functions as an intelligent search mechanism that identifies optimal combinations of bids from users and suppliers,addressing issues arising from the intricacies of cloud systems.Analyses proved that our method surpasses previous strategies,particularly in terms of price accuracy,speed,and the capacity to manage large-scale activities,critical factors for real-time cybersecurity systems,such as IDS.Our research integrates artificial intelligence-inspired evolutionary algorithms with market-driven methods to develop intelligent resource management systems that are secure,scalable,and adaptable to evolving risks,such as process innovation.
文摘Genetic algorithm(GA) has received significant attention for the design and implementation of intrusion detection systems. In this paper, it is proposed to use variable length chromosomes(VLCs) in a GA-based network intrusion detection system.Fewer chromosomes with relevant features are used for rule generation. An effective fitness function is used to define the fitness of each rule. Each chromosome will have one or more rules in it. As each chromosome is a complete solution to the problem, fewer chromosomes are sufficient for effective intrusion detection. This reduces the computational time. The proposed approach is tested using Defense Advanced Research Project Agency(DARPA) 1998 data. The experimental results show that the proposed approach is efficient in network intrusion detection.
文摘Anomaly classification based on network traffic features is an important task to monitor and detect network intrusion attacks.Network-based intrusion detection systems(NIDSs)using machine learning(ML)methods are effective tools for protecting network infrastructures and services from unpredictable and unseen attacks.Among several ML methods,random forest(RF)is a robust method that can be used in ML-based network intrusion detection solutions.However,the minimum number of instances for each split and the number of trees in the forest are two key parameters of RF that can affect classification accuracy.Therefore,optimal parameter selection is a real problem in RF-based anomaly classification of intrusion detection systems.In this paper,we propose to use the genetic algorithm(GA)for selecting the appropriate values of these two parameters,optimizing the RF classifier and improving the classification accuracy of normal and abnormal network traffics.To validate the proposed GA-based RF model,a number of experiments is conducted on two public datasets and evaluated using a set of performance evaluation measures.In these experiments,the accuracy result is compared with the accuracies of baseline ML classifiers in the recent works.Experimental results reveal that the proposed model can avert the uncertainty in selection the values of RF’s parameters,improving the accuracy of anomaly classification in NIDSs without incurring excessive time.
文摘An intrusion detection (ID) model is proposed based on the fuzzy data mining method. A major difficulty of anomaly ID is that patterns of the normal behavior change with time. In addition, an actual intrusion with a small deviation may match normal patterns. So the intrusion behavior cannot be detected by the detection system.To solve the problem, fuzzy data mining technique is utilized to extract patterns representing the normal behavior of a network. A set of fuzzy association rules mined from the network data are shown as a model of “normal behaviors”. To detect anomalous behaviors, fuzzy association rules are generated from new audit data and the similarity with sets mined from “normal” data is computed. If the similarity values are lower than a threshold value,an alarm is given. Furthermore, genetic algorithms are used to adjust the fuzzy membership functions and to select an appropriate set of features.
文摘Intrusion detection is a serious and complex problem.Undoubtedly due to a large number of attacks around the world,the concept of intrusion detection has become very important.This research proposes a multilayer bioinspired feature selection model for intrusion detection using an optimized genetic algorithm.Furthermore,the proposed multilayer model consists of two layers(layers 1 and 2).At layer 1,three algorithms are used for the feature selection.The algorithms used are Particle Swarm Optimization(PSO),Grey Wolf Optimization(GWO),and Firefly Optimization Algorithm(FFA).At the end of layer 1,a priority value will be assigned for each feature set.At layer 2 of the proposed model,the Optimized Genetic Algorithm(GA)is used to select one feature set based on the priority value.Modifications are done on standard GA to perform optimization and to fit the proposed model.The Optimized GA is used in the training phase to assign a priority value for each feature set.Also,the priority values are categorized into three categories:high,medium,and low.Besides,the Optimized GA is used in the testing phase to select a feature set based on its priority.The feature set with a high priority will be given a high priority to be selected.At the end of phase 2,an update for feature set priority may occur based on the selected features priority and the calculated F-Measures.The proposed model can learn and modify feature sets priority,which will be reflected in selecting features.For evaluation purposes,two well-known datasets are used in these experiments.The first dataset is UNSW-NB15,the other dataset is the NSL-KDD.Several evaluation criteria are used,such as precision,recall,and F-Measure.The experiments in this research suggest that the proposed model has a powerful and promising mechanism for the intrusion detection system.
文摘Recently machine learning-based intrusion detection approaches have been subjected to extensive researches because they can detect both misuse and anomaly. In this paper, rough set classification (RSC), a modern learning algorithm, is used to rank the features extracted for detecting intrusions and generate intrusion detection models. Feature ranking is a very critical step when building the model. RSC performs feature ranking before generating rules, and converts the feature ranking to minimal hitting set problem addressed by using genetic algorithm (GA). This is done in classical approaches using Support Vector Machine (SVM) by executing many iterations, each of which removes one useless feature. Compared with those methods, our method can avoid many iterations. In addition, a hybrid genetic algorithm is proposed to increase the convergence speed and decrease the training time of RSC. The models generated by RSC take the form of'IF-THEN' rules, which have the advantage of explication. Tests and comparison of RSC with SVM on DARPA benchmark data showed that for Probe and DoS attacks both RSC and SVM yielded highly accurate results (greater than 99% accuracy on testing set).
基金Supported by the National Natural Science Foundation ofChina (60563002) Scientific Research Programof the Higher EducationInstitution of Xinjiang (XJEDU2004I03)
文摘In this paper, we propose an analogy based immune recognition method that focuses on the implement of the clone selection process and the negative selection process by means of analogy similarity. This method is applied in an IDS (Intrusion Detection System) following several steps. Firstly, the initial abnormal behaviours sample set is optimized through the combining of the AIS (Artificial Immune System) and the genetic algorithm. Then, the abnormity probability algorithm is raised considering the two sides of abnormality and normality. Finally, an intrusion detection system model is established based on the above algorithms and models.
基金This work was supported by the Research Grant of SEC E-Institute :Shanghai High Institution Grid and the Science Foundation ofShanghai Municipal Commission of Science and Technology No.00JC14052
文摘Support vector machine (SVM) technique has recently become a research focus in intrusion detection field for its better generalization performance when given less priori knowledge than other soft-computing techniques. But the randomicity of parameter selection in its implement often prevents it achieving expected performance. By utilizing genetic algorithm (GA) to optimize the parameters in data preprocessing and the training model of SVM simultaneously, a hybrid optimization algorithm is proposed in the paper to address this problem. The experimental results demonstrate that it’s an effective method and can improve the performance of SVM-based intrusion detection system further.
文摘It's very difficult tha t the traditional intrusion detection methods based on accurate match adapt to the blur and uncertainty of user information and expert knowledge, it results in failing to report the variations of attack signature. In addition security itself includes fuzziness, the judgment standard of confidentiality, integrity and availability of system resource is uncertain. In this paper fuzzy intrusion detection based on partial match is presented to detect some types of attacks availably and alleviate some of the difficulties of above approaches, the architecture of fuzzy intrusion detection system(FIDS) is introduced and its performance is analyzed.
文摘Due to the ever growing number of cyber attacks, especially of the online systems, development and operation of adaptive Intrusion Detection Systems (IDSs) is badly needed so as to protect these systems. It remains as a goal of paramount importance to achieve and a serious challenge to address. Different selection methods have been developed and implemented in Genetic Algorithms (GAs) to enhance the rate of detection of the IDSs. In this respect, the present study employed the eXtended Classifier System (XCS) for detection of intrusions by matching the incoming environmental message (packet) with a classifiers pool to determine whether the incoming message is a normal request or an intrusion. Fuzzy Clustering by Local Approximation Membership (FLAME) represents the new selection method used in GAs. In this study, Genetic Algorithm with FLAME selection (FGA) was used as a production engine for the XCS. For comparison purposes, different selection methods were compared with FLAME selection and all experiments and evaluations were performed by using the KDD’99 dataset.
文摘Information systems are one of the most rapidly changing and vulnerable systems, where security is a major issue. The number of security-breaking attempts originating inside organizations is increasing steadily. Attacks made in this way, usually done by "authorized" users of the system, cannot be immediately traced. Because the idea of filtering the traffic at the entrance door, by using firewalls and the like, is not completely successful, the use of intrusion detection systems should be considered to increase the defense capacity of an information system. An intrusion detection system (IDS) is usually working in a dynamically changing environment, which forces continuous tuning of the intrusion detection model, in order to maintain sufficient performance. The manual tuning process required by current IDS depends on the system operators in working out the tuning solution and in integrating it into the detection model. Furthermore, an extensive effort is required to tackle the newly evolving attacks and a deep study is necessary to categorize it into the respective classes. To reduce this dependence, an automatically evolving anomaly IDS using neuro-genetic algorithm is presented. The proposed system automatically tunes the detection model on the fly according to the feedback provided by the system operator when false predictions are encountered. The system has been evaluated using the Knowledge Discovery in Databases Conference (KDD 2009) intrusion detection dataset. Genetic paradigm is employed to choose the predominant features, which reveal the occurrence of intrusions. The neuro-genetic IDS (NGIDS) involves calculation of weightage value for each of the categorical attributes so that data of uniform representation can be processed by the neuro-genetic algorithm. In this system unauthorized invasion of a user are identified and newer types of attacks are sensed and classified respectively by the neuro-genetic algorithm. The experimental results obtained in this work show that the system achieves improvement in terms of misclassification cost when compared with conventional IDS. The results of the experiments show that this system can be deployed based on a real network or database environment for effective prediction of both normal attacks and new attacks.
文摘The wireless ad-hoc networks are decentralized networks with a dynamic topology that allows for end-to-end communications via multi-hop routing operations with several nodes collaborating themselves,when the destination and source nodes are not in range of coverage.Because of its wireless type,it has lot of security concerns than an infrastructure networks.Wormhole attacks are one of the most serious security vulnerabilities in the network layers.It is simple to launch,even if there is no prior network experience.Signatures are the sole thing that preventive measures rely on.Intrusion detection systems(IDS)and other reactive measures detect all types of threats.The majority of IDS employ features from various network layers.One issue is calculating a huge layered features set from an ad-hoc network.This research implements genetic algorithm(GA)-based feature reduction intrusion detection approaches to minimize the quantity of wireless feature sets required to identify worm hole attacks.For attack detection,the reduced feature set was put to a fuzzy logic system(FLS).The performance of proposed model was compared with principal component analysis(PCA)and statistical parametric mapping(SPM).Network performance analysis like delay,packet dropping ratio,normalized overhead,packet delivery ratio,average energy consumption,throughput,and control overhead are evaluated and the IDS performance parameters like detection ratio,accuracy,and false alarm rate are evaluated for validation of the proposed model.The proposed model achieves 95.5%in detection ratio with 96.8%accuracy and produces very less false alarm rate(FAR)of 14%when compared with existing techniques.
文摘针对入侵检测中数据特征维度高的问题,提出了改进粒子群联合禁忌搜索(IPSO-TS)的特征选择算法。采用遗传算子对粒子群算法进行了改进,得到了特征选择初始最优解;对该解进行禁忌搜索(TS)得到了特征子集的全局优化解。基于KDD CUP 99数据集的实验结果表明,相较遗传算子整合粒子群算法(CMPSO)、粒子群算法(PSO)和粒子群联合禁忌算法,IPSO-TS减少了至少29.2%的特征,缩短了至少15%的平均检测时间,提高了至少2.96%的平均分类准确率。
