X hits on this document

PDF document

Modeling Intrusion Detection Systems Using Linear Genetic Programming Approach - page 1 / 10





1 / 10

Modeling Intrusion Detection Systems Using Linear Genetic Programming Approach

Srinivas Mukkamala, Andrew H. Sung, Ajith Abrham* Department of Computer Science, New Mexico Tech, Socorro, NM 87801

*Department of Computer Science, Oklahoma State University, Tulsa, OK 74106 {srinivas,sung}@cs.nmt.edu, ajith.abraham@ieee.org

Abstract-This paper investigates the suitability of linear genetic programming (LGP) technique to model efficient intrusion detection systems, while comparing its performance with artificial neural networks and support vector machines. Due to increasing incidents of cyber attacks and, building effective intrusion detection systems (IDSs) are essential for protecting information systems security, and yet it remains an elusive goal and a great challenge. We also investigate key feature indentification for building efficient and effective IDSs. Through a variety of comparative experiments, it is found that, with appropriately chosen population size, program size, crossover rate and mutation rate, linear genetic programs could outperform support vector machines and neural networks in terms of detection accuracy. Using key features gives notable performance in terms of detection accuracies. However the difference in accuracy tends to be small in a few cases.

1 Introduction

Since most of the intrusions can be located by examining patterns of user activities and audit records, many IDSs have been built by utilizing the recognized attack and misuse patterns. IDSs are classified, based on their functionality, as misuse detectors and anomaly detectors. Misuse detection systems use well-known attack patterns as the basis for detection [1,2]. Anomaly detection systems make use user profiles as the basis for detection; any deviation from the normal user behavior is considered an intrusion [1,2,3,4]. One of the main problems with IDSs is the overhead, which can become unacceptably high. To analyze system logs, the operating system must keep information regarding all the actions performed, which invariably results in huge amounts of data, requiring disk space and CPU resource. Next, the logs must be processed to convert into a manageable format and then compared with the set of recognized misuse and attack patterns to identify possible security violations. Further, the stored patterns need be continually updated, which would normally involve human expertise. An intelligent, adaptable and cost-effective tool that is capable of (mostly) real-time intrusion detection is the goal of the researchers in IDSs. Various AI techniques have been utilized to automate the intrusion detection process to reduce human intervention; several such techniques include neural networks [3,4,5,6,7], and machine learning [8,11]. Several data mining techniques have been introduced to identify key features or parameters that define intrusions [8,9,10,11,12].

Document info
Document views14
Page views14
Page last viewedSat Oct 22 02:24:20 UTC 2016