Applying Genetic Programming to Evolve Learned Rules for Network Anomaly Detection
The DARPA/MIT Lincoln Laboratory off-line intrusion detection evaluation data set is the most widely used public benchmark for testing intrusion detection systems. But the presence of simulation artifacts attributes would cause many attacks in this dataset to be easily detected. In order to eliminate their influence on intrusion detection, we simply omit these attributes in the processes of both training and testing. We also present a GP-based rule learning approach for detecting attacks on network. GP is used to evolve new rules from the initial learned rules through genetic operations. Our results show that GP-based rule learning approach outperforms the original rule learning algorithm, detecting 84 of 148 attacks at 100 false alarms despite the absence of several simulation artifacts attributes.
KeywordsFalse Alarm Intrusion Detection Network Traffic Anomaly Detection Intrusion Detection System
Unable to display preview. Download preview PDF.
- 1.Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Technical Report, Fort Washington, PA (1980)Google Scholar
- 2.Roesch, M.: Snort: Lightweight intrusion detection for networks. In: Proc. of USENIX Large Installation System Administration Conference (1999)Google Scholar
- 4.Mahoney, M.V., Chan, P.K.: Learning Rules for Anomaly Detection of Hostile Network Traffic. In: Proc. of International Conference on Data Mining (2003)Google Scholar
- 6.Barbara, D., Couto, J., Jajodia, S., Popyack, L., Wu, N.: ADAM: Detecting Intrusions by Data Mining. In: Proc. of IEEE Workshop on Information Assurance and Security, pp. 11–16 (2001)Google Scholar
- 7.Hoagland, J.: SPADE (2000), http://www.silicondefense.com/software/spice/
- 8.Mahoney, M.V.: A Machine Learning Approach to Detecting Attacks by Identifying Anomalies in Network Traffic. Ph.D. dissertation, Florida Institute of Technology (2003)Google Scholar
- 9.Mahoney, M.V., Chan, P.K.: Learning Non-stationary Models of Normal Network Traffic for Detecting Novel Attacks. In: Proc. of ACM Special Interest Group on Knowledge Discovery in Data and Data Mining, pp. 376–385 (2002)Google Scholar
- 10.Mahoney, M.V.: Network Traffic Anomaly Detection Based on Packet Bytes. In: Proc. of ACM Symposium on Applied Computing (2003)Google Scholar
- 13.Crosbie, M., Spafford, G.: Applying Genetic Programming to Intrusion Detection. In: Proc. of AAAI Fall Symposium on Genetic Programming (1995)Google Scholar
- 15.Lu, W., Traore, I.: Detecting New Forms of Network Intrusion Using Genetic Programming. Computational Intelligence 20 (2004)Google Scholar
- 16.Yao, X.: Evolutionary Computation: Theory and Applications. World Scientific, Singapore (1999)Google Scholar