Abstract
Security Audit Trail Analysis problem consists in detecting predefined attack scenarios in the audit trails. Each attack scenario is defined by a number of occurrences of auditable events. This problem is classified as an NP-Hard combinatorial optimization problem. In this paper, we propose to use the Bat echolocation approach to solve such problem. The proposed approach named an Enhanced Binary Bat Algorithm (EBBA) is an improvement of Bat Algorithm (BA). The fitness function is defined as the global attacks risks. In order to improve , the fitness function is combined with the Manhattan distance measure. Thus, intrusion detection process is guided, on one hand, by the fitness function that aims to maximize the global attacks risks and, on the other hand, by the Manhattan distance that attempts to reduce false Positives and false negatives. The best solution retained has the smallest Manhattan distance. Experiments show that the use of the Manhattan distance improves substantially the intrusion detection quality. The comparative study proves the effectiveness of the proposed approach to make correct prediction.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
A. Abraham, C. Grosan, Evolving intrusion detection systems, in Genetic Systems Programming, ed. by N. Nedjah, L. Mourelle, A. Abraham. Studies in Computational Intelligence, vol. 13 (Springer, Berlin/Heidelberg, 2006)
J. Cannady, Artificial neural networks for misuse detection, in Proceedings of the 98 National Information Systems Security Conference (NISSC’98) (Virginia Press, Arlington, 1998), pp. 443–456
M. Daoudi, Security audit trail analysis using harmony search algorithm, in Proceeding of the Eighth International Conference on Systems (ICONS), Seville, 2013
M. Daoudi, M. Ahmed-Nacer, An intrusion detection approach using an adaptative parameter-free algorithm, in Proceeding of the Ninth International Conference on Systems (ICONS), Nice (2014), pp. 178–184
M. Daoudi, A. Boukra, M. Ahmed-Nacer, Security audit trail analysis with biogeography based optimization metaheuristic, in Proceedings of the International Conference on Informatics Engineering & Information Science: ICIES, ICIEIS 2011, Part II, CCIS 252, ed. by A. Abd Manaf et al. (Springer, Berlin/Heidelberg, 2011), pp. 218–227
M. Dass, Lids: a learning intrusion detection system. Master of Science, The University of Georgia, Athens, Georgia, 2003
A. Diaz-Gomez, D.F. Hougen, A genetic algorithm approach for doing misuse detection in audit trail files, in CIC 06 Proceeding of the 15th International Conference on Computing (CIC) (IEEE Computer Society, Washington, DC, 2006), pp. 329–335
Y. Haidong, G. Jianhua, D. Feiqi, Collaborative rfid intrusion detection with an artificial immune system. J. Intell. Inf. Syst. 36(1), 1–26 (2010)
C. Kolias, G. Kambourakis, M. Maragoudakis, Swarm intelligence in intrusion detection: A survey. Comput. Secur. 30(8), 625–642 (2011)
W. Lee, J. Salvatore, K. Mok, Mining audit data to build intrusion detection models, in Proceedings of the 4th International Conference on Knowledge Discovery and Data Mining, New York (1998), pp. 66–72
P.G. Majeed, S. Kumar, Genetic algorithms in intrusion detection systems: a survey. Int. J. Innov. Appl. Stud. 5(3), 233–240 (2014)
L. Mé, Audit de sécurité par algorithmes génétiques. Ph.D. thesis, Institut de Formation Supérieure en Informatique et de Communication de Rennes, 1994
S. Mirjalili, S.M. Mirjalili, X.S. Yang, Binary bat algorithm. Neural Comput. Appl. 25(3), 663–681 (2013)
A. Sanjay, R.K. Gupta, Intrusion detection system: a review. Int. J. Secur. Appl. 9(5), 69–76 (2015)
E. Tombini, Amélioration du diagnostic en détection dÃntrusions: etude et application dúne combinaison de méthodes comportementale et par scénarios. Ph.D. thesis, Institut National des Sciences Appliquées de Rennes, 2006
D.P. Vinchurkar, A. Reshamwala, A review of intrusion detection system using neural network and machine learning technique. Int. J. Eng. Sci. Innov. Technol. 1(2), 54–63 (2012)
B. Xu, A. Zhang, Application of support vector clustering algorithm to network intrusion detection, in Proceedings of the International Conference on Neural Networks and Brain ICNN & B’05, Beijing, vol. 2 (2005), pp. 1036–1040
X.S. Yang, A new metaheuristic bat-inspired algorithm, in Nature Inspired Cooperative Strategies for Optimization (NICSO 2010), ed. by J.R. Gonzalez, et al. vol. 284 (Springer, Berlin/Heidelberg, 2010), pp. 65–74
X.S. Yang, Bat algorithm for multi-objective optimisation. Int. J. Bio-Inspired Comput. 3(5), 267–274 (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Guendouzi, W., Boukra, A. (2018). An Enhanced Bat Echolocation Approach for Security Audit Trails Analysis Using Manhattan Distance. In: Amodeo, L., Talbi, EG., Yalaoui, F. (eds) Recent Developments in Metaheuristics. Operations Research/Computer Science Interfaces Series, vol 62. Springer, Cham. https://doi.org/10.1007/978-3-319-58253-5_28
Download citation
DOI: https://doi.org/10.1007/978-3-319-58253-5_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-58252-8
Online ISBN: 978-3-319-58253-5
eBook Packages: Business and ManagementBusiness and Management (R0)