Real-Time Intrusion Prediction Using Hidden Markov Model with Genetic Algorithm

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 324)

Abstract

As the use of Internet increases, cyber attacks and their severity also increase. Since it is not possible to compromise on security, intrusion detection systems (IDSs) become critical component in a secure organization. IDSs detect an attack only after it has occurred. When use in a high-traffic network, IDSs produce a large number of alerts. The false-positive (FP) rate increases with this. In this paper, we propose a framework for predicting future attacks by combining two machine-learning methods: genetic algorithm (GA) and hidden Markov model (HMM). It has two major components in which the first component makes use of GA to derive efficient intrusion detection rules and thereafter a precise detection of attacks. The second component uses HMM to predict the next attack class of the attacker. So combining these together is a good idea and gives a good intrusion prediction capability with reduced FP rate.

Keywords

Intrusion prediction False positive Genetic algorithm Hidden markov model 

References

  1. 1.
    T. Xia, G. Qu, S. Hariri, M. Yousif, in An Efficient Network Intrusion Detection Method Based on Information Theory And Genetic Algorithm. Performance, Computing, and Communications Conference, 2005. IPCCC 2005. (2005), pp. 11–17Google Scholar
  2. 2.
    R.H. Gong, M. Zulkernine, P. Abolmaesumi, A software implementation of a genetic algorithm based approach to network intrusion detection, in Proceedings of the Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (2005)Google Scholar
  3. 3.
    B. Zhu, A.A. Ghorbani, Alert correlation for extracting attack strategies. Int. J. Netw. Secur. 3, 244–258 (2006)Google Scholar
  4. 4.
    D. Yu, D.A. Frincke, Improving the quality of alerts and predicting intruder’s next goal with hidden colored Petri-Net. Comput. Netw. 51, 632–654 (2007)CrossRefMATHGoogle Scholar
  5. 5.
    K. Haslum, A. Abraham, S. Knapskog, A, Dips framework for distributed intrusion prediction and prevention using hidden markov models and online fuzzy risk assessment, in 3rd International Symposium on Information Assurance and Security, pp. 183–188 (2007)Google Scholar
  6. 6.
    W. Li, Using genetic algorithm for network intrusion detection, in Proceedings of the United States Department of Energy Cyber Security Group, pp. 1–8 (2004)Google Scholar
  7. 7.
    M. Middlemiss, G. Dick, Feature selection of intrusion detection data using a hybrid genetic algorithm/KNN approach, in Design and Application of Hybrid Intelligent Systems, pp 519–527 (2003)Google Scholar
  8. 8.
    Lu Wei, A.I. Traore, Detecting new forms of network intrusion using genetic programming. Comput. Intell. 20(3), 475–494 (2004)CrossRefGoogle Scholar

Copyright information

© Springer India 2015

Authors and Affiliations

  1. 1.TIFAC CORE in Cyber SecurityAmrita Vishwa VidyapeethamCoimbatoreIndia

Personalised recommendations