A software implementation of a genetic algorithm based approach to network intrusion detection

TitleA software implementation of a genetic algorithm based approach to network intrusion detection
Publication TypeConference Paper
Year of Publication2005
AuthorsGong, R. H., M. Zulkernine, and P. Abolmaesumi
Conference NameSoftware Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, 2005 and 1st ACIS International Workshop on Self-Assembling Wireless Networks. SNPD/SAWN 2005. 6thInternational Conference on
Pagination246 - 253
Date Publishedmay.
Keywordscomputer networks, genetic algorithms, information assurance, Internet, misuse intrusion detection, network audit data, network intrusion detection, security of data, security threat, software development, software engineering, support-confidence framework
Abstract

With the rapid expansion of Internet in recent years, computer systems are facing increased number of security threats. Despite numerous technological innovations for information assurance, it is still very difficult to protect computer systems. Therefore, unwanted intrusions take place when the actual software systems are running. Different soft computing based approaches have been proposed to detect computer network attacks. This paper presents a genetic algorithm (GA) based approach to network intrusion detection, and the software implementation of the approach. The genetic algorithm is employed to derive a set of classification rules from network audit data, and the support-confidence framework is utilized as fitness function to judge the quality of each rule. The generated rules are then used to detect or classify network intrusions in a real-time environment. Unlike most existing GA-based approaches, because of the simple representation of rules and the effective fitness function, the proposed method is easier to implement while providing the flexibility to either generally detect network intrusions or precisely classify the types of attacks. Experimental results show the achievement of acceptable detection rates based on benchmark DARPA data sets on intrusions, while no other complementary techniques or relevant heuristics are applied.

URLhttp://dx.doi.org/10.1109/SNPD-SAWN.2005.9
DOI10.1109/SNPD-SAWN.2005.9

a place of mind, The University of British Columbia

Electrical and Computer Engineering
2332 Main Mall
Vancouver, BC Canada V6T 1Z4
Tel +1.604.822.2872
Fax +1.604.822.5949
Email:

Emergency Procedures | Accessibility | Contact UBC | © Copyright 2020 The University of British Columbia