Authors:
Pedro A. Diaz-Gomez
1
and
Dean F. Hougen
2
Affiliations:
1
Ingenieria de Sistemas, Universidad El Bosque, Colombia
;
2
Robotics, Evolution, Adaptation and Learning Laboratory (REAL Lab), School of Computer Science, University of Oklahoma, United States
Keyword(s):
Genetic Algorithms, Intrusion Detection, Off-Line Intrusion Detection, Misuse Detection.
Related
Ontology
Subjects/Areas/Topics:
Artificial Intelligence and Decision Support Systems
;
Enterprise Information Systems
;
Evolutionary Programming
Abstract:
One of the primary approaches to the increasingly important problem of computer security is the Intrusion Detection System. Various architectures and approaches have been proposed including: Statistical, rule-based approaches; Neural Networks; Immune Systems; Genetic Algorithms; and Genetic Programming. This paper focuses on the development of an off-line Intrusion Detection System to analyze a Sun audit trail file. Off-line intrusion detection can be accomplished by searching audit trail logs of user activities for matches to patterns of events required for known attacks. Because such search is NP-complete, heuristic methods will need to be employed as databases of events and attacks grow. Genetic Algorithms can provide appropriate heuristic search methods. However, balancing the need to detect all possible attacks found in an audit trail with the need to avoid false positives (warnings of attacks that do not exist) is a challenge, given the scalar fitness values required by Genetic
Algorithms. This study discusses a fitness function independent of variable parameters to overcome this problem. This fitness function allows the IDS to significantly reduce both its false positive and false negative rate. This paper also describes extending the system to account for the possibility that intrusions are either mutually exclusive or not mutually exclusive.
(More)