loading
Documents

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Pedro A. Diaz-Gomez 1 and Dean F. Hougen 2

Affiliations: 1 Ingenieria de Sistemas, Universidad El Bosque, Colombia ; 2 Robotics, Evolution, Adaptation and Learning Laboratory (REAL Lab), School of Computer Science, University of Oklahoma, United States

ISBN: 972-8865-19-8

Keyword(s): Genetic Algorithms, Intrusion Detection, Off-Line Intrusion Detection, Misuse Detection.

Related Ontology Subjects/Areas/Topics: Artificial Intelligence and Decision Support Systems ; Enterprise Information Systems ; Evolutionary Programming

Abstract: One of the primary approaches to the increasingly important problem of computer security is the Intrusion Detection System. Various architectures and approaches have been proposed including: Statistical, rule-based approaches; Neural Networks; Immune Systems; Genetic Algorithms; and Genetic Programming. This paper focuses on the development of an off-line Intrusion Detection System to analyze a Sun audit trail file. Off-line intrusion detection can be accomplished by searching audit trail logs of user activities for matches to patterns of events required for known attacks. Because such search is NP-complete, heuristic methods will need to be employed as databases of events and attacks grow. Genetic Algorithms can provide appropriate heuristic search methods. However, balancing the need to detect all possible attacks found in an audit trail with the need to avoid false positives (warnings of attacks that do not exist) is a challenge, given the scalar fitness values required by Genetic Algorithms. This study discusses a fitness function independent of variable parameters to overcome this problem. This fitness function allows the IDS to significantly reduce both its false positive and false negative rate. This paper also describes extending the system to account for the possibility that intrusions are either mutually exclusive or not mutually exclusive. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 34.204.194.190

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
A. Diaz-Gomez P.; F. Hougen D. and (2005). IMPROVED OFF-LINE INTRUSION DETECTION USING A GENETIC ALGORITHM.In Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 2: ICEIS, ISBN 972-8865-19-8, pages 66-73. DOI: 10.5220/0002553100660073

@conference{iceis05,
author={Pedro {A. Diaz{-}Gomez} and Dean {F. Hougen}},
title={IMPROVED OFF-LINE INTRUSION DETECTION USING A GENETIC ALGORITHM},
booktitle={Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 2: ICEIS,},
year={2005},
pages={66-73},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002553100660073},
isbn={972-8865-19-8},
}

TY - CONF

JO - Proceedings of the Seventh International Conference on Enterprise Information Systems - Volume 2: ICEIS,
TI - IMPROVED OFF-LINE INTRUSION DETECTION USING A GENETIC ALGORITHM
SN - 972-8865-19-8
AU - A. Diaz-Gomez, P.
AU - F. Hougen, D.
PY - 2005
SP - 66
EP - 73
DO - 10.5220/0002553100660073

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.