An Intelligent Decision Support System for Intrusion Detection and Response

Dasgupta, Dipankar; Gonzalez, Fabio A.

doi:10.1007/3-540-45116-1_1

Dipankar Dasgupta⁷ &
Fabio A. Gonzalez⁷

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2052))

Included in the following conference series:

International Workshop on Mathematical Methods, Models, and Architectures for Network Security

522 Accesses
26 Citations
3 Altmetric

Abstract

The paper describes the design of a genetic classifier-based intrusion detection system, which can provide active detection and automated responses during intrusions. It is designed to be a sense and response system that can monitor various activities on the network (i.e. looks for changes such as malfunctions, faults, abnormalities, misuse, deviations, intrusions, etc.). In particular, it simultaneously monitors networked computer’s activities at different levels (such as user level, system level, process level and packet level) and use a genetic classifier system in order to determine a specific action in case of any security violation. The objective is to find correlation among the deviated values (from normal) of monitored parameters to determine the type of intrusion and to generate an action accordingly. We performed some experiments to evolve set of decision rules based on the significance of monitored parameters in Unix environment, and tested for validation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 64.99; Price excludes VAT (USA)

Softcover Book: USD 84.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Crosbie, M., Spafford, G.: Applying Genetic Programming to Intrusion Detection. COAST Laboratory, Purdue University, (1997) (also published in the proceeding of the Genetic Programming Conference)
Google Scholar
Dasgupta, D.: Immunity-Based Intrusion Detection System: A General Framework. In the proceedings of the National Information Systems Security Conference, (October, 1999)
Google Scholar
Frank, J.: Artificial Intelligence and Intrusion Detection: Current and future directions. In Proceedings of the 17th National Computer Security Conference, (October, 1994)
Google Scholar
Balasubramaniyan, J., Fernandez, J.O.G., Isacoff, D., Spafford, E., Zamboni, D.: An Architecture for Intrusion Detection using Autonomous Agents, COAST Technical report 98/5, Purdue University, (1998)
Google Scholar
Crosbie, M., Spafford, E.: Defending a computer system using autonomous agents. In Proceedings of the 18th National Information Systems Security Conference, (October, 1995)
Google Scholar
Me, L., GASSATA,: A Genetic Algorithm as an Alternative Tool for Security Audit Trail Analysis. in Proceedings of the First International Workshop on the Recent Advances in Intrusion Detection, Louvain-la-Neuve, Belgium, (September, 1998) 14–16
Google Scholar
Zhang, Z., Franklin, S., Dasgupta D.: Metacognition in Software Agents using Classifier Systems. In the proceedings of the National Conference on Artificial Intelligence (AAAI), Madison, (July, 1998) 14–16
Google Scholar
Boer, B.: Classifier Systems, A useful approach to machine learning? Masters thesis, Leiden University, (August 31, 1994)
Google Scholar
Mukherjee, B., Heberline, L.T., Levit, K.: Network Intrusion Detection. IEEE Network (1994)
Google Scholar
Axelsson, S., Lindqvist, U., Gustafson, U., Jonsson, E.: An Approach to UNIX security Logging, Technical Report IEEE Network (1996)
Google Scholar
Lunt, T.F.: Real-Time Intrusion Detection. Technical Report Computer Science Journal (1990)
Google Scholar
Debar, H., Dacier, M., Wepspi, A.: A Revised Taxonomy for Intrusion Detection Systems. Technical Report Computer Science/Mathematics (1999)
Google Scholar
Goldberg, D.E.: Genetic Algorithms in Search, Optimization & Machine Learning. Addison-Wesley, Reading, Mass. (1989)
MATH Google Scholar
Back, T., Fogel, D.B., Michalewicz, Z.: Handbook of Evolutionary computation. Institute of Physics Publishing and Oxford university press (1997)
Google Scholar
Dasgupta, D., Michalewicz, Z. (eds): Evolutionary Algorithms in Engineering and Applications. Springer-Verlag (1997)
Google Scholar

Download references

Author information

Authors and Affiliations

Intelligent Security Systems Research Lab Division of Computer Science, The University of Memphis, Memphis, TN, 38152, USA
Dipankar Dasgupta & Fabio A. Gonzalez

Authors

Dipankar Dasgupta
View author publications
You can also search for this author in PubMed Google Scholar
Fabio A. Gonzalez
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS), SPIIRAS, 39, 14th Liniya, St. Petersburg, Russia, 199178
Vladimir I. Gorodetski
Watson Schoolof Engineering, Binghamton University, Binghamton, NY, 13902, USA
Victor A. Skormin
Air Force Research Laboratory, Defensive Information Warfare Branch, 525 Brooks Road, Rome, NY, 13441-4505, Italy
Leonard J. Popyack

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Dasgupta, D., Gonzalez, F.A. (2001). An Intelligent Decision Support System for Intrusion Detection and Response. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds) Information Assurance in Computer Networks. MMM-ACNS 2001. Lecture Notes in Computer Science, vol 2052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45116-1_1

Download citation

DOI: https://doi.org/10.1007/3-540-45116-1_1
Published: 08 May 2001
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42103-0
Online ISBN: 978-3-540-45116-7
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics