Abstract
The paper describes the design of a genetic classifier-based intrusion detection system, which can provide active detection and automated responses during intrusions. It is designed to be a sense and response system that can monitor various activities on the network (i.e. looks for changes such as malfunctions, faults, abnormalities, misuse, deviations, intrusions, etc.). In particular, it simultaneously monitors networked computer’s activities at different levels (such as user level, system level, process level and packet level) and use a genetic classifier system in order to determine a specific action in case of any security violation. The objective is to find correlation among the deviated values (from normal) of monitored parameters to determine the type of intrusion and to generate an action accordingly. We performed some experiments to evolve set of decision rules based on the significance of monitored parameters in Unix environment, and tested for validation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Crosbie, M., Spafford, G.: Applying Genetic Programming to Intrusion Detection. COAST Laboratory, Purdue University, (1997) (also published in the proceeding of the Genetic Programming Conference)
Dasgupta, D.: Immunity-Based Intrusion Detection System: A General Framework. In the proceedings of the National Information Systems Security Conference, (October, 1999)
Frank, J.: Artificial Intelligence and Intrusion Detection: Current and future directions. In Proceedings of the 17th National Computer Security Conference, (October, 1994)
Balasubramaniyan, J., Fernandez, J.O.G., Isacoff, D., Spafford, E., Zamboni, D.: An Architecture for Intrusion Detection using Autonomous Agents, COAST Technical report 98/5, Purdue University, (1998)
Crosbie, M., Spafford, E.: Defending a computer system using autonomous agents. In Proceedings of the 18th National Information Systems Security Conference, (October, 1995)
Me, L., GASSATA,: A Genetic Algorithm as an Alternative Tool for Security Audit Trail Analysis. in Proceedings of the First International Workshop on the Recent Advances in Intrusion Detection, Louvain-la-Neuve, Belgium, (September, 1998) 14–16
Zhang, Z., Franklin, S., Dasgupta D.: Metacognition in Software Agents using Classifier Systems. In the proceedings of the National Conference on Artificial Intelligence (AAAI), Madison, (July, 1998) 14–16
Boer, B.: Classifier Systems, A useful approach to machine learning? Masters thesis, Leiden University, (August 31, 1994)
Mukherjee, B., Heberline, L.T., Levit, K.: Network Intrusion Detection. IEEE Network (1994)
Axelsson, S., Lindqvist, U., Gustafson, U., Jonsson, E.: An Approach to UNIX security Logging, Technical Report IEEE Network (1996)
Lunt, T.F.: Real-Time Intrusion Detection. Technical Report Computer Science Journal (1990)
Debar, H., Dacier, M., Wepspi, A.: A Revised Taxonomy for Intrusion Detection Systems. Technical Report Computer Science/Mathematics (1999)
Goldberg, D.E.: Genetic Algorithms in Search, Optimization & Machine Learning. Addison-Wesley, Reading, Mass. (1989)
Back, T., Fogel, D.B., Michalewicz, Z.: Handbook of Evolutionary computation. Institute of Physics Publishing and Oxford university press (1997)
Dasgupta, D., Michalewicz, Z. (eds): Evolutionary Algorithms in Engineering and Applications. Springer-Verlag (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dasgupta, D., Gonzalez, F.A. (2001). An Intelligent Decision Support System for Intrusion Detection and Response. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds) Information Assurance in Computer Networks. MMM-ACNS 2001. Lecture Notes in Computer Science, vol 2052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45116-1_1
Download citation
DOI: https://doi.org/10.1007/3-540-45116-1_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42103-0
Online ISBN: 978-3-540-45116-7
eBook Packages: Springer Book Archive