Skip to main content
SpringerLink
Log in

A Hybrid Multiobjective Evolutionary Algorithm for Anomaly Intrusion Detection

  • Conference paper
Distributed Computing and Artificial Intelligence

Part of the book series: Advances in Intelligent and Soft Computing ((AINSC,volume 79))

  • 1397 Accesses

Abstract

Intrusion detection systems (IDS) are network security tools that process local audit data or monitor network traffic to search for specific patterns or certain deviations from expected behavior. We use a multiobjective evolutionary algorithm which is hybridized with an Artificial Immune System as a method of anomaly-based IDS because of the similarity between the intrusion detection system architecture and the biological immune systems. In this study, we tested the improvements we made to jREMISA, a multiobjective evolutionary algorithm inspired artificial immune system, on the DARPA 1999 dataset and compared our results with others in literature. The almost 100% true positive rate and 0% false positive rate of our approach, under the given parameter settings and experimental conditions, shows that the improvements are successful as an anomaly-based IDS when compared with related studies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 469.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 599.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abraham, A., Grosan, C., Chen, Y.: Cyber Security and the Evolution of Intrusion Detection Systems. Journal of Educational Technology, Special Issue in Knowledge Management (2005), ISSN 0973-0559

    Google Scholar 

  2. Sbalzarini, I.S., Muller, S., Koumoutsakos, P.: Multiobjective optimization using evolutionary algorithms, Center for Turbulunce Research. In: Proc. of Summer Program (2000)

    Google Scholar 

  3. Akyazı, U., Uyar, A.Ş.: Detection of DDoS Attacks via an Artificial Immune System-Inspired Multiobjective Evolutionary Algorithm. In: 7th European Event on the Application of Nature-inspired Techniques for Telecommunication Networks and other Parallel and Distributed Systems, EvoCOMNET (2010)

    Google Scholar 

  4. Haag, C.R., Lamont, G.B., Williams, P.D., Peterson, G.L.: An artificial immune system-inspired multiobjective evolutionary algorithm with application to the detection of distributed computer network intrusions. In: GECCO 2007: Genetic and evolutionary computation Conference, London, UK (2007)

    Google Scholar 

  5. Mahoney, M.V., Chan, P.K.: PHAD, Packet Header Anomaly Detection for Identifying Hostile Network Traffic. Florida Tech., technical report, 2001-04 (2001)

    Google Scholar 

  6. Aydin, M.A., Zaim, A.H., Ceylan, K.G.: A hybrid intrusion detection system design for computer network security. Computers and Electrical Eng. Journal 35(3), 517–526 (2009)

    Article  MATH  Google Scholar 

  7. Mahoney, M.V.: Network traffic anomaly detection based on packet bytes. In: ACM Symposium on Applied Computing, SAC (2003)

    Google Scholar 

  8. Snort – the de facto standard for intrusion detection/prevention, http://www.snort.org (Cited March 18, 2010)

  9. Kayacik, G.H., Zincir-Heywood, A.N.: Using Intrusion Detection Systems with a Firewall: Evaluation on DARPA 99 Dataset. NIMS Technical Report, #062003 (2003)

    Google Scholar 

  10. Takeda, K., Takefuji, Y.: Pakemon – A Rule Based Network Intrusion Detection System. Int. Journal of Knowledge-Based Intelligent Engineering Systems 5(4), 240–246 (2001)

    Google Scholar 

  11. Cisco IOS Firewall Intrusion Detection System, http://www.cisco.com/en/US/docs/ios/12_0t/12_0t5/feature/guide/ios_ids.html (Cited April 10, 2010)

  12. Lippmann, R.P., Haines, J.W., Fried, D.J., Korba, J., Das, K.: Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation. In: Third International Workshop on Recent Advances in Intrusion Detection (RAID 2000), Toulouse, France (2000)

    Google Scholar 

  13. Neumann, P., Porras, P.: Experience with EMERALD to DATE. In: 1st USENIX Workshop on Intrusion Detection and Network Monitoring, California, pp. 73–80 (1999)

    Google Scholar 

  14. Vigna, G., Eckmann, S.T., Kemmerer, R.A.: The STAT Tool Suite. In: DARPA Information Survivability Conference and Exposition, DISCEX (2000)

    Google Scholar 

  15. Sekar, R., Uppuluri, P.: Synthesizing Fast Intrusion Prevention/Detection Systems from High-Level Specifications. In: 8th Usenix Security Symposium, Washington DC (1999)

    Google Scholar 

  16. Barbara, D., Wu, N., Couto, J., Jajodia, S.: ADAM: Detecting Intrusions by Data Mining. In: IEEE SMC Information Assurance Workshop, West Point, NY (2001)

    Google Scholar 

  17. Ghosh, A.K., Schwartzbard, A.: A Study in Using Neural Networks for Anomaly and Misuse Detection. In: USENIX Security Symposium, August 23-26, Washington D.C. (1999)

    Google Scholar 

  18. Tyson, W.M.: DERBI: Diagnosis, Explanation and Recovery from Computer Break-ins. Final Report, Artificial Intelligence Center, SRI Int., DARPA Project F30602-96-C-0295 (2001)

    Google Scholar 

  19. Gaddam, S.R., Phoha, V.V., Balagani, K.S.: A Novel Method for Supervised Anomaly Detection by Cascading K-Means Clustering and ID3 Decision Tree Learning Methods. IEEE Trans. on Knowledge and Data Engineering 19(3), 345–354 (2007)

    Article  Google Scholar 

  20. Ke, W., Stolfo Salvatore, J.: Anomalous Payload-based Network Intrusion Detection. In: 7th International Symposium on Recent Advances in Intrusion Detection (RAID), pp. 203–222 (2004)

    Google Scholar 

  21. Bolzoni, D., Etalle, S., Hartel, P., Zambon, E.: POSEIDON: a 2-tier Anomaly-based Network Intrusion Detection System. In: Fourth IEEE International Workshop on Information Assurance IWIA 2006, pp. 144-156 (2006)

    Google Scholar 

  22. Kohonen, T.: Self-Organizing Maps, 3rd Extended edn. Springer Series in Information Sciences, vol. 30. Springer, Heidelberg (2001)

    MATH  Google Scholar 

  23. Aickelin, U., Dasgupta, D.: Artificial Immune Systems Tutorial. In: Burke, E., Kendall, G. (eds.) Search Methodologies: Introductory Tutorials in Optimization and Decision Support Methodologies, ch. 13. Springer, Heidelberg (2005)

    Google Scholar 

  24. Coello, C.A., Lamont, G.B., Van Veldhuizen, D.A.: Evolutionary Algorithms for Solving Multi-Objective Problems. In: Genetic and Evolutionary Computation, Springer, Heidelberg (2007)

    Google Scholar 

  25. Mahoney, M.V., Chan, P.K.: An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 220–239. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  26. Brugger, S.T., Chow, J.: An Assessment of the DARPA IDS Evaluation Dataset Using Snort, UC Davis Technical Report CSE-2007-1, Davis, CA (2007)

    Google Scholar 

  27. Haines, J.W., Lippman, R., Fried, D.J., Zissman, M.A., Tran, E., Boswell, S.B.: 1999 DARPA intrusion detection evaluation: design and procedures. MIT Lincoln Laboratory Technical Report, TR-1062, Massachusetts (2001)

    Google Scholar 

  28. Ethereal: Open-source network protocol analyzer, http://www.ethereal.com (Cited March 21, 2010)

Download references

Author information

Authors and Affiliations

  1. Computer Eng. Department, Turkish Air Force Academy, Yesilyurt, Istanbul, Turkey

    Uğur Akyazı

  2. Computer Eng. Department, Istanbul Technical University, Maslak, Istanbul, Turkey

    Şima Uyar

Authors
  1. Uğur Akyazı
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Şima Uyar
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Sao Paulo at Sao Carlos, Sao Carlos, SP, Brazil

    Andre Ponce de Leon F. de Carvalho

  2. Department of Computing, Science and Control, Faculty of Science, University of Salamanca, Plaza de la Merced S/N, 37008, Salamanca, Spain

    Sara Rodríguez-González

  3. Department of Computing, Science and Control, Faculty of Science, University of Salamanca, Plaza de la Merced S/N, 37008, Salamanca, Spain

    Juan F. De Paz Santana  & Juan M. Corchado Rodríguez  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Akyazı, U., Uyar, Ş. (2010). A Hybrid Multiobjective Evolutionary Algorithm for Anomaly Intrusion Detection. In: de Leon F. de Carvalho, A.P., Rodríguez-González, S., De Paz Santana, J.F., Rodríguez, J.M.C. (eds) Distributed Computing and Artificial Intelligence. Advances in Intelligent and Soft Computing, vol 79. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14883-5_65

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14883-5_65

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14882-8

  • Online ISBN: 978-3-642-14883-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation