Abstract
Intrusion detection systems (IDS) are network security tools that process local audit data or monitor network traffic to search for specific patterns or certain deviations from expected behavior. We use a multiobjective evolutionary algorithm which is hybridized with an Artificial Immune System as a method of anomaly-based IDS because of the similarity between the intrusion detection system architecture and the biological immune systems. In this study, we tested the improvements we made to jREMISA, a multiobjective evolutionary algorithm inspired artificial immune system, on the DARPA 1999 dataset and compared our results with others in literature. The almost 100% true positive rate and 0% false positive rate of our approach, under the given parameter settings and experimental conditions, shows that the improvements are successful as an anomaly-based IDS when compared with related studies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abraham, A., Grosan, C., Chen, Y.: Cyber Security and the Evolution of Intrusion Detection Systems. Journal of Educational Technology, Special Issue in Knowledge Management (2005), ISSN 0973-0559
Sbalzarini, I.S., Muller, S., Koumoutsakos, P.: Multiobjective optimization using evolutionary algorithms, Center for Turbulunce Research. In: Proc. of Summer Program (2000)
Akyazı, U., Uyar, A.Ş.: Detection of DDoS Attacks via an Artificial Immune System-Inspired Multiobjective Evolutionary Algorithm. In: 7th European Event on the Application of Nature-inspired Techniques for Telecommunication Networks and other Parallel and Distributed Systems, EvoCOMNET (2010)
Haag, C.R., Lamont, G.B., Williams, P.D., Peterson, G.L.: An artificial immune system-inspired multiobjective evolutionary algorithm with application to the detection of distributed computer network intrusions. In: GECCO 2007: Genetic and evolutionary computation Conference, London, UK (2007)
Mahoney, M.V., Chan, P.K.: PHAD, Packet Header Anomaly Detection for Identifying Hostile Network Traffic. Florida Tech., technical report, 2001-04 (2001)
Aydin, M.A., Zaim, A.H., Ceylan, K.G.: A hybrid intrusion detection system design for computer network security. Computers and Electrical Eng. Journal 35(3), 517–526 (2009)
Mahoney, M.V.: Network traffic anomaly detection based on packet bytes. In: ACM Symposium on Applied Computing, SAC (2003)
Snort – the de facto standard for intrusion detection/prevention, http://www.snort.org (Cited March 18, 2010)
Kayacik, G.H., Zincir-Heywood, A.N.: Using Intrusion Detection Systems with a Firewall: Evaluation on DARPA 99 Dataset. NIMS Technical Report, #062003 (2003)
Takeda, K., Takefuji, Y.: Pakemon – A Rule Based Network Intrusion Detection System. Int. Journal of Knowledge-Based Intelligent Engineering Systems 5(4), 240–246 (2001)
Cisco IOS Firewall Intrusion Detection System, http://www.cisco.com/en/US/docs/ios/12_0t/12_0t5/feature/guide/ios_ids.html (Cited April 10, 2010)
Lippmann, R.P., Haines, J.W., Fried, D.J., Korba, J., Das, K.: Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation. In: Third International Workshop on Recent Advances in Intrusion Detection (RAID 2000), Toulouse, France (2000)
Neumann, P., Porras, P.: Experience with EMERALD to DATE. In: 1st USENIX Workshop on Intrusion Detection and Network Monitoring, California, pp. 73–80 (1999)
Vigna, G., Eckmann, S.T., Kemmerer, R.A.: The STAT Tool Suite. In: DARPA Information Survivability Conference and Exposition, DISCEX (2000)
Sekar, R., Uppuluri, P.: Synthesizing Fast Intrusion Prevention/Detection Systems from High-Level Specifications. In: 8th Usenix Security Symposium, Washington DC (1999)
Barbara, D., Wu, N., Couto, J., Jajodia, S.: ADAM: Detecting Intrusions by Data Mining. In: IEEE SMC Information Assurance Workshop, West Point, NY (2001)
Ghosh, A.K., Schwartzbard, A.: A Study in Using Neural Networks for Anomaly and Misuse Detection. In: USENIX Security Symposium, August 23-26, Washington D.C. (1999)
Tyson, W.M.: DERBI: Diagnosis, Explanation and Recovery from Computer Break-ins. Final Report, Artificial Intelligence Center, SRI Int., DARPA Project F30602-96-C-0295 (2001)
Gaddam, S.R., Phoha, V.V., Balagani, K.S.: A Novel Method for Supervised Anomaly Detection by Cascading K-Means Clustering and ID3 Decision Tree Learning Methods. IEEE Trans. on Knowledge and Data Engineering 19(3), 345–354 (2007)
Ke, W., Stolfo Salvatore, J.: Anomalous Payload-based Network Intrusion Detection. In: 7th International Symposium on Recent Advances in Intrusion Detection (RAID), pp. 203–222 (2004)
Bolzoni, D., Etalle, S., Hartel, P., Zambon, E.: POSEIDON: a 2-tier Anomaly-based Network Intrusion Detection System. In: Fourth IEEE International Workshop on Information Assurance IWIA 2006, pp. 144-156 (2006)
Kohonen, T.: Self-Organizing Maps, 3rd Extended edn. Springer Series in Information Sciences, vol. 30. Springer, Heidelberg (2001)
Aickelin, U., Dasgupta, D.: Artificial Immune Systems Tutorial. In: Burke, E., Kendall, G. (eds.) Search Methodologies: Introductory Tutorials in Optimization and Decision Support Methodologies, ch. 13. Springer, Heidelberg (2005)
Coello, C.A., Lamont, G.B., Van Veldhuizen, D.A.: Evolutionary Algorithms for Solving Multi-Objective Problems. In: Genetic and Evolutionary Computation, Springer, Heidelberg (2007)
Mahoney, M.V., Chan, P.K.: An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 220–239. Springer, Heidelberg (2003)
Brugger, S.T., Chow, J.: An Assessment of the DARPA IDS Evaluation Dataset Using Snort, UC Davis Technical Report CSE-2007-1, Davis, CA (2007)
Haines, J.W., Lippman, R., Fried, D.J., Zissman, M.A., Tran, E., Boswell, S.B.: 1999 DARPA intrusion detection evaluation: design and procedures. MIT Lincoln Laboratory Technical Report, TR-1062, Massachusetts (2001)
Ethereal: Open-source network protocol analyzer, http://www.ethereal.com (Cited March 21, 2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Akyazı, U., Uyar, Ş. (2010). A Hybrid Multiobjective Evolutionary Algorithm for Anomaly Intrusion Detection. In: de Leon F. de Carvalho, A.P., Rodríguez-González, S., De Paz Santana, J.F., Rodríguez, J.M.C. (eds) Distributed Computing and Artificial Intelligence. Advances in Intelligent and Soft Computing, vol 79. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14883-5_65
Download citation
DOI: https://doi.org/10.1007/978-3-642-14883-5_65
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14882-8
Online ISBN: 978-3-642-14883-5
eBook Packages: EngineeringEngineering (R0)