Skip to main content
SpringerLink
Log in

A Pareto-based multi-objective evolutionary algorithm for automatic rule generation in network intrusion detection systems

  • Focus
  • Published:
Soft Computing Aims and scope Submit manuscript

Abstract

Attacks against computer systems are becoming more complex, making it necessary to continually improve the security systems, such as intrusion detection systems which provide security for computer systems by distinguishing between hostile and non-hostile activity. Intrusion detection systems are usually classified into two main categories according to whether they are based on misuse (signature-based) detection or on anomaly detection. With the aim of minimizing the number of wrong decisions, a new Pareto-based multi-objective evolutionary algorithm is used to optimize the automatic rule generation of a signature-based intrusion detection system (IDS). This optimizer, included within a network IDS, has been evaluated using a benchmark dataset and real traffic of a Spanish university. The results obtained in this real application show the advantages of using this multi-objective approach.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  • Anchor KP, Zydallis JB, Gunsch GH, Lamont GB (2002) Extending the computer defense immune system: network intrusion detection with a multiobjective evolutionary programming approach. In: Proceedings of the First International Conference on artificial immune systems, pp 12–21

  • Aydin MA, Zaim AH, Ceylan KG (2009) A hybrid intrusion detection system design for computer network security. Comput Electr Eng 35(3):517–526

    Article  MATH  Google Scholar 

  • Bace R, Mell P (2001) Special publication on intrusion detection systems. Technical Report SP 800-31, National Institute of Standards and Technology, Gaithersburg

  • Barbara D, Wu N, Jajodia S (2001) Detecting novel network intrusions using Bayes estimators. In: Proceedings of first SIAM Conference on data mining, Chicago, pp 24–29

  • Beale J (2004) Snort 2.1 intrusion detection, 2nd edn. Syngress, USA

  • Coello CA, Van Veldhuizen DA, Lamont GB (2002) Evolutionary algorithms for solving multi-objective problems. Kluwer Academic, New York

    MATH  Google Scholar 

  • De Jong KA (2006) Evolutionary computation: a unified approach. MIT Press, Cambridge

    MATH  Google Scholar 

  • Denning DE (1987) An intrusion-detection model. IEEE Trans Softw Eng 13(2):222–232

    Article  Google Scholar 

  • Díaz-Verdejo JE, García-Teodoro P, Muñoz P, Maciá-Fernández G, De Toro F (2007) A Snort-based approach for the development and deployment of hybrid IDS. IEEE Lat Am Trans 5(6):386–392

    Article  Google Scholar 

  • Edge KS, Lamont GB, Raines RA (2006) Multi-objective mobile network anomaly intrusion. Int J Comput Sci Netw Secur 6(3B):187–192

    Google Scholar 

  • Goldberg D (1989) Genetic algorithms in search, optimization and machine learning. Addison Wesley, New York

    MATH  Google Scholar 

  • Gómez J, Gil C, Padilla N, Baños R, Giménez C (2009) Design of a Snort-based hybrid intrusion detection system. In: Proceedings of distributed computing, artificial intelligence, bioinformatics, soft computing, and ambient assisted living. Lecture Notes in computer science, vol 5518. Springer, pp 515–522

  • Gómez J, Gil C, Baños R, Márquez AL, Montoya FG, Montoya MG (2011) A multi-objective evolutionary algorithm for network intrusion detection systems. In: Proceedings of the International Work-Conference on artificial neural networks. Lecture Notes in computer science, vol 6691. Springer, pp 73–80

  • Haag CR, Lamont GB, Williams PD, Peterson GL (2007) An artificial immune system-inspired multiobjective evolutionary algorithm with application to the detection of distributed computer network intrusions. In: Proceedings of the genetic and evolutionary computation conference, pp 2717–2724

  • Hajela P, Y-Lin C (1992) Genetic search strategies in multi-criterion optimal design. Struct Optim 4:99–107

    Article  Google Scholar 

  • Heady R, Luger G, Maccabe A, Servilla M (1990) The architecture of a network level network intrusion detection system. Technical report CS90-20, Department of Computer Science, University of New Mexico, Mexico

  • Heberlein LT (1995) Network security monitor (NSM)—final report. Lawrence Livermore National Laboratory, Davis

    Google Scholar 

  • Hwang K, Cai M, Chen Y, Qin M (2007) Hybrid intrusion detection with weighted signature generation over anomalous internet episodes. IEEE Trans Depend Secur Comput 4(1):41–55

    Article  Google Scholar 

  • Lawrence Livermore National Laboratory (1998) Network intrusion detector (NID) overview. Computer Security Technology Center

  • Lippmann R, Haines JW, Fried DJ, Korba J, Das K (2000) The 1999 DARPA off-line intrusion detection evaluation. Comput Netw 34(4):579–595

    Article  Google Scholar 

  • Ohta S, Kurebayashi R, Kobayashi K (2008) Minimizing false positives of a decision tree classifier for intrusion detection on the Internet. J Netw Syst Manag 16(4):399–419

    Article  Google Scholar 

  • Onashoga SA, Akinde AD, Sodiya AS (2009) A strategic review of existing mobile agent-based intrusion detection systems. Issues Inf Sci Inf Technol 6:669–682

    Google Scholar 

  • Pathak LD, Soh B (2006) Incorporating data mining tools into a new hybrid-IDS to detect known and unknown attacks. In: Proceedings of ubiquitous intelligence and computing. Lecture Notes in computer science, vol 4159. Springer, pp 826–834

  • Ptacek TH, Newsham TN (1998) Insertion, evasion, and denial of service: eluding network intrusion detection. Secure Networks, Inc., Japan

  • Ramasubramanian P, Kannan A (2006) A genetic-algorithm based neural network short-term forecasting framework for database intrusion prediction system. Soft Comput 10(8):699–714

    Article  Google Scholar 

  • Sree PK, Babu IR, Murty JVR, Ramachandran R, Devi NSSSNU (2008) Power-aware hybrid intrusion detection system (PHIDS) using cellular automata in wireless ad hoc networks. WSEAS Trans Comput 11(7):1848–1874

    Google Scholar 

  • Tian W, Liu J (2010) Network intrusion detection analysis with neural network and particle swarm optimization algorithm. In: Proceedings of control and decision conference, pp 1749–1752

  • Wuu LC, Hung CH, Chen SF (2007) Building intrusion pattern miner for Snort network intrusion detection system. J Syst Softw 80(10):1699–1715

    Article  Google Scholar 

  • Ye N, Emran SM, Li X, Chen Q (2001) Statistical process control for computer intrusion detection. In: Proceedings of DARPA information survivability conference and exposition II, pp 3–14

  • Zitzler E, Thiele L (1999) Multiobjective evolutionary algorithms: a comparative case study and the strength Pareto approach. IEEE Trans Evol Comput 3(4):257–271

    Article  Google Scholar 

Download references

Acknowledgments

This work has been financed by the Excellence Project of Junta de Andalucía (P07-TIC02988), financed by the European Regional Development Fund (ERDF).

Author information

Authors and Affiliations

  1. Department of Languages and Computation, University of Almería, Carretera Sacramento s/n, Cañada San Urbano, 04120, Almería, Spain

    J. Gómez

  2. Department of Computer Architecture and Electronics, University of Almería, Carretera Sacramento s/n, Cañada San Urbano, 04120, Almería, Spain

    C. Gil, A. L. Márquez & M. G. Montoya

  3. Department of Computer Architecture and Technology, University of Granada, Periodista Daniel Saucedo Aranda, s/n, 18071, Granada, Spain

    R. Baños

  4. Department of Rural Engineering, University of Almería, Carretera de Sacramento s/n, Cañada San Urbano, 04120, Almería, Spain

    F. G. Montoya

Authors
  1. J. Gómez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. C. Gil
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. R. Baños
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. A. L. Márquez
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. F. G. Montoya
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. M. G. Montoya
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to J. Gómez.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Gómez, J., Gil, C., Baños, R. et al. A Pareto-based multi-objective evolutionary algorithm for automatic rule generation in network intrusion detection systems. Soft Comput 17, 255–263 (2013). https://doi.org/10.1007/s00500-012-0890-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00500-012-0890-9

Keywords

Search

Navigation