Article

Decision tree based learning and genetic based learning to detect network intrusions

Author:

Filippo NeriAuthors Info & Claims

SMO'05: Proceedings of the 5th WSEAS international conference on Simulation, modelling and optimization

Pages 256 - 261

Published: 17 August 2005 Publication History

Abstract

The detection of intrusions over computer networks (i.e., network access by non-authorized users) can be cast to the task of detecting anomalous patterns of network traffic. In this case, models of normal traffic have to be determined and compared against the current network traffic. Data mining systems based on Genetic Algorithms can contribute powerful search techniques for the acquisition of patterns of the network traffic from the large amount of data made available by audit tools.

We compare models of network traffic acquired by a system based on a distributed genetic algorithm with the ones acquired by a system based on greedy heuristics.

References

[1]

W. Cohen. Fast effective rule induction. In Proceedings of International Machine Learning Conference 1995, Lake Tahoe, CA, 1995. Morgan Kaufmann.

[2]

D. Denning. An intrusion detection model. IEEE Transaction on Software Engineering, SE-13(2):222-232, 1987.

Digital Library

[3]

S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. A sense of self for unix processes. In Proceedings of 1996 IEEE Symposium on Computer Security and Privacy, 1996.

Digital Library

[4]

A. Ghosh, A. Schwartzbard, and M. Schatz. Learning program behavior profiles for intrusion detection. In USENIX Workshop on Intrusion Detection and Network Monitoring. USENIX Association, 1999.

Digital Library

[5]

A. Giordana and F. Neri. Search-intensive concept induction. Evolutionary Computation, 3 (4):375-416, 1995.

Digital Library

[6]

D. Goldberg. Genetic Algorithms in Search, Optimization, and Machine Learning. Addison-Wesley, Reading, Ma, 1989.

Digital Library

[7]

S. Kumar and E. Spafford. A pattern matching model for misuse detection. In National Computer Security Conference, pages 11-21, Baltimore, 1994.

[8]

T. Lane and C. Brodley. An application of machine learning to anomaly detection. In National Information Systems Security Conference, Baltimore, 1997.

[9]

T. Lane and C. Brodley. Approaches to online learning and conceptual drift for user identification in computer security. Technical report, ECE and the COAST Laboratory, Purdue University, Coast TR 98-12, 1998.

[10]

W. Lee, S. Stolfo, and K. Mok. Mining in a data-flow environment: experience in network intrusion detection. In Knowledge Discovery and Data Mining KDD'99, pages 114-124. ACM Press, 1999.

Digital Library

[11]

R. Lippmann, R. Cunningham, D. Fried, I. Graf, K. Kendall, S. Webster, and M. Zissmann. Results of the DARPA 1998 offline intrusion detection evaluation. In Recent Advances in Intrusion Detection 99, RAID'99, W. Lafayette, IN, 1999. Purdue University.

[12]

R. Michalski. A theory and methodology of inductive learning. In R. Michalski, J. Carbonell, and T. Mitchell, editors, Machine Learning, an Artificial Intelligence Approach, volume I, pages 83-134. Morgan Kaufmann, Los Altos, CA, 1983.

[13]

F. Neri and L. Saitta. Exploring the power of genetic search in learning symbolic classifiers. IEEE Trans. on Pattern Analysis and Machine Intelligence, PAMI- 18:1135-1142, 1996.

Digital Library

[14]

M. A. Potter, K. A. D. Jong, and J. J. Grefenstette. A coevolutionary approach to learning sequential decision rules. In Sixth International Conference on Genetic Algorithms, pages 366-372, Pittsburgh, PA, 1995. Morgan Kaufmann.

Digital Library

[15]

J. R. Quinlan. C4.5: Programs for Machine Learning. Morgan Kaufmann, California, 1993.

Digital Library

Decision tree based learning and genetic based learning to detect network intrusions
1. Computing methodologies
  1. Artificial intelligence
    1. Search methodologies

Recommendations

A learning system for discriminating variants of malicious network traffic
CSIIRW '13: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop

Modern computer network defense systems rely primarily on signature-based intrusion detection tools, which generate alerts when patterns that are pre-determined to be malicious are encountered in network data streams. Signatures are created reactively, ...
Using artificial anomalies to detect unknown and known network intrusions

Intrusion detection systems (IDSs) must be capable of detecting new and unknown attacks, or anomalies. We study the problem of building detection models for both pure anomaly detection and combined misuse and anomaly detection (i.e., detection of both ...
An effective genetic algorithm-based feature selection method for intrusion detection systems
Abstract
Availability of suitable and validated data is a key issue in multiple domains for implementing machine learning methods. Higher data dimensionality has adverse effects on the learning algorithm's performance. This work aims to design a method ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

SMO'05: Proceedings of the 5th WSEAS international conference on Simulation, modelling and optimization

August 2005

689 pages

ISBN:9608457327

Editor:
Kostas Passadis
World Scientific and Engineering Academy and Society, Greece

Sponsors

MUNICIPALITY CORFU: Municipality of Corfu

Publisher

World Scientific and Engineering Academy and Society (WSEAS)

Stevens Point, Wisconsin, United States

Publication History

Published: 17 August 2005

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

View Options

View options

Media

Figures

Other

Tables

View Table of Contents