Evolving statistical rulesets for network intrusion detection

Authors

Samaneh Rastegari, Edith Cowan UniversityFollow
Philip F. Hingston, Edith Cowan UniversityFollow
Chiou Peng Lam, Edith Cowan UniversityFollow

Document Type

Journal Article

Publisher

Elsevier

Faculty

Faculty of Health, Engineering and Science

School

School of Computer and Security Science

RAS ID

21606

Comments

Rastegari, S., Hingston, P., & Lam, C. P. (2015). Evolving statistical rulesets for network intrusion detection. Applied Soft Computing, 33, 348-359. Available here

Abstract

Security threats against computer networks and the Internet have emerged as a major and increasing area of concern for end-users trying to protect their valuable information and resources from intrusive attacks. Due to the amount of data to be analysed and the similarities between attack and normal traffic patterns, intrusion detection is considered a complex real world problem. In this paper, we propose a solution that uses a genetic algorithm to evolve a set of simple, interval-based rules based on statistical, continuous-valued input data. Several innovations in the genetic algorithm work to keep the ruleset small. We first tune the proposed system using a synthetic data. We then evaluate our system against more complex synthetic data with characteristics associated with network intrusions, the NSL-KDD benchmark dataset, and another dataset constructed based on MIT Lincoln Laboratory normal traffic and the low-rate DDoS attack scenario from CAIDA. This new approach provides a very compact set of simple, human-readable rules with strongly competitive detection performance in comparison to other machine learning techniques.

DOI

10.1016/j.asoc.2015.04.041

Related Publications

Rastegari, S. (2015). Intelligent network intrusion detection using an evolutionary computation approach. Retrieved from http://ro.ecu.edu.au/theses/1760

Access Rights

subscription content