Title

Evolving statistical rulesets for network intrusion detection

Document Type

Journal Article

Publisher

Elsevier

Faculty

Health, Engineering and Science

School

School of Computer and Security Science

RAS ID

21606

Comments

This article was originally published as : Rastegari, S., Hingston, P., & Lam, C. P. (2015). Evolving statistical rulesets for network intrusion detection. Applied Soft Computing, 33, 348-359. Original article available here

Abstract

Security threats against computer networks and the Internet have emerged as a major and increasing area of concern for end-users trying to protect their valuable information and resources from intrusive attacks. Due to the amount of data to be analysed and the similarities between attack and normal traffic patterns, intrusion detection is considered a complex real world problem. In this paper, we propose a solution that uses a genetic algorithm to evolve a set of simple, interval-based rules based on statistical, continuous-valued input data. Several innovations in the genetic algorithm work to keep the ruleset small. We first tune the proposed system using a synthetic data. We then evaluate our system against more complex synthetic data with characteristics associated with network intrusions, the NSL-KDD benchmark dataset, and another dataset constructed based on MIT Lincoln Laboratory normal traffic and the low-rate DDoS attack scenario from CAIDA. This new approach provides a very compact set of simple, human-readable rules with strongly competitive detection performance in comparison to other machine learning techniques.

DOI

10.1016/j.asoc.2015.04.041

Share

 
COinS