Detecting New Forms of Network Intrusion Using Genetic Programming

Lu, Wei; Traoré, Issa

doi:10.1111/j.0824-7935.2004.00247.x

Cited by 104 publications

(57 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…We plot our experiment results in Figure 3, where each point corresponds to a placement's properties in the objective space 3 The results validate our multiobjective optimisation approach and demonstrate that functional trade-offs are indeed possible for sensor placement problem. Figure 3 shows the trend that the more sensors we use, the more attacks we will be able to detect (higher detection rates), whilst the more false alarms (higher false alarm rate) we will have to dismiss.…”

Section: Experiments Resultssupporting

confidence: 55%

“…These experiments serve as proof of concept and to demonstrate the validity and potential of the proposed approach. Researchers have used Genetic Programming (GP) and Grammatical Evolution to determine IDS detection rules [3], but our experiments reported here report the first use of heuristic optimisation techniques to evolve optimal IDS sensor placements.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Multi-objective Optimisation Approach to IDS Sensor Placement

Chen

Clark

Tapiador

et al. 2009

Advances in Intelligent and Soft Computing

View full text Add to dashboard Cite

show abstract

Section: Experiments Resultssupporting

confidence: 55%

Section: Introductionmentioning

confidence: 99%

A Multi-objective Optimisation Approach to IDS Sensor Placement

Chen

Clark

Tapiador

et al. 2009

Advances in Intelligent and Soft Computing

View full text Add to dashboard Cite

show abstract

“…Lu and Traore [26] used GP to evolve new rules from initially created rules that cover already-known attacks. New rules are generated by four operators including: Mutation, reproduction, crossover and a dropping condition operator.…”

Section: Gp and Network Intrusionmentioning

confidence: 99%

Genetic Programming Feature Extraction with Different Robust Classifiers for Network Intrusion Detection

Badran¹,

Rohim²

2017

IJCA

View full text Add to dashboard Cite

In this paper, we compare the performance of three traditional robust classifiers (Neural Networks, Support Vector Machines, and Decision Trees) with and without utilizing multi-objective genetic programming in the feature extraction phase. This work argues that effective feature extraction can significantly enhance the performance of these classifiers. We have applied these three classifiers stand alone to real world five datasets from the UCI machine learning database and also to network intrusion "KDD-99 cup" dataset. Then, the experiments were repeated by adding the feature extraction phase. The results of the two approaches are compared and conclude that the effective method is to evolve optimal feature extractors that transform input pattern space into a decision space in which the performance of traditional robust classifiers can be enhanced.

show abstract

“…ID has been approached from several different points of view up to now; many different intelligent and Soft Computing techniques (such as Genetic Programming [2,3], Data Mining [4][5][6][7][8][9][10], Expert Systems [11,12], Fuzzy Logic [13,14], or Neural Networks [15][16][17][18][19][20] among others) together with statistical [21] and signature verification [22] techniques have been applied mainly to perform a 2-class classification (normal/anomalous or intrusive/non-intrusive). Most of these systems can generate different alarms when an anomalous situation is detected, but they can not provide a general overview of what is happening inside a computer network.…”

Section: Previous Workmentioning

confidence: 99%

Neural visualization of network traffic data for intrusion detection

Corchado

Herrero

2011

Applied Soft Computing

149

View full text Add to dashboard Cite

-This study introduces and describes a novel Intrusion Detection System (IDS) called MOVCIDS (MObile Visualization Connectionist IDS). This system applies neural projection architectures to detect anomalous situations taking place in a computer network. By its advanced visualization facilities, the proposed IDS allows providing an overview of the network traffic as well as identifying anomalous situations tackled by computer networks, responding to the challenges presented by volume, dynamics and diversity of the traffic, including novel (0-day) attacks. MOVCIDS provides a novel point of view in the field of IDSs by enabling the most interesting projections (based on the fourth order statistics; the kurtosis index) of a massive traffic dataset to be extracted. These projections are then depicted through a functional and mobile visualization interface, providing visual information of the internal structure of the traffic data. The interface makes MOVCIDS accessible from any mobile device to give more accessibility to network administrators, enabling continuous visualization, monitoring and supervision of computer networks. Additionally, a novel testing technique has been developed to evaluate MOVCIDS and other IDSs employing numerical datasets. To show the performance and validate the proposed IDS, it has been tested in different real domains containing several attacks and anomalous situations. In addition, the importance of the temporal dimension on intrusion detection, and the ability of this IDS to process it, are emphasized in this work.

show abstract

Detecting New Forms of Network Intrusion Using Genetic Programming

Cited by 104 publications

References 6 publications

A Multi-objective Optimisation Approach to IDS Sensor Placement

A Multi-objective Optimisation Approach to IDS Sensor Placement

Genetic Programming Feature Extraction with Different Robust Classifiers for Network Intrusion Detection

Neural visualization of network traffic data for intrusion detection

Contact Info

Product

Resources

About