NetSTAT: a network-based intrusion detection system
Journal of Computer Security
ACM Transactions on Information and System Security (TISSEC)
Genetic Algorithms in Search, Optimization and Machine Learning
Genetic Algorithms in Search, Optimization and Machine Learning
IWLCS '01 Revised Papers from the 4th International Workshop on Advances in Learning Classifier Systems
Rule-based evolutionary online learning systems: learning bounds, classification, and prediction
Rule-based evolutionary online learning systems: learning bounds, classification, and prediction
Expert Systems with Applications: An International Journal
Detecting attack signatures in the real network traffic with ANNIDA
Expert Systems with Applications: An International Journal
Intrusion detection with evolutionary learning classifier systems
Natural Computing: an international journal
Approach based ensemble methods for better and faster intrusion detection
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Hi-index | 12.05 |
Rule-based intrusion detection systems generally rely on hand crafted signatures developed by domain experts. This could lead to a delay in updating the signature bases and potentially compromising the security of protected systems. In this paper, we present a biologically-inspired computational approach to dynamically and adaptively learn signatures for network intrusion detection using a supervised learning classifier system. The classifier is an online and incremental parallel production rule-based system. A signature extraction system is developed that adaptively extracts signatures to the knowledge base as they are discovered by the classifier. The signature extraction algorithm is augmented by introducing new generalisation operators that minimise overlap and conflict between signatures. Mechanisms are provided to adapt main algorithm parameters to deal with online noisy and imbalanced class data. Our approach is hybrid in that signatures for both intrusive and normal behaviours are learnt. The performance of the developed systems is evaluated with a publicly available intrusion detection dataset and results are presented that show the effectiveness of the proposed system.