Combining genetic-based misuse and anomaly detection for reliably detecting intrusions in computer networks

Authors:
I. Finizio;C. Mazzariello;C. Sansone
Affiliations:
Dipartimento di Informatica e Sistemistica, Università degli Studi di Napoli “Federico II”, Napoli, Italy;Dipartimento di Informatica e Sistemistica, Università degli Studi di Napoli “Federico II”, Napoli, Italy;Dipartimento di Informatica e Sistemistica, Università degli Studi di Napoli “Federico II”, Napoli, Italy
Venue:
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
Year:
2005

Citing 9
Cited 1

Temporal sequence learning and data reduction for anomaly detection

ACM Transactions on Information and System Security (TISSEC)
NetSTAT: a network-based intrusion detection system

Journal of Computer Security
The base-rate fallacy and the difficulty of intrusion detection

ACM Transactions on Information and System Security (TISSEC)
A framework for constructing features and models for intrusion detection systems

ACM Transactions on Information and System Security (TISSEC)
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)
Fusion of multiple classifiers for intrusion detection in computer networks

Pattern Recognition Letters
A study in using neural networks for anomaly and misuse detection

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A modular multiple classifier system for the detection of intrusions in computer networks

MCS'03 Proceedings of the 4th international conference on Multiple classifier systems
Training a neural-network based intrusion detector to recognize novel attacks

IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans

Automatically building datasets of labeled IP traffic traces: A self-training approach

Applied Soft Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

When addressing the problem of detecting malicious activities within network traffic, one of the main concerns is the reliability of the packet classification. Furthermore, a system able to detect the so-called zero-day attacks is desirable. Pattern recognition techniques have proven their generalization ability in detecting intrusions, and systems based on multiple classifiers can enforce the detection reliability by combining and correlating the results obtained by different classifiers. In this paper we present a system exploiting genetic algorithms for deploying both a misuse-based and an anomaly-based classifier. Hence, by suitably combining the results obtained by means of such techniques, we aim at attaining a highly reliable classification system, still with a significant degree of new attack prediction ability. In order to improve classification reliability, we introduce the concept of rejection: instead of emitting an unreliable verdict, an ambiguous packet can be logged for further analysis. Tests of the proposed system on a standard database for benchmarking intrusion detection systems are also reported.