Mining TCP/IP Traffic for Network Intrusion Detection by Using a Distributed Genetic Algorithm

Authors:
Filippo Neri
Affiliations:
-
Venue:
ECML '00 Proceedings of the 11th European Conference on Machine Learning
Year:
2000

Citing 10
Cited 0

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
C4.5: programs for machine learning

C4.5: programs for machine learning
Exploring the Power of Genetic Search in Learning Symbolic Classifiers

IEEE Transactions on Pattern Analysis and Machine Intelligence
Mining in a data-flow environment: experience in network intrusion detection

KDD '99 Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining
Genetic Algorithms in Search, Optimization and Machine Learning

Genetic Algorithms in Search, Optimization and Machine Learning
A Coevolutionary Approach to Learning Sequential Decision Rules

Proceedings of the 6th International Conference on Genetic Algorithms
Learning Program Behavior Profiles for Intrusion Detection

Proceedings of the Workshop on Intrusion Detection and Network Monitoring
A Sense of Self for Unix Processes

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Intrusion detection using sequences of system calls

Journal of Computer Security
Search-intensive concept induction

Evolutionary Computation

Quantified Score

Hi-index	0.01

Visualization

Abstract

The detection of intrusions over computer networks (i.e., network access by non-authorized users) can be cast to the task of detecting anomalous patterns of network traffic. In this case, models of normal traffic have to be determined and compared against the current network traffic. Data mining systems based on Genetic Algorithms can contribute powerful search techniques for the acquisition of patterns of the network traffic from the large amount of data made available by audit tools. We compare models of network traffic acquired by a system based on a distributed genetic algorithm with the ones acquired by a system based on greedy heuristics. Also we discuss representation change of the network data and its impact over the performances of the traffic models. Network data made available from the Information Exploration Shootout project and the 1998 DARPA Intrusion Detection Evaluation have been chosen as experimental testbed.