An artificial immune system-inspired multiobjective evolutionary algorithm with application to the detection of distributed computer network intrusions

  • Authors:

  • Charles R. Haag;Gary B. Lamont;Paul D. Williams;Gilbert L. Peterson

  • Affiliations:

  • Air Force Institute of Technology (AFIT), Dayton, OH;Air Force Institute of Technology (AFIT), Dayton, OH;Air Force Institute of Technology (AFIT), Dayton, OH;Air Force Institute of Technology (AFIT), Dayton, OH

  • Venue:
  • Proceedings of the 9th annual conference companion on Genetic and evolutionary computation
  • Year:
  • 2007

Quantified Score

Hi-index 0.00

Visualization

Abstract

Today's signature-based intrusion detection systems are reactive in nature and storage-limited. Their operation depends upon catching an instance of an intrusion or virus and encoding it into a signature that is stored in its anomaly database, providing a window of vulnerability to computer systems during this time. Further, the maximum size of an Internet Protocol-based message requires the database to be huge in order to maintain possible signature combinations. In order to tighten this response cycle within storage constraints, this paper presents an innovative Artificial Immune System-inspired Multiobjective Evolutionary Algorithm. This distributed intrusion detection system (IDS) is intended to measure the vector of tradeoff solutions among detectors with regard to two independent objectives: best classification fitness and optimal hypervolume size. Our antibody detectors promiscuously monitor network traffic for exact and variant abnormal system events based on only the detector's own data structure and the application domain truth set, responding heuristically. Applied to the MIT-DARPA 1999 insider intrusion detection data set, our software engineered algorithm correctly classifies normal and abnormal events at a high level which is directly attributed to a detector affinity threshold.