Advertisement

An Intelligent Decision Support System for Intrusion Detection and Response

  • Dipankar Dasgupta
  • Fabio A. Gonzalez
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2052)

Abstract

The paper describes the design of a genetic classifier-based intrusion detection system, which can provide active detection and automated responses during intrusions. It is designed to be a sense and response system that can monitor various activities on the network (i.e. looks for changes such as malfunctions, faults, abnormalities, misuse, deviations, intrusions, etc.). In particular, it simultaneously monitors networked computer’s activities at different levels (such as user level, system level, process level and packet level) and use a genetic classifier system in order to determine a specific action in case of any security violation. The objective is to find correlation among the deviated values (from normal) of monitored parameters to determine the type of intrusion and to generate an action accordingly. We performed some experiments to evolve set of decision rules based on the significance of monitored parameters in Unix environment, and tested for validation.

Keywords

Genetic Algorithm Intrusion Detection Classifier System Intrusion Detection System Monitor Parameter 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Crosbie, M., Spafford, G.: Applying Genetic Programming to Intrusion Detection. COAST Laboratory, Purdue University, (1997) (also published in the proceeding of the Genetic Programming Conference)Google Scholar
  2. 2.
    Dasgupta, D.: Immunity-Based Intrusion Detection System: A General Framework. In the proceedings of the National Information Systems Security Conference, (October, 1999)Google Scholar
  3. 3.
    Frank, J.: Artificial Intelligence and Intrusion Detection: Current and future directions. In Proceedings of the 17th National Computer Security Conference, (October, 1994)Google Scholar
  4. 4.
    Balasubramaniyan, J., Fernandez, J.O.G., Isacoff, D., Spafford, E., Zamboni, D.: An Architecture for Intrusion Detection using Autonomous Agents, COAST Technical report 98/5, Purdue University, (1998)Google Scholar
  5. 5.
    Crosbie, M., Spafford, E.: Defending a computer system using autonomous agents. In Proceedings of the 18th National Information Systems Security Conference, (October, 1995)Google Scholar
  6. 6.
    Me, L., GASSATA,: A Genetic Algorithm as an Alternative Tool for Security Audit Trail Analysis. in Proceedings of the First International Workshop on the Recent Advances in Intrusion Detection, Louvain-la-Neuve, Belgium, (September, 1998) 14–16Google Scholar
  7. 7.
    Zhang, Z., Franklin, S., Dasgupta D.: Metacognition in Software Agents using Classifier Systems. In the proceedings of the National Conference on Artificial Intelligence (AAAI), Madison, (July, 1998) 14–16Google Scholar
  8. 8.
    Boer, B.: Classifier Systems, A useful approach to machine learning? Masters thesis, Leiden University, (August 31, 1994)Google Scholar
  9. 9.
    Mukherjee, B., Heberline, L.T., Levit, K.: Network Intrusion Detection. IEEE Network (1994)Google Scholar
  10. 10.
    Axelsson, S., Lindqvist, U., Gustafson, U., Jonsson, E.: An Approach to UNIX security Logging, Technical Report IEEE Network (1996)Google Scholar
  11. 11.
    Lunt, T.F.: Real-Time Intrusion Detection. Technical Report Computer Science Journal (1990)Google Scholar
  12. 12.
    Debar, H., Dacier, M., Wepspi, A.: A Revised Taxonomy for Intrusion Detection Systems. Technical Report Computer Science/Mathematics (1999)Google Scholar
  13. 13.
    Goldberg, D.E.: Genetic Algorithms in Search, Optimization & Machine Learning. Addison-Wesley, Reading, Mass. (1989)zbMATHGoogle Scholar
  14. 14.
    Back, T., Fogel, D.B., Michalewicz, Z.: Handbook of Evolutionary computation. Institute of Physics Publishing and Oxford university press (1997)Google Scholar
  15. 15.
    Dasgupta, D., Michalewicz, Z. (eds): Evolutionary Algorithms in Engineering and Applications. Springer-Verlag (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Dipankar Dasgupta
    • 1
  • Fabio A. Gonzalez
    • 1
  1. 1.Intelligent Security Systems Research Lab Division of Computer ScienceThe University of MemphisMemphisUSA

Personalised recommendations