Abstract
The detection of intrusions over computer networks can be cast to the task of detecting anomalous patterns of network tra_c. In this case, patterns of normal traffic have to be determined and compared against the current network traffic. Data mining systems based on Genetic Algorithms can contribute powerful search techniques for the acquisition of patterns of the network traffic from the large amount of data made available by audit tools.
In this paper we compare models of data traffic acquired by a system based on a distributed genetic algorithm with the ones acquired by a systembased on greedy heuristics. Also we discuss representation change of the network data and its impact over the performances of the traffic models.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Cohen, W. (1995). Fast effective rule induction. In Proceedings of International Machine Learning Conference 1995, Lake Tahoe, CA. Morgan Kaufmann.
Denning, D. (1987). An intrusion detection model. IEEE Transaction on Software Engineering, SE-13(2):222–232.
Ghosh, A., Schwartzbard, A., and Schatz, M. (1999). Learning program behavior profiles for intrusion detection. In USENIX Workshop on Intrusion Detection and Network Monitoring. USENIX Association.
Giordana, A. and Neri, F. (1995). Search-intensive concept induction. Evolutionary Computation, 3(4):375–416.
Goldberg, D. (1989). Genetic Algorithms in Search, Optimization, and Machine Learning. Addison-Wesley, Reading, Ma.
Kumar, S. and Spafford, E. (1994). A pattern matching model for misuse detection. In National Computer Security Conference, pages 11–21, Baltimore.
Lane, T. and Brodley, C. (1997). An application of machine learning to anomaly detection. In National Information Systems Security Conference, Baltimore.
Lane, T. and Brodley, C. (1998). Approaches to online learning and conceptual drift for user identification in computer security. Technical report, ECE and the COAST Laboratory, Purdue University, Coast TR 98-12.
Lee, W., Stolfo, S., and Mok, K. (1999). Mining in a data-flow environment: experience in network intrusion detection. In Knowledge Discovery and Data Mining KDD’99, pages 114–124. ACM Press.
Lippmann, R., Cunningham, R., Fried, D., Graf, I., Kendall, K., Webster, S., and Zissmann, M. (1999). Results of the DARPA 1998 offline intrusion detection evaluation. In Recent Advances in Intrusion Detection 99, RAID’99, W. Lafayette, IN. Purdue University.
Michalski, R. (1983). A theory and methodology of inductive learning. In Michalski, R., Carbonell, J., and Mitchell, T., editors, Machine Learning, an Artificial Intelligence Approach, volume I, pages 83–134. Morgan Kaufmann, Los Altos, CA.
Neri, F. and Saitta, L. (1996). Exploring the power of genetic search in learning symbolic classifiers. IEEE Trans. on Pattern Analysis and Machine Intelligence, PAMI-18:1135–1142.
Quinlan, J. R. (1993). C4.5: Programs for Machine Learning. Morgan Kaufmann, California.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Neri, F. (2000). Evolutive Modeling of TCP/IP Network Traffic for Intrusion Detection. In: Cagnoni, S. (eds) Real-World Applications of Evolutionary Computing. EvoWorkshops 2000. Lecture Notes in Computer Science, vol 1803. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45561-2_21
Download citation
DOI: https://doi.org/10.1007/3-540-45561-2_21
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67353-8
Online ISBN: 978-3-540-45561-5
eBook Packages: Springer Book Archive