Abstract
Information systems and computer networks are essential in nowadays modern society, and computer systems security is crucial as data to store and process becomes more and more important. In this paper, intrusion detection from audit security records is of our interest. As the volume of data generated by the auditing mechanisms of current systems is very large, it is therefore crucial to provide security officers with methods and tools to extract useful information. In this context, we aim at determine predefined attack scenarios in the audit trails. The problem is NP-Complete. Metaheuristics offer an alternative to solve this type of problems. We propose to use the Biogeography Based Optimization (BBO), a new metaheuristic well suited for constrained optimization problems. Experiments and performance measures were performed and a comparison with a Genetic Algorithm based method is made. BBO has proven effective and capable of producing a reliable method for intrusion detection.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Amoroso, E.: Intrusion Detection. In: Intrusion.net Books (1999)
Mé, L., Alanou, V.: Détection d’Intrusion dans un Système Informatique: Méthodes et Outils. TSI 4, 429–450 (1996)
Allen, J., Christie, A., Fithen, W., McHugh, J., Pickel, J., Stoner, E.: State of the Practice of Intrusion Detection Technologies. Technical Report CMU/SEI99 - TR-028. ESC-99-028, Carnegie Mellon, Software Engineering Institute, Pittsburgh Pennsylvania (1999)
Axelsson, S.: Intrusion Detection Systems: A Survey and Taxonomy. Technical Report No 99-15, Dept. of Computer Engineering, Chalmers University of Technology, Sweden (2000)
Evangelista, T.: Les IDS: Les Systèmes de Détection d’Intrusion Informatique. Edition DUNOD (2004)
Lunt, T.: Detecting Intruders in Computer Systems. In: Proceedings of the Sixth Annual Symposium and Technical Displays on Physical and Electronic Security (1990)
Majorczyk, F.: Détection d’Intrusions Comportementale par Diversification de COTS: Application au Cas des Serveurs Web. Thèse de Doctorat de l’Université de Rennes 1-N° d’ordre 3827 (2008)
Tombini, E.: Amélioration du Diagnostic en Détection d’Intrusions: Etude et Application d’une Combinaison de Méthodes Comportementale et par Scénarios. Thèse de Doctorat de l’Institut National des Sciences Appliquées de Rennes (2006)
Cannady, J.: Artificial Neural Networks for Misuse Detection. In: National Information Systems Security Conference, pp. 368–381 (1998)
Debar, H., Dorizzi, B.: An Application of a Recurrent Network to an Intrusion Detection System. In: Proceedings of the International Joint Conference on Neural Networks, pp. 78–83 (1992)
Debar, H., Becke, B., Siboni, D.: A Neural Network Component for an Intrusion Detection System. In: Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 240–250 (1992)
Mukkamala, S., Sung, A.: Feature Selection for Intrusion Detection Using Neural Networks and Support Vector Machines. Journal of the Transport Research Board National Academy, Transport Research Record (1822), 33–39 (2003)
Riedmiller, M., Braun, H.: A Direct Adaptive Method for Faster Back Propagation Learning: the RPROP algorithm. In: Proceedings of the IEEE International Conference on Neural Networks, San Francisco (1993)
Dasgupta, D., González, F.: An Immunity-Based Technique to Characterize Intrusions in Computer Networks. IEEE Transactions on Evolutionary Computation 6(3) (2002)
Harmer, H., Williams, P., Gunsch, G., Lamont, G.: An Artificial Immune System Architecture for Computer Security Applications. IEEE Transactions on Evolutionary Computation 6(3) (2002)
Yang, X.R., Shen, J.Y., Wang, R.: Artificial Immune Theory Based Network Intrusion Detection System and the Algorithms Design. In: Proceedings of 2002 International Conference on Machine Learning and Cybernetics, Beijing, pp. 73–77 (2002)
Saniee Abadeh, M., Habibi, J., Lucas, C.: Intrusion Detection Using a Fuzzy Genetics-Based Learning Algorithm. Journal of Network and Computer Applications, 414–428 (2007)
Ozyer, T., Alhajj, R., Barker, K.: Intrusion Detection by Integrating Boosting Genetic Fuzzy Classifier and Data Mining Criteria for Rule Pre-screening. Journal of Network and Computer Applications 30, 99–113 (2007)
Cha, C.S., Sad, S.: Web Session Anomaly Detection Based on Parameter Estimation. Computers & Security 23(4), 265–351 (2004)
Xu, B., Zhang, A.: Application of Support Vector Clustering Algorithm to Network Intrusion Detection. In: International Conference on Neural Networks and Brain, ICNN&B 2005, October 13-15, vol. 2, pp. 1036–1040 (2005)
Sh, O., Ws, L.: An Anomaly Intrusion Detection Method by Clustering Normal User Behavior. Computers & Security 22(7), 596–612 (2003)
Xu, B., Zhang, A.: Application of Support Vector Clustering Algorithm to Network Intrusion Detection. In: International Conference on Neural Networks and Brain, ICNN&B 2005, October 13-15, vol. 2, pp. 1036–1040 (2005)
Leon, E., Nasraoui, O., Gomez, J.: Anomaly Detection Based on Unsupervised Niche Clustering with Application to Network Intrusion Detection. In: Proceedings of IEEE Conference on Evolutionary Computation (CEC), pp. 502–508 (2004)
Guan, Y., Ghorbani, A., Belacel, N.: Y-MEANS: a Clustering Method for Intrusion Detection. In: Canadian Conference on Electrical and Computer Engineering, pp. 1083–1086 (2003)
Lee, W., Salvatore, J., Mok, K.: Mining Audit Data to Build Intrusion Detection Models. In: Proceedings of ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 66–72 (1998)
Dass, M.: LIDS: A Learning Intrusion Detection System. Master of Science, The University of Georgia, Athens, Georgia (2003)
Me, L.: GASSATA, A Genetic Algorithm as an Alternative Tool for Security Audit Trails Analysis. In: Proceedings of the 1st International Workshop on the Recent Advances in Intrusion Detection (RAID 1998), Louvain-la-Neuve, Belgium, pp. 14–16 (1998)
Mé, L.: Audit de Sécurité par Algorithmes Génétiques. Thèse de Doctorat de l’Institut de Formation Superieure en Informatique et Communication DE Rennes (1994)
Simon, D.: Biogeography-Based Optimization. IEEE Trans. on Evol. Comput. 12(6), 712–713 (2008)
Wallace, A.: The Geographical Distribution of Animals, vol. 2. Adamant Media Corporation, Boston (2005)
Darwin, C.: The Origin of Species. Gramercy, New York (1995)
MacArthur, R., Wilson, E.: The Theory of Biogeography. Princeton Univ. Press, Princeton (1967)
Wu, S., Banzhaf, W.: The Use of Computational Intelligence in Intrusion Detection Systems: A Review. Computer Science Department, Memorial University of Newfoundland, St John’s, NL A1B 3X5, Canada (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Daoudi, M., Boukra, A., Ahmed-Nacer, M. (2011). Security Audit Trail Analysis with Biogeography Based Optimization Metaheuristic. In: Abd Manaf, A., Zeki, A., Zamani, M., Chuprat, S., El-Qawasmeh, E. (eds) Informatics Engineering and Information Science. ICIEIS 2011. Communications in Computer and Information Science, vol 252. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25453-6_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-25453-6_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25452-9
Online ISBN: 978-3-642-25453-6
eBook Packages: Computer ScienceComputer Science (R0)