An application of decision support to network intrusion detection

This paper describes the design of a decision support module (DSM) for an intrusion detection system, which can provide active detection and automated response support during intrusions. The primary function of the decision support module is to provide recommended actions and alternatives and the implications of each recommended action. In the decision support module, the GA (genetic algorithm) was run over a subset of the data, called the training data, and then tested over the entire data set to test real-world performance. The model generated by this GA was based on a new method of data analysis for the intrusion detection problem. Each node in the model´s decision tree was designed to hold a randomized coefficient for the data, so that this coefficient multiplied by the data would yield a weight for the certainty of whether a certain record was an attack or not. The coefficients were based on ephemeral random constants (ERC), random numbers generated by the GA specific to mathematical modeling.