• DocumentCode
    2210095
  • Title

    Autonomous rule creation for intrusion detection

  • Author

    Vollmer, Todd ; Alves-Foss, Jim ; Manic, Milos

  • Author_Institution
    Idaho Nat. Lab., Idaho Falls, ID, USA
  • fYear
    2011
  • fDate
    11-15 April 2011
  • Firstpage
    1
  • Lastpage
    8
  • Abstract
    Many computational intelligence techniques for anomaly based network intrusion detection can be found in literature. Translating a newly discovered intrusion recognition criteria into a distributable rule can be a human intensive effort. This paper explores a multi-modal genetic algorithm solution for autonomous rule creation. This algorithm focuses on the process of creating rules once an intrusion has been identified, rather than the evolution of rules to provide a solution for intrusion detection. The algorithm was demonstrated on anomalous ICMP network packets (input) and Snort rules (output of the algorithm). Output rules were sorted according to a fitness value and any duplicates were removed. The experimental results on ten test cases demonstrated a 100 percent rule alert rate. Out of 33,804 test packets 3 produced false positives. Each test case produced a minimum of three rule variations that could be used as candidates for a production system.
  • Keywords
    genetic algorithms; security of data; Snort rules; anomalous ICMP network packets; anomaly based network intrusion detection; autonomous rule creation; multi-modal genetic algorithm; Genetic algorithms; Humans; IP networks; Intrusion detection; Protocols; Runtime; Syntactics; Computational intelligence; Genetic algorithms; Intrusion detection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computational Intelligence in Cyber Security (CICS), 2011 IEEE Symposium on
  • Conference_Location
    Paris
  • Print_ISBN
    978-1-4244-9905-2
  • Type

    conf

  • DOI
    10.1109/CICYBS.2011.5949394
  • Filename
    5949394