DocumentCode
2210095
Title
Autonomous rule creation for intrusion detection
Author
Vollmer, Todd ; Alves-Foss, Jim ; Manic, Milos
Author_Institution
Idaho Nat. Lab., Idaho Falls, ID, USA
fYear
2011
fDate
11-15 April 2011
Firstpage
1
Lastpage
8
Abstract
Many computational intelligence techniques for anomaly based network intrusion detection can be found in literature. Translating a newly discovered intrusion recognition criteria into a distributable rule can be a human intensive effort. This paper explores a multi-modal genetic algorithm solution for autonomous rule creation. This algorithm focuses on the process of creating rules once an intrusion has been identified, rather than the evolution of rules to provide a solution for intrusion detection. The algorithm was demonstrated on anomalous ICMP network packets (input) and Snort rules (output of the algorithm). Output rules were sorted according to a fitness value and any duplicates were removed. The experimental results on ten test cases demonstrated a 100 percent rule alert rate. Out of 33,804 test packets 3 produced false positives. Each test case produced a minimum of three rule variations that could be used as candidates for a production system.
Keywords
genetic algorithms; security of data; Snort rules; anomalous ICMP network packets; anomaly based network intrusion detection; autonomous rule creation; multi-modal genetic algorithm; Genetic algorithms; Humans; IP networks; Intrusion detection; Protocols; Runtime; Syntactics; Computational intelligence; Genetic algorithms; Intrusion detection;
fLanguage
English
Publisher
ieee
Conference_Titel
Computational Intelligence in Cyber Security (CICS), 2011 IEEE Symposium on
Conference_Location
Paris
Print_ISBN
978-1-4244-9905-2
Type
conf
DOI
10.1109/CICYBS.2011.5949394
Filename
5949394
Link To Document