A Statistical Rule Learning Approach to Network Intrusion Detection

With the enormous growth of users reliance on the Internet, the need for secure and reliable computer networks also increases. A good security mechanism requires an Intrusion Detection System (IDS) in order to monitor security breaches when the prevention schemes are circumvented. To be able to react to different network attacks in changing environments, a generic and flexible detection system is of paramount importance. This paper presents a method that uses statistical features as the input to a rule learning technique. First, for extracting suitable features for intrusion detection, an entropy and volume- based approach is introduced. Then, for the classification task, a genetic-based rule learning technique that utilises an interval-based representation for statistical features of network traffic is proposed. Two sources of data are used to evaluate this technique and to compare against other machine learning techniques. The results show that our proposed approach provides simple rulesets with competitive detection performance in comparison to other algorithms.