Skip to main content
SpringerLink
Log in

Applying Genetic Programming to Evolve Learned Rules for Network Anomaly Detection

  • Conference paper
Advances in Natural Computation (ICNC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3612))

Included in the following conference series:

Abstract

The DARPA/MIT Lincoln Laboratory off-line intrusion detection evaluation data set is the most widely used public benchmark for testing intrusion detection systems. But the presence of simulation artifacts attributes would cause many attacks in this dataset to be easily detected. In order to eliminate their influence on intrusion detection, we simply omit these attributes in the processes of both training and testing. We also present a GP-based rule learning approach for detecting attacks on network. GP is used to evolve new rules from the initial learned rules through genetic operations. Our results show that GP-based rule learning approach outperforms the original rule learning algorithm, detecting 84 of 148 attacks at 100 false alarms despite the absence of several simulation artifacts attributes.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 119.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Technical Report, Fort Washington, PA (1980)

    Google Scholar 

  2. Roesch, M.: Snort: Lightweight intrusion detection for networks. In: Proc. of USENIX Large Installation System Administration Conference (1999)

    Google Scholar 

  3. Koza, J.R.: Genetic Programming. MIT Press, Cambridge (1992)

    MATH  Google Scholar 

  4. Mahoney, M.V., Chan, P.K.: Learning Rules for Anomaly Detection of Hostile Network Traffic. In: Proc. of International Conference on Data Mining (2003)

    Google Scholar 

  5. Mahoney, M.V., Chan, P.K.: An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 220–237. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Barbara, D., Couto, J., Jajodia, S., Popyack, L., Wu, N.: ADAM: Detecting Intrusions by Data Mining. In: Proc. of IEEE Workshop on Information Assurance and Security, pp. 11–16 (2001)

    Google Scholar 

  7. Hoagland, J.: SPADE (2000), http://www.silicondefense.com/software/spice/

  8. Mahoney, M.V.: A Machine Learning Approach to Detecting Attacks by Identifying Anomalies in Network Traffic. Ph.D. dissertation, Florida Institute of Technology (2003)

    Google Scholar 

  9. Mahoney, M.V., Chan, P.K.: Learning Non-stationary Models of Normal Network Traffic for Detecting Novel Attacks. In: Proc. of ACM Special Interest Group on Knowledge Discovery in Data and Data Mining, pp. 376–385 (2002)

    Google Scholar 

  10. Mahoney, M.V.: Network Traffic Anomaly Detection Based on Packet Bytes. In: Proc. of ACM Symposium on Applied Computing (2003)

    Google Scholar 

  11. Paxson, V., Floyd, S.: Wide area traffic: the failure of Poisson modeling. IEEE/ACM Transactions on Networking 3, 226–244 (1995)

    Article  Google Scholar 

  12. Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA Off-Line Intrusion Detection Evaluation. Computer Networks 34, 579–595 (2000)

    Article  Google Scholar 

  13. Crosbie, M., Spafford, G.: Applying Genetic Programming to Intrusion Detection. In: Proc. of AAAI Fall Symposium on Genetic Programming (1995)

    Google Scholar 

  14. Su, P.R., Li, D.Q., Feng, D.G.: A Host-Based Anomaly Intrusion Detection Model Based on Genetic Programming. Chinese Journal of Software 14, 1120–1126 (2003)

    MATH  Google Scholar 

  15. Lu, W., Traore, I.: Detecting New Forms of Network Intrusion Using Genetic Programming. Computational Intelligence 20 (2004)

    Google Scholar 

  16. Yao, X.: Evolutionary Computation: Theory and Applications. World Scientific, Singapore (1999)

    Google Scholar 

  17. Tan, K.C., Lim, M.H., Yao, X., Wang, L.P. (eds.): Recent Advances in Simulated Evolution and Learning. World Scientific, Singapore (2004)

    MATH  Google Scholar 

  18. Wong, M.L., Leung, K.S.: Data Mining Using Grammar based Genetic Programming and Applications. Kluwer Academic Publishers, Dordrecht (2000)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer and Information Technology, Beijing Jiaotong University, Beijing, 100044, China

    Chuanhuan Yin, Shengfeng Tian, Houkuan Huang & Jun He

Authors
  1. Chuanhuan Yin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shengfeng Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Houkuan Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jun He
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Electrical and Electronic Engineering, Nanyang Technological University, Block S1, Nanyang Avenue, 639798, Singapore

    Lipo Wang

  2. School of Software, Sun Yat-Sen University, 510275, Guangzhou, China

    Ke Chen

  3. School of Computer Engineering, Nanyang Technological University, BLK N4, 2b-39, Nanyang Avenue, 639798, Singapore

    Yew Soon Ong

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yin, C., Tian, S., Huang, H., He, J. (2005). Applying Genetic Programming to Evolve Learned Rules for Network Anomaly Detection. In: Wang, L., Chen, K., Ong, Y.S. (eds) Advances in Natural Computation. ICNC 2005. Lecture Notes in Computer Science, vol 3612. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11539902_38

Download citation

  • DOI: https://doi.org/10.1007/11539902_38

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-28320-1

  • Online ISBN: 978-3-540-31863-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation