This paper presents a technique inspired by the negative selection mechanism of the immune system that can detect foreign patterns in the complement (non-self) space. In particular, the novel pattern detectors (in the complement space) are evolved using a genetic search, which could di#erentiate varying degrees of abnormality in network tra#c. The paper demonstrates the usefulness of such a technique to detect a wide variety of intrusive activities on networked computers. We also used a positive characterization method based on a nearest-neighbor classification.

This paper focuses on investigating immunological principles in designing a multi-agent system for intrusion/anomaly detection and response in networked computers. In this approach, the immunity-based agents roam around the machines (nodes or routers), and monitor the situation in the network (i.e. look for changes such as malfunctions, faults, abnormalities, misuse, deviations, intrusions, etc.). These agents can mutually recognize each other's activities and can take appropriate actions according to the underlying security policies. Specifically, their activities are coordinated in a hierarchical fashion while sensing, communicating and generating responses. Such an agent can learn and adapt to its environment dynamically and can detect both known and unknown intrusions. This research is the part of an effort to develop a multi-agent detection system that can simultaneously monitor networked computer's activities at different levels (such as user level, system level, process level and packet level) in order to determine intrusions and anomalies. The proposed intrusion detection system is designed to be flexible, extendible, and adaptable that can perform real-time monitoring in accordance with the needs and preferences of network administrators. This paper provides the conceptual view and a general framework of the proposed system.

Abstract not found

This paper describes a technique of applying Genetic Algorithm (GA) to network Intrusion Detection Systems (IDSs). A brief overview of the Intrusion Detection System, genetic algorithm, and related detection techniques is presented. Parameters and evolution process for GA are discussed in detail. Unlike other implementations of the same problem, this implementation considers both temporal and spatial information of network connections in encoding the network connection information into rules in IDS. This is helpful for identification of complex anomalous behaviors. This work is focused on the TCP/IP network protocols. 1.

The paper describes the design of a genetic classifier-based intrusion detection system, which can provide active detection and automated responses during intrusions. It is designed to be a sense and response system that can monitor various activities on the network (i.e. looks for changes such as malfunctions, faults, abnormalities, misuse, deviations, intrusions, etc.). In particular, it simultaneously monitors networked computer's activities at different levels (such as user level, system level, process level and packet level) and use a genetic classifier system in order to determine a specific action in case of any security violation. The objective is to find correlation among the deviated values (from normal) of monitored parameters to determine the type of intrusion and to generate an action accordingly. We performed some experiments to evolve set of decision rules based on the significance of monitored parameters in Unix environment, and tested for validation.

Abstract- How to find and detect novel or unknown network attacks is one of the most important objectives in current intrusion detection systems. In this paper, a rule evolution approach based on Genetic Programming (GP) for detecting novel attacks on network is presented and four genetic operators namely reproduction, mutation, crossover and dropping condition operators are used to evolve new rules. New rules are used to detect novel or known network attacks. A training and testing dataset proposed by DARPA is used to evolve and evaluate these new rules. The proof of concept implementation shows that the rule generated by GP has a low false positive rate (FPR), a low false negative rate (FNR) and a high rate of detecting unknown attacks. Moreover, the rule base composed of new rules has high detection rate (DR) with low false alarm rate (FAR). 1.

Abstract: This paper describes a new approach of classification using genetic programming. The proposed technique consists of genetically coevolving a population of non-linear transformations on the input data to be classified, and map them to a new space with a reduced dimension, in order to get a maximum inter-classes discrimination. The classification of new samples is then performed on the transformed data, and so become much easier. Contrary to the existing GP-classification techniques, the proposed one use a dynamic repartition of the transformed data in separated intervals, the efficacy of a given intervals repartition is handled by the fitness criterion, with a maximum classes discrimination. Experiments were first performed using the Fisher’s Iris dataset, and then, the KDD’99 Cup dataset was then used to study the intrusion detection and classification problem. Obtained results demonstrate that the proposed genetic approach outperform the existing GP-classification methods, and give a very accepted results compared to other existing techniques.

. In this paper, we describe: (i) how agents can protect information from other agents and (ii) how servers that support agent cooperation can help in this process. We show that agents' data security policies can be encoded through three structures called metaknowledge, history and agent security tables. We develop a framework that allows arbitrary metalanguages and history maintenance policies to be "plugged in", and develop complexity results, including polynomial (efficiently computable) approximations. 1 Introduction Developing a platform for the interaction of multiple agents requires contributions from several areas of computer science, ranging from systems software to support interoperability, network software to support multiagent communications, heterogeneous data and software integration to meaningfully exchange data, and artificial reasoning to support intelligent reasoning and decision making tasks. With these goals in mind, we are conducting a joint research effort betwe...

evaluation data set is the most widely used public benchmark for testing intrusion detection systems. But the presence of simulation artifacts attributes would cause many attacks in this dataset to be easily detected. In order to eliminate their influence on intrusion detection, we simply omit these attributes in the processes of both training and testing. We also present a GP-based rule learning approach for detecting attacks on network. GP is used to evolve new rules from the initial learned rules through genetic operations. Our results show that GP-based rule learning approach outperforms the original rule learning algorithm, detecting 84 of 148 attacks at 100 false alarms despite the absence of several simulation artifacts attributes. 1

The paper describes an immunogenetic approach which can detect a wide variety of intrusive activities on networked computers. In particular, this technique is inspired by the negative selection mechanism of the immune system that can detect foreign patterns in the complement (nonself) space. The novel pattern detectors (in the complement space) are evolved using a genetic search, which could differentiate varying degrees of abnormality in network traffic. The paper demonstrates the usefulness of such a technique in intrusion/anomaly detection. A number of experiments are performed using intrusion detection data sets (DARPA IDS evaluation program) and tested for validation. Some results are reported along with their analysis and concluding remarks.