Development of Genetic-based Machine Learning for Network Intrusion Detection (GBML-NID)

Society has grown to rely on Internet services, and the number of Internet users increases every day. As more and more users become connected to the network, the window of opportunity for malicious users to do their damage becomes very great and lucrative. The objective of this paper is to incorporate different techniques into classier system to detect and classify intrusion from normal network packet. Among several techniques, Steady State Genetic-based Machine Leaning Algorithm (SSGBML) will be used to detect intrusions. Where Steady State Genetic Algorithm (SSGA), Simple Genetic Algorithm (SGA), Modified Genetic Algorithm and Zeroth Level Classifier system are investigated in this research. SSGA is used as a discovery mechanism instead of SGA. SGA replaces all old rules with new produced rule preventing old good rules from participating in the next rule generation. Zeroth Level Classifier System is used to play the role of detector by matching incoming environment message with classifiers to determine whether the current message is normal or intrusion and receiving feedback from environment. Finally, in order to attain the best results, Modified SSGA will enhance our discovery engine by using Fuzzy Logic to optimize crossover and mutation probability. The experiments and evaluations of the proposed method were performed with the KDD 99 intrusion detection dataset.

Authors:

• Wafa' S.Al-Sharafat
• Reyadh Naoum

Keywords:

• MSSGBML
• Network Intrusion Detection
• SGA
• SSGA.

References:

[1] S.Selvakani, R.S. Rajesh, "Genetic Algorithm for framing rules for
intrusion Detection", IJCSNS International Journal of Computer Science
and Network Security, VOL.7 No.11, November 2007
[2] A.Christie, W. Fithen, J.McHugh, J.Pickel, E. Stoner, "State of the
Practice of Intrusion Detection Technologies", Technical Report,
Carnegie Mellon University, 2000.
[3] N.Toosi, M. Kahani, "A new approach to intrusion detection based on an
evolutionary soft computing model using neuro-fuzzy classifiers",
Computer Communications 30(2007) 2201-2212, 2007
[4] M. Sabhnani, G. Serpen, "Application of Machine Learning Algorithms
to KDD Intrusion Detection Dataset within Misuse Detection Context",
Proceeding of International Conference on Machine Learning: Models,
Technology and Application, Las Vegas, Nevada, USA, June 2003.
[5] Ch. Sinclair, L. Pierce, S. Matzner, "An Application of Machine
Learning to Network Intrusion Detection", 15th Annual Computer
Security Applications Conference Phoenix, Arizona, December 6-10,
1999
[6] KDD-CUP 1999 Data,
http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
[7] A.Osareh, Bita Shadgar, "Intrusion Detection in Computer Networks
based on Machine Learning Algorithms", International Journal of
Computer Science and Network Security, VOL.8 No.11, November
2008
[8] I.Guayan, A.Elisseeff, "An Introduction to Variable and Selection",
Journal of Machine Leaning Research 3, March 2003
[9] L.Yu, H.Lin, "Feature Selection for High-Dimensional Data: A Fast
Correlation-based Filter Solution", Proceeding of 20th International
Conference on Machine Learning (ICML-2003), Washington D.C.,
August 2003.
[10] T. S. Chou, K. K. Yen, and J. Luo, "Network Intrusion Detection Design
Using Feature Selection of Soft Computing Paradigms", International
Journal of Computational Intelligence 4;3 ┬® www.waset.org Summer
2008.
[11] J.Jones, T.Soule, "Comparing Genetic Robustness in Generational vs.
Steady State Evolutionary Algorithms", GECCO-06, Seattle,
Washington, USA. July 8-12, 2006, ┬®Copyright 2006 ACM
[12] M.Mitchell, "An Introduction to Genetic Algorithm", MIT Press, 1996.
[13] Crosbie M and Spafford E, "Applying genetic Programming to Intrusion
Detection", Proceedings of the AAAI Fall Symposium, 1995.
[14] S.M. Bridges and R.B. Vaugha, " Fuzzy Data Mining and Genetic
Algorithms Applied to Intrusion Detection", Proceedings of 12th Annual
Canadian Information Technology Security Symposium, pp.109-122,
2000.
[15] L. Kuang, "DNIDS: A Dependable Network Intrusion Detection System
Using the CSI-KNN Algorithm", Master thesis, Queen-s University ,
Canada, September 2007.
[16] M.R. Sabhnani, G. Serpen, Application of machine learning algorithms
to KDD intrusion detection dataset within misuse detection context, in:
Proceedings of International Conference on Machine Learning: Models,
Technologies, and Applications, 23-26 June 2003, Las Vegas, Nevada,
USA, 2003, pp. 209-215.
[17] R. Agarwal, M.V. Joshi, PNrule: A New Framework for Learning
Classifier Models in Data Mining, Department of Computer Science,
University of Minnesota, Report No. RC-21719, 2000.