Premium
Adaptive anomaly‐based intrusion detection system using genetic algorithm and profiling
Author(s) -
Resende Paulo Angelo Alves,
Drummond André Costa
Publication year - 2018
Publication title -
security and privacy
Language(s) - English
Resource type - Journals
ISSN - 2475-6725
DOI - 10.1002/spy2.36
Subject(s) - intrusion detection system , anomaly detection , profiling (computer programming) , cluster analysis , computer science , anomaly based intrusion detection system , data mining , cyberspace , false positive rate , algorithm , artificial intelligence , pattern recognition (psychology) , machine learning , the internet , world wide web , operating system
Intrusion detection systems have been playing an important role in defeating treats in the Cyberspace. In this context, researchers have been proposing anomaly‐based methods for intrusion detection, on which the “normal” behavior is defined and the deviations (anomalies) are pointed out as intrusions. In this case, profiling is a relevant procedure used to establish a baseline for the normal behavior. In this work, an adaptive approach based on genetic algorithm is used to select features for profiling and parameters for anomaly‐based intrusion detection methods. Additionally, two anomaly‐based methods are introduced to be coupled with the proposed approach. One is based on basic statistics and the other is based on a projected clustering procedure. In the presented experiments performed on the CICIDS2017 dataset, our methods achieved results as good as detection rate equals to 92.85% and false positive rate of 0.69%. The presented approach iteratively adapts to new attacks and to the environmental requirements, such as security staff's preferences and available computational resources.