Dendron: Genetic trees driven rule induction for network intrusion detection systems

被引:79
作者
Papamartzivanos, Dimitrios [1 ]
Gomez Marmol, Felix [2 ]
Kambourakis, Georgios [1 ,3 ]
机构
[1] Univ Aegean, Dept Informat & Commun Syst Engn, Samos 83200, Greece
[2] Univ Murcia, Dept Informat & Commun Engn, Murcia 30100, Spain
[3] George Mason Univ, Comp Sci Dept, Fairfax, VA 22030 USA
来源
FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF ESCIENCE | 2018年 / 79卷
基金
欧盟地平线“2020”;
关键词
Intrusion detection systems; Misuse detection; Decision Trees; Genetic Algorithms; Machine learning; Information systems security; DECISION TREE; CLASSIFICATION; MODEL;
D O I
10.1016/j.future.2017.09.056
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Intrusion detection systems (IDSs) are essential entities in a network topology aiming to safeguard the integrity and availability of sensitive assets in the protected systems. In misuse detection systems, which is the topic of the paper at hand, the detection process relies on specific attack signatures (rules) in an effort to distinguish between legitimate and malicious network traffic. Generally, three major challenges are associated with any IDS of this category: identifying patterns of new attacks with high accuracy, ameliorating the human-readability of the detection rules, and rightly designating the category these attacks belong to. To this end, we propose Dendron, a methodology for generating new detection rules which are able to classify both common and rare types of attacks. Our methodology takes advantage of both Decision Trees and Genetic Algorithms for the sake of evolving linguistically interpretable and accurate detection rules. It also integrates heuristic methods in the evolutionary process aiming to deal with the challenging nature of the network traffic, which generally biases machine learning techniques to neglect the minority classes of a dataset. The experimental results, using KDDCup'99, NSL-KDD and UNSW-NB15 datasets, reveal that Dendron is able to achieve superior results over other state-of-the-art and legacy techniques under several classification metrics, while at the same time is able to significantly detect rare intrusive incidents. (C) 2017 Elsevier B.V. All rights reserved.
引用
收藏
页码:558 / 574
页数:17
相关论文
共 38 条
[21]   A novel intrusion detection system based on hierarchical clustering and support vector machines [J].
Horng, Shi-Jinn ;
Su, Ming-Yang ;
Chen, Yuan-Hsin ;
Kao, Tzong-Wann ;
Chen, Rong-Jian ;
Lai, Jui-Lin ;
Perkasa, Citra Dwi .
EXPERT SYSTEMS WITH APPLICATIONS, 2011, 38 (01) :306-313
[22]  
Hyafil L., 1976, Information Processing Letters, V5, P15, DOI 10.1016/0020-0190(76)90095-8
[23]   Wrappers for feature subset selection [J].
Kohavi, R ;
John, GH .
ARTIFICIAL INTELLIGENCE, 1997, 97 (1-2) :273-324
[24]   Swarm intelligence in intrusion detection: A survey [J].
Kolias, C. ;
Kambourakis, G. ;
Maragoudakis, M. .
COMPUTERS & SECURITY, 2011, 30 (08) :625-642
[25]   TermID: a distributed swarm intelligence-based approach for wireless intrusion detection [J].
Kolias, Constantinos ;
Kolias, Vasilis ;
Kambourakis, Georgios .
INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2017, 16 (04) :401-416
[26]   Intrusion Detection in 802.11 Networks: Empirical Evaluation of Threats and a Public Dataset [J].
Kolias, Constantinos ;
Kambourakis, Georgios ;
Stavrou, Angelos ;
Gritzalis, Stefanos .
IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, 2016, 18 (01) :184-208
[27]  
Kononenko I., 1995, IJCAI-95. Proceedings of the Fourteenth International Joint Conference on Artificial Intelligence, P1034
[28]   A novel hybrid KPCA and SVM with GA model for intrusion detection [J].
Kuang, Fangjun ;
Xu, Weihong ;
Zhang, Siyang .
APPLIED SOFT COMPUTING, 2014, 18 :178-184
[29]  
Lee W., 2000, ACM Transactions on Information and Systems Security, V3, P227, DOI 10.1145/382912.382914
[30]  
Moustafa N, 2015, 2015 MILITARY COMMUNICATIONS AND INFORMATION SYSTEMS CONFERENCE (MILCIS)