Applying Genetic Programming to Evolve Learned Rules
for Network Anomaly Detection
C. Yin, S. Tian, H. Huang, and J. He. Advances in Natural Computation, First International
Conference, ICNC 2005, Proceedings, Part III, volume 3612 of Lecture Notes in Computer Science, page 323--331. Changsha, China, Springer, (August 2005)
DOI: doi:10.1007/11539902_38
Abstract
The DARPA/MIT Lincoln Laboratory off-line intrusion
detection evaluation data set is the most widely used
public benchmark for testing intrusion detection
systems. But the presence of simulation artifacts
attributes would cause many attacks in this dataset to
be easily detected. In order to eliminate their
influence on intrusion detection, we simply omit these
attributes in the processes of both training and
testing. We also present a GP-based rule learning
approach for detecting attacks on network. GP is used
to evolve new rules from the initial learned rules
through genetic operations. Our results show that
GP-based rule learning approach outperforms the
original rule learning algorithm, detecting 84 of 148
attacks at 100 false alarms despite the absence of
several simulation artifacts attributes.
%0 Conference Paper
%1 conf/icnc/YinTHH05
%A Yin, Chuanhuan
%A Tian, Shengfeng
%A Huang, Houkuan
%A He, Jun
%B Advances in Natural Computation, First International
Conference, ICNC 2005, Proceedings, Part III
%C Changsha, China
%D 2005
%E Wang, Lipo
%E Chen, Ke
%E Ong, Yew-Soon
%I Springer
%K algorithms, genetic programming
%P 323--331
%R doi:10.1007/11539902_38
%T Applying Genetic Programming to Evolve Learned Rules
for Network Anomaly Detection
%V 3612
%X The DARPA/MIT Lincoln Laboratory off-line intrusion
detection evaluation data set is the most widely used
public benchmark for testing intrusion detection
systems. But the presence of simulation artifacts
attributes would cause many attacks in this dataset to
be easily detected. In order to eliminate their
influence on intrusion detection, we simply omit these
attributes in the processes of both training and
testing. We also present a GP-based rule learning
approach for detecting attacks on network. GP is used
to evolve new rules from the initial learned rules
through genetic operations. Our results show that
GP-based rule learning approach outperforms the
original rule learning algorithm, detecting 84 of 148
attacks at 100 false alarms despite the absence of
several simulation artifacts attributes.
%@ 3-540-28320-X
@inproceedings{conf/icnc/YinTHH05,
abstract = {The DARPA/MIT Lincoln Laboratory off-line intrusion
detection evaluation data set is the most widely used
public benchmark for testing intrusion detection
systems. But the presence of simulation artifacts
attributes would cause many attacks in this dataset to
be easily detected. In order to eliminate their
influence on intrusion detection, we simply omit these
attributes in the processes of both training and
testing. We also present a GP-based rule learning
approach for detecting attacks on network. GP is used
to evolve new rules from the initial learned rules
through genetic operations. Our results show that
GP-based rule learning approach outperforms the
original rule learning algorithm, detecting 84 of 148
attacks at 100 false alarms despite the absence of
several simulation artifacts attributes.},
added-at = {2008-06-19T17:35:00.000+0200},
address = {Changsha, China},
author = {Yin, Chuanhuan and Tian, Shengfeng and Huang, Houkuan and He, Jun},
bibdate = {2005-08-01},
bibsource = {DBLP,
http://dblp.uni-trier.de/db/conf/icnc/icnc2005-3.html#YinTHH05},
biburl = {https://www.bibsonomy.org/bibtex/284fac904facf47f5e83ebc0b59165e0a/brazovayeye},
booktitle = {Advances in Natural Computation, First International
Conference, ICNC 2005, Proceedings, Part III},
doi = {doi:10.1007/11539902_38},
editor = {Wang, Lipo and Chen, Ke and Ong, Yew-Soon},
interhash = {608a138543786131b6607c47ad9ff4de},
intrahash = {84fac904facf47f5e83ebc0b59165e0a},
isbn = {3-540-28320-X},
keywords = {algorithms, genetic programming},
month = {August 27-29},
pages = {323--331},
publisher = {Springer},
series = {Lecture Notes in Computer Science},
size = {9 pages},
timestamp = {2008-06-19T17:54:54.000+0200},
title = {Applying Genetic Programming to Evolve Learned Rules
for Network Anomaly Detection},
volume = 3612,
year = 2005
}