%0 Conference Paper %1 conf/icnc/YinTHH05 %A Yin, Chuanhuan %A Tian, Shengfeng %A Huang, Houkuan %A He, Jun %B Advances in Natural Computation, First International Conference, ICNC 2005, Proceedings, Part III %C Changsha, China %D 2005 %E Wang, Lipo %E Chen, Ke %E Ong, Yew-Soon %I Springer %K algorithms, genetic programming %P 323--331 %R doi:10.1007/11539902_38 %T Applying Genetic Programming to Evolve Learned Rules for Network Anomaly Detection %V 3612 %X The DARPA/MIT Lincoln Laboratory off-line intrusion detection evaluation data set is the most widely used public benchmark for testing intrusion detection systems. But the presence of simulation artifacts attributes would cause many attacks in this dataset to be easily detected. In order to eliminate their influence on intrusion detection, we simply omit these attributes in the processes of both training and testing. We also present a GP-based rule learning approach for detecting attacks on network. GP is used to evolve new rules from the initial learned rules through genetic operations. Our results show that GP-based rule learning approach outperforms the original rule learning algorithm, detecting 84 of 148 attacks at 100 false alarms despite the absence of several simulation artifacts attributes. %@ 3-540-28320-X

@inproceedings{conf/icnc/YinTHH05, abstract = {The DARPA/MIT Lincoln Laboratory off-line intrusion detection evaluation data set is the most widely used public benchmark for testing intrusion detection systems. But the presence of simulation artifacts attributes would cause many attacks in this dataset to be easily detected. In order to eliminate their influence on intrusion detection, we simply omit these attributes in the processes of both training and testing. We also present a GP-based rule learning approach for detecting attacks on network. GP is used to evolve new rules from the initial learned rules through genetic operations. Our results show that GP-based rule learning approach outperforms the original rule learning algorithm, detecting 84 of 148 attacks at 100 false alarms despite the absence of several simulation artifacts attributes.}, added-at = {2008-06-19T17:35:00.000+0200}, address = {Changsha, China}, author = {Yin, Chuanhuan and Tian, Shengfeng and Huang, Houkuan and He, Jun}, bibdate = {2005-08-01}, bibsource = {DBLP, http://dblp.uni-trier.de/db/conf/icnc/icnc2005-3.html#YinTHH05}, biburl = {https://www.bibsonomy.org/bibtex/284fac904facf47f5e83ebc0b59165e0a/brazovayeye}, booktitle = {Advances in Natural Computation, First International Conference, ICNC 2005, Proceedings, Part III}, doi = {doi:10.1007/11539902_38}, editor = {Wang, Lipo and Chen, Ke and Ong, Yew-Soon}, interhash = {608a138543786131b6607c47ad9ff4de}, intrahash = {84fac904facf47f5e83ebc0b59165e0a}, isbn = {3-540-28320-X}, keywords = {algorithms, genetic programming}, month = {August 27-29}, pages = {323--331}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, size = {9 pages}, timestamp = {2008-06-19T17:54:54.000+0200}, title = {Applying Genetic Programming to Evolve Learned Rules for Network Anomaly Detection}, volume = 3612, year = 2005 }