| Authors: |
James V. Hansen
and Paul Benjamin Lowry
and Rayman D. Meservy
and Daniel M. McDonald
|
| Tags: |
Cyberterrorism,
Homologous
Information
Intrusion
Pattern
algorithms,
crossover,
detection,
genetic
programming,
recognition,
security
|
| Abstract: |
Because malicious intrusions into critical information
infrastructures are essential to the success of
cyberterrorists, effective intrusion detection is also
essential for defending such infrastructures.
Cyberterrorism thrives on the development of new
technologies; and, in response, intrusion detection
methods must be robust and adaptive, as well as
efficient. We hypothesise that genetic programming
algorithms can aid in this endeavour. To investigate
this proposition, we conducted an experiment using a
very large dataset from the 1999 Knowledge Discovery in
Database (KDD) Cup data, supplied by the Defense
Advanced Research Projects Agency (DARPA) and MIT's
Lincoln Laboratories. Using machine-coded linear
genomes and a homologous crossover operator in genetic
programming, promising results were achieved in
detecting malicious intrusions. The resulting programs
execute in real time, and high levels of accuracy were
realised in identifying both positive and negative
instances. |
@article{Hansen:2006:DSS,
title = {Genetic programming for prevention of cyberterrorism
through dynamic and evolving intrusion detection},
author = {James V. Hansen and Paul Benjamin Lowry and Rayman D. Meservy and Daniel M. McDonald},
journal = {Decision Support Systems},
month = {August},
note = {Special Issue Clusters},
number = {4},
pages = {1362--1374},
volume = {43},
year = {2007},
abstract = {Because malicious intrusions into critical information
infrastructures are essential to the success of
cyberterrorists, effective intrusion detection is also
essential for defending such infrastructures.
Cyberterrorism thrives on the development of new
technologies; and, in response, intrusion detection
methods must be robust and adaptive, as well as
efficient. We hypothesise that genetic programming
algorithms can aid in this endeavour. To investigate
this proposition, we conducted an experiment using a
very large dataset from the 1999 Knowledge Discovery in
Database (KDD) Cup data, supplied by the Defense
Advanced Research Projects Agency (DARPA) and MIT's
Lincoln Laboratories. Using machine-coded linear
genomes and a homologous crossover operator in genetic
programming, promising results were achieved in
detecting malicious intrusions. The resulting programs
execute in real time, and high levels of accuracy were
realised in identifying both positive and negative
instances.},
doi = {doi:10.1016/j.dss.2006.04.004},
keywords = {Cyberterrorism, Homologous Information Intrusion Pattern algorithms, crossover, detection, genetic programming, recognition, security }
}
::