Analysis of an Off-Line Intrusion Detection System: A Case Study in Multi-Objective Genetic Algorithms

Pedro A. Diaz-Gomez, Universidad El Bosque; and Dean F. Hougen, University of Oklahoma

A primary approach to computer security is the Intrusion Detection System (IDS). Off-line intrusion detection can be accomplished by searching audit trail logs of user activities for matches to patterns of events required for known attacks. Because such search is NP-complete, heuristic methods will need to be employed as databases of events and attacks grow. Genetic Algorithms (GAs) can provide appropriate heuristic search methods. However, balancing the need to detect all possible attacks in an audit trail with the need to avoid warnings of attacks that do not exist is a challenge, given the scalar fitness values required by GAs. A case study of a previously proposed GA-based IDS shows this difficulty with respect to its fitness function and proposes a new method to overcome it. Such analysis can be of benefit to the study of other multi-objective GAs.

This page is copyrighted by AAAI. All rights reserved. Your use of this site constitutes acceptance of all of AAAI's terms and conditions and privacy policy.