SlideShare uma empresa Scribd logo

Intrusion detection system with GA

C
ChungHsiangHsueh
EducaçãoTecnologia
1 de 21
Intrusion Detection System B95901153 薛仲翔 B96901038 郭建言
Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
Security Audit Generate, record, review, and then sort the system events for some security purposes. System monitoring Avoid misusing Event reconstructing Accountability Damage assessing and recovering
The Development of IDS In 1950s, a document of requirements of Electronic Data Processing (EDP) audit was defined. In 1970s, audit processing was subsumed into "Trusted Computer System Evaluation Criteria“.
The Development of IDS (cont.) Audit reduction Distinguish risks and threats. Statistic analysis Masquerade attack Intrusion detection systems after 1980s Discovery, Haystack, MIDAS, NADIR, NSM, etc. Commercial product
Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
Architecture Functional device information source analysis engine response component Separated audit and audited system Intruder may shut down the IDS. Audit records may be altered or deleted. Reduce the loading of IDS
Strategies Information source, or event generator Host-based Network-based Application-based Target-based
Strategies (cont.) Analysis Misuse Anomaly Response Accountability Log Alarm the administrator Adjust IDS or the intruded system Notify routers and/or firewalls
Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
Genetic Algorithm(GA) 0 1 1 0 1 0 0 1 1 0 1 0 0 1 1 0 0 0 1 0 0 1 0 1 0 1 1 0 1 0 1 1 0 1 0 1 1 1 0 1 0 1 1 1 0 1 0 1 0 1 1 0 1 0 1 1 0 1 0 1 0 1 1 0 1 0 1 1 0 1 0 1 1 0 0 0 1 1 0 1 1 1 0 1 0 1 1 0 0 1 1 1 0 0 1 1 1 1 0 1 0 1 1 1 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 Selection Evaluation Selection Initialization Crossover Mutation 0 1 1 1 0 1 Until termination Replacement Crossover Higher fitness 1 1 0 0 1 0 Simple GA flow Prof. TianLi Yu 1 1 1 0 1 0 Mutation Lower fitness 0 0 1 0 1 1 GA is a kind of global mountain climbing algorithm
Why Genetic Algorithm(GA)? Misused detection is not treated well.(Because it needs continous updating) System based on GA can be easily re-trained. The space of potential solution is truely huge. Due to the parallelism that allows them to implicitly evaluate many schemas at once.
System Implementation(Developed by Bancovic et al.) Rule-Based IDS: If-then rules are trained to recognize normal connections. ‧MultiExpressionProgramming(MEP)isappliedtoconstructtherules. ‧Very low false-positive rate Linear classifier: Classifies connections into normal ones and potential attacks. ‧Low false-negative rate ‧high false-positive rate ->its decision has to be re-checked.
System Implementation Linear classifier: Population = 1000 ;Generation = 300 The features used to Describe the Attack: gene[1]*duration + gene[2]*src_bytes + gene[3]*dst_host_srv_serr_rate < gene[4] FitnessFunction: # squared percentage achieves better performance
System Implementation Rule-Based IDS: FitnessFunction :F-Measure If-then rules are trained to recognize normal connections. ‧MultiExpressionProgramming(MEP)isappliedtoconstructtherules. ‧Very low false-positive rate Service Hot Logged Threshold SampleRule used to identifyNormal Connections: ----------------------------------------------------------------- If(service==“http”andhot==“0”andlogged_in==“0”) Thennormal A rule
Results The experimental results of whole system Trained by 250000 of 491021 data from “KDD_10_percent” Retrained by the remaining data from KDD_10_percent
Discussion ‧Advantage: Perform the training process and the process of detecting intrusions faster while maintaining high detection rate. #Because only six feature are defined to train. ‧Drawback: The distribution of the attacks and normal connection in the datasets is not very realistic [7], i.e. only 20% of the training data set makes normal connections while in real world the situation is quite opposite, as the percentage of normal packets highly exceeds the percentage of intrusive ones.
Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
The Implementation of IDS with Some Popular Methods
Reference GASSATA, A Genetic Algorithm as an Alternative Tool for Security Audit Trails Analysis, Ludovic Me,2000 A Genetic Algorithm-based Solution for Intrusion Detection , ZoranaBanković et al,2009 駭客入侵偵測專業手冊,旗標出版社,Rebecca Gurley Bace著,賴冠州編譯,2001

Recomendados

Fault detection consequence
Fault detection consequenceFault detection consequence
Fault detection consequence
Mahbub Rashid
 
SplunkLive! Houston Improving Healthcare Operations
SplunkLive! Houston Improving Healthcare OperationsSplunkLive! Houston Improving Healthcare Operations
SplunkLive! Houston Improving Healthcare Operations
Splunk
 
Basics of process fault detection and diagnostics
Basics of process fault detection and diagnosticsBasics of process fault detection and diagnostics
Basics of process fault detection and diagnostics
Rahul Dey
 
STPA and Software Verification
STPA and Software VerificationSTPA and Software Verification
STPA and Software Verification
Asim Abdulkhaleq, Dr.rer.nat
 
Diagnostic process
Diagnostic processDiagnostic process
Diagnostic process
Hezzy Burton
 
Penetration testing services
Penetration testing servicesPenetration testing services
Penetration testing services
Alisha Henderson
 
Adaptive training of vibration-based anomaly detector for wind turbine condit...
Adaptive training of vibration-based anomaly detector for wind turbine condit...Adaptive training of vibration-based anomaly detector for wind turbine condit...
Adaptive training of vibration-based anomaly detector for wind turbine condit...
pcl-lab
 
626 Information leakage and Data Loss Prevention Tools
626 Information leakage and Data Loss Prevention Tools626 Information leakage and Data Loss Prevention Tools
626 Information leakage and Data Loss Prevention Tools
Splitty
 

Recomendados

Fault detection consequence
Fault detection consequenceFault detection consequence
Fault detection consequence
Mahbub Rashid
 
SplunkLive! Houston Improving Healthcare Operations
SplunkLive! Houston Improving Healthcare OperationsSplunkLive! Houston Improving Healthcare Operations
SplunkLive! Houston Improving Healthcare Operations
Splunk
 
Basics of process fault detection and diagnostics
Basics of process fault detection and diagnosticsBasics of process fault detection and diagnostics
Basics of process fault detection and diagnostics
Rahul Dey
 
STPA and Software Verification
STPA and Software VerificationSTPA and Software Verification
STPA and Software Verification
Asim Abdulkhaleq, Dr.rer.nat
 
Diagnostic process
Diagnostic processDiagnostic process
Diagnostic process
Hezzy Burton
 
Penetration testing services
Penetration testing servicesPenetration testing services
Penetration testing services
Alisha Henderson
 
Adaptive training of vibration-based anomaly detector for wind turbine condit...
Adaptive training of vibration-based anomaly detector for wind turbine condit...Adaptive training of vibration-based anomaly detector for wind turbine condit...
Adaptive training of vibration-based anomaly detector for wind turbine condit...
pcl-lab
 
626 Information leakage and Data Loss Prevention Tools
626 Information leakage and Data Loss Prevention Tools626 Information leakage and Data Loss Prevention Tools
626 Information leakage and Data Loss Prevention Tools
Splitty
 
Machine learning for sensor Data Analytics
Machine learning for sensor Data AnalyticsMachine learning for sensor Data Analytics
Machine learning for sensor Data Analytics
MATLABISRAEL
 
IRJET- Intrusion Detection System using Genetic Algorithm
IRJET- Intrusion Detection System using Genetic AlgorithmIRJET- Intrusion Detection System using Genetic Algorithm
IRJET- Intrusion Detection System using Genetic Algorithm
IRJET Journal
 
Mathworks CAE simulation suite – case in point from automotive and aerospace.
Mathworks CAE simulation suite – case in point from automotive and aerospace.Mathworks CAE simulation suite – case in point from automotive and aerospace.
Mathworks CAE simulation suite – case in point from automotive and aerospace.
WMG centre High Value Manufacturing Catapult
 
Validation
ValidationValidation
Validation
Janet Robinson
 
SE2018_Lec 19_ Software Testing
SE2018_Lec 19_ Software TestingSE2018_Lec 19_ Software Testing
SE2018_Lec 19_ Software Testing
Amr E. Mohamed
 
Machine learning algorithm for classification of activity of daily life’s
Machine learning algorithm for classification of activity of daily life’sMachine learning algorithm for classification of activity of daily life’s
Machine learning algorithm for classification of activity of daily life’s
Siddharth Chakravarty
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
akquinet enterprise solutions GmbH
 
Machine Learning AND Deep Learning for OpenPOWER
Machine Learning AND Deep Learning for OpenPOWERMachine Learning AND Deep Learning for OpenPOWER
Machine Learning AND Deep Learning for OpenPOWER
Ganesan Narayanasamy
 
Healthcare IT
Healthcare ITHealthcare IT
Healthcare IT
RISC Networks
 
BigDansing presentation slides for SIGMOD 2015
BigDansing presentation slides for SIGMOD 2015BigDansing presentation slides for SIGMOD 2015
BigDansing presentation slides for SIGMOD 2015
Zuhair khayyat
 
#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...
#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...
#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...
Agile Testing Alliance
 
IRJET- Intrusion Detection using IP Binding in Real Network
IRJET- Intrusion Detection using IP Binding in Real NetworkIRJET- Intrusion Detection using IP Binding in Real Network
IRJET- Intrusion Detection using IP Binding in Real Network
IRJET Journal
 
IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...
IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...
IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...
IRJET Journal
 
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
Chester Chen
 
Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...
Liming Zhu
 
AI for Software Engineering
AI for Software EngineeringAI for Software Engineering
AI for Software Engineering
Miroslaw Staron
 
IRJET - Automated Fraud Detection Framework in Examination Halls
IRJET - Automated Fraud Detection Framework in Examination Halls IRJET - Automated Fraud Detection Framework in Examination Halls
IRJET - Automated Fraud Detection Framework in Examination Halls
IRJET Journal
 
From Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems ArchitecturesFrom Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems Architectures
Obeo
 
4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work
Ievgenii Katsan
 
Machine programming
Machine programmingMachine programming
Machine programming
DESMOND YUEN
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
misteraugie
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 

Mais conteúdo relacionado

Semelhante a Intrusion detection system with GA

SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
akquinet enterprise solutions GmbH
 
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
Chester Chen
 
Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...
Liming Zhu
 
Machine programming
Machine programmingMachine programming
Machine programming
DESMOND YUEN
 

Semelhante a Intrusion detection system with GA (20)

Machine learning for sensor Data Analytics
Machine learning for sensor Data AnalyticsMachine learning for sensor Data Analytics
Machine learning for sensor Data Analytics
 
IRJET- Intrusion Detection System using Genetic Algorithm
IRJET- Intrusion Detection System using Genetic AlgorithmIRJET- Intrusion Detection System using Genetic Algorithm
IRJET- Intrusion Detection System using Genetic Algorithm
 
Mathworks CAE simulation suite – case in point from automotive and aerospace.
Mathworks CAE simulation suite – case in point from automotive and aerospace.Mathworks CAE simulation suite – case in point from automotive and aerospace.
Mathworks CAE simulation suite – case in point from automotive and aerospace.
 
Validation
ValidationValidation
Validation
 
SE2018_Lec 19_ Software Testing
SE2018_Lec 19_ Software TestingSE2018_Lec 19_ Software Testing
SE2018_Lec 19_ Software Testing
 
Machine learning algorithm for classification of activity of daily life’s
Machine learning algorithm for classification of activity of daily life’sMachine learning algorithm for classification of activity of daily life’s
Machine learning algorithm for classification of activity of daily life’s
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
 
Machine Learning AND Deep Learning for OpenPOWER
Machine Learning AND Deep Learning for OpenPOWERMachine Learning AND Deep Learning for OpenPOWER
Machine Learning AND Deep Learning for OpenPOWER
 
Healthcare IT
Healthcare ITHealthcare IT
Healthcare IT
 
BigDansing presentation slides for SIGMOD 2015
BigDansing presentation slides for SIGMOD 2015BigDansing presentation slides for SIGMOD 2015
BigDansing presentation slides for SIGMOD 2015
 
#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...
#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...
#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...
 
IRJET- Intrusion Detection using IP Binding in Real Network
IRJET- Intrusion Detection using IP Binding in Real NetworkIRJET- Intrusion Detection using IP Binding in Real Network
IRJET- Intrusion Detection using IP Binding in Real Network
 
IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...
IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...
IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...
 
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
 
Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...
 
AI for Software Engineering
AI for Software EngineeringAI for Software Engineering
AI for Software Engineering
 
IRJET - Automated Fraud Detection Framework in Examination Halls
IRJET - Automated Fraud Detection Framework in Examination Halls IRJET - Automated Fraud Detection Framework in Examination Halls
IRJET - Automated Fraud Detection Framework in Examination Halls
 
From Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems ArchitecturesFrom Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems Architectures
 
4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work
 
Machine programming
Machine programmingMachine programming
Machine programming
 

Último

The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 

Último (20)

Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 

Intrusion detection system with GA

  • 1. Intrusion Detection System B95901153 薛仲翔 B96901038 郭建言
  • 2. Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
  • 3. Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
  • 4. Security Audit Generate, record, review, and then sort the system events for some security purposes. System monitoring Avoid misusing Event reconstructing Accountability Damage assessing and recovering
  • 5. The Development of IDS In 1950s, a document of requirements of Electronic Data Processing (EDP) audit was defined. In 1970s, audit processing was subsumed into "Trusted Computer System Evaluation Criteria“.
  • 6. The Development of IDS (cont.) Audit reduction Distinguish risks and threats. Statistic analysis Masquerade attack Intrusion detection systems after 1980s Discovery, Haystack, MIDAS, NADIR, NSM, etc. Commercial product
  • 7. Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
  • 8. Architecture Functional device information source analysis engine response component Separated audit and audited system Intruder may shut down the IDS. Audit records may be altered or deleted. Reduce the loading of IDS
  • 9. Strategies Information source, or event generator Host-based Network-based Application-based Target-based
  • 10. Strategies (cont.) Analysis Misuse Anomaly Response Accountability Log Alarm the administrator Adjust IDS or the intruded system Notify routers and/or firewalls
  • 11. Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
  • 12. Genetic Algorithm(GA) 0 1 1 0 1 0 0 1 1 0 1 0 0 1 1 0 0 0 1 0 0 1 0 1 0 1 1 0 1 0 1 1 0 1 0 1 1 1 0 1 0 1 1 1 0 1 0 1 0 1 1 0 1 0 1 1 0 1 0 1 0 1 1 0 1 0 1 1 0 1 0 1 1 0 0 0 1 1 0 1 1 1 0 1 0 1 1 0 0 1 1 1 0 0 1 1 1 1 0 1 0 1 1 1 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 Selection Evaluation Selection Initialization Crossover Mutation 0 1 1 1 0 1 Until termination Replacement Crossover Higher fitness 1 1 0 0 1 0 Simple GA flow Prof. TianLi Yu 1 1 1 0 1 0 Mutation Lower fitness 0 0 1 0 1 1 GA is a kind of global mountain climbing algorithm
  • 13. Why Genetic Algorithm(GA)? Misused detection is not treated well.(Because it needs continous updating) System based on GA can be easily re-trained. The space of potential solution is truely huge. Due to the parallelism that allows them to implicitly evaluate many schemas at once.
  • 14. System Implementation(Developed by Bancovic et al.) Rule-Based IDS: If-then rules are trained to recognize normal connections. ‧MultiExpressionProgramming(MEP)isappliedtoconstructtherules. ‧Very low false-positive rate Linear classifier: Classifies connections into normal ones and potential attacks. ‧Low false-negative rate ‧high false-positive rate ->its decision has to be re-checked.
  • 15. System Implementation Linear classifier: Population = 1000 ;Generation = 300 The features used to Describe the Attack: gene[1]*duration + gene[2]*src_bytes + gene[3]*dst_host_srv_serr_rate < gene[4] FitnessFunction: # squared percentage achieves better performance
  • 16. System Implementation Rule-Based IDS: FitnessFunction :F-Measure If-then rules are trained to recognize normal connections. ‧MultiExpressionProgramming(MEP)isappliedtoconstructtherules. ‧Very low false-positive rate Service Hot Logged Threshold SampleRule used to identifyNormal Connections: ----------------------------------------------------------------- If(service==“http”andhot==“0”andlogged_in==“0”) Thennormal A rule
  • 17. Results The experimental results of whole system Trained by 250000 of 491021 data from “KDD_10_percent” Retrained by the remaining data from KDD_10_percent
  • 18. Discussion ‧Advantage: Perform the training process and the process of detecting intrusions faster while maintaining high detection rate. #Because only six feature are defined to train. ‧Drawback: The distribution of the attacks and normal connection in the datasets is not very realistic [7], i.e. only 20% of the training data set makes normal connections while in real world the situation is quite opposite, as the percentage of normal packets highly exceeds the percentage of intrusive ones.
  • 19. Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
  • 20. The Implementation of IDS with Some Popular Methods
  • 21. Reference GASSATA, A Genetic Algorithm as an Alternative Tool for Security Audit Trails Analysis, Ludovic Me,2000 A Genetic Algorithm-based Solution for Intrusion Detection , ZoranaBanković et al,2009 駭客入侵偵測專業手冊,旗標出版社,Rebecca Gurley Bace著,賴冠州編譯,2001