Download Intrusion Detection using Genetic Programming

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
Document related concepts

Nonlinear dimensionality reduction wikipedia , lookup

Transcript 
Intrusion Detection using
Genetic Programming
Presented by Chris Chambers
Overview
General idea:
Body very good at distinguishing between
self/not-self
 Has a memory for old intrusions
 If only IDS’s were that good!
 “It is to be noted that the mechanisms of the
immune system are remarkably complex and
poorly understood, even by immunologists.”
–Dasgupta, Attoh-Okine

Overview
Fuzzy Data Mining and GA Applied to
Intrusion Detection
New Paradigms for ID Using GP
(CHIMERA)
Fuzzy Data Mining and GA
Applied to Intrusion Detection
S. Bridges, R. Vaughn, Mississippi State
University, NISSC 2000
Premise:



Body is good at detecting intrusions by pattern
matching
Can use this for securing systems
Given a learning trace, evolve a program over a
series of generations to detect intrusions
Novel idea:


Using training data and rules develops rules overspecific to training data
Fuzzy rules are less specific
What is fuzziness?
Technique
Fuzzy Data Mining

Fuzzy Association Rules computed for baseline
 Example rule: {time = 11-12pm} => {load = LOW}
 Compared with rules for abnormals
 “Distance” computed

Fuzzy Frequency Episodes
 (grouping data into repetitive sequences)
 Same trick, “distance” computed between series
Technique (con’t)
Misuse Detection expert system also
used

Hardwired rules, like, >3 login attempts
== bad
Genetic Algorithms: used to tune fuzzy
sets
Swiped from
http://csrc.nist.gov/nissc/2000/proceedings/papers/005slide.pdf
Results
Anomaly % == #anomalies detected / #actual anomalies
More Results
Conclusions
GA only used to optimize results
Fuzzy data mining works okay
Fuzzy results 
New Paradigms for Intrusion Detection
Using Genetic Programming
Bob Adolf, 2003 (from Northwestern?)
Premise:



Body is good at detecting intrusions by
pattern matching
Can use this for securing systems
Given a learning trace, evolve a program
over a series of generations to detect
intrusions
Design of CHIMERA
Linear phenome

“string of 1’s and 0’s” vs. “tree program”
Brood Recombination

“lots of kids per parent”
Small mutations

more like life
Code Locality number

Supposed to help crossover
Evaluation of CHIMERA
Cool trace: 3 days long, 20 flagged
intrusions
100 generations, 10k members /
generation, top 100 kept as survivors
Results and Conclusion
Results and Conclusion
Total failure of CHIMERA
Best members not as good as random strings
Code locality numbers didn’t work (no
coherent code blocks)
Conclusion:


GP requires way more resources and generations
than normal programs
IDS is hard for GP. 20 intrusions in a trace of tens
of millions of events is “magnificently sparse”
Final Conclusion
Using GP to Improve IDS:


Still formative
Poorly understood
Related documents
601323 Data Mining
601323 Data Mining
Anomaly Detection Using GAs
Anomaly Detection Using GAs
M.Tech. IN ADVANCED INFORMATION TECHNOLOGY - INTELLIGENT SYSTEMS AND ROBOTICS (MTECHSR) Term-End Examination
M.Tech. IN ADVANCED INFORMATION TECHNOLOGY - INTELLIGENT SYSTEMS AND ROBOTICS (MTECHSR) Term-End Examination
DAFTAR PUSTAKA
DAFTAR PUSTAKA
Some Applications of Fuzzy Logic in Data Mining and Information
Some Applications of Fuzzy Logic in Data Mining and Information
Overview of Part II, CMSC5707 Advanced Topics in Artificial
Overview of Part II, CMSC5707 Advanced Topics in Artificial
customized Microsoft Word 2007 chapter abstract template
customized Microsoft Word 2007 chapter abstract template
Tutorial Details
Tutorial Details
3Jain-Agarwal
3Jain-Agarwal
Document
Document
ppt - Princeton University
ppt - Princeton University
Pattern Recognition, Data Mining, and Image Processing for
Pattern Recognition, Data Mining, and Image Processing for
The First Computational Intelligence Reading of IEEE SMC Student
The First Computational Intelligence Reading of IEEE SMC Student
Fuzzy Alerts
Fuzzy Alerts
Intrusion Detection Based on Swarm Intelligence using mobile agent
Intrusion Detection Based on Swarm Intelligence using mobile agent
A Simple Fuzzy Excitation Control System for Synchronous Generator
A Simple Fuzzy Excitation Control System for Synchronous Generator
chapter 2 - UniMAP Portal
chapter 2 - UniMAP Portal
Petrogenesis of mafic-ultramafic intrusions in the Giles Complex, WA
Petrogenesis of mafic-ultramafic intrusions in the Giles Complex, WA
Intrusion Detection
Intrusion Detection
chapter2
chapter2
chapter 4 survey of data mining techniques
chapter 4 survey of data mining techniques
PPT
PPT