Autonomous Rule Creation for Intrusion Detection
Many computational intelligence techniques for anomaly based network intrusion detection can be found in literature. Translating a newly discovered intrusion recognition criteria into a distributable rule can be a human intensive effort. This paper explores a multi-modal genetic algorithm solution for autonomous rule creation. This algorithm focuses on the process of creating rules once an intrusion has been identified, rather than the evolution of rules to provide a solution for intrusion detection. The algorithm was demonstrated on anomalous ICMP network packets (input) and Snort rules (output of the algorithm). Output rules were sorted according to a fitness value and any duplicates were removed. The experimental results on ten test cases demonstrated a 100 percent rule alert rate. Out of 33,804 test packets 3 produced false positives. Each test case produced a minimum of three rule variations that could be used as candidates for a production system.
- Research Organization:
- Idaho National Laboratory (INL)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC07-05ID14517
- OSTI ID:
- 1023508
- Report Number(s):
- INL/CON-10-20413
- Country of Publication:
- United States
- Language:
- English
Similar Records
Applying Fast String Matching to Intrusion Detection
Security Evaluation of Two Intrusion Detection Systems in Smart Grid SCADA Environment