Loading...

Web Anomaly Host-Based IDS, Using Computational Intelligence Approach

Javadzadeh, Ghazaleh | 2012

811 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: English
  3. Document No: 42873 (52)
  4. University: Sharif University of Technology, International Campus, Kish Island
  5. Department: Science and Engineering
  6. Advisor(s): Azmi, Reza
  7. Abstract:
  8. In this thesis we propose a two-layer hybrid fuzzy genetic algorithm for designing anomaly based an Intrusion Detection System. Our proposed algorithm is based on two basic Genetic Based Machine Learning Styles (i.e. Pittsburgh and Michigan). The Algorithm supports multiple attack classifications; it means that the algorithm is able to detect five classes of network patterns consisting of Denial of Service, Remote to Local, User to Root, Probing and Normal class.
    Our proposed algorithm has two approaches. In the first approach we choose Pittsburgh style as the base of the algorithm that provides a global search. Then combine it with Michigan style to support local search. In this approach the algorithm is running for each class and the generated rules will be gathered in a bigger rule set. As the experimental results on NSL KDD dataset show this approach can converge to the classification accuracy about 98.2 % and 0.5% false alarm, in 50 iterations. To improve the performance of the proposed algorithm, we take advantages of memetic approach and proposed an enhanced version of our algorithm. We use elitism to keep the efficiency of our algorithm, while using random patterns to produce various generations, in different iteration of genetic algorithm. Producing the result for each class in this approach is the same as previous one, while the formation of final result has been done in a different way. The produced rule set contains improved generation of elite rules of each class, so it has the ability of multiple attack classification similar to basic approach. In this approach with a little decline of classification accuracy, the computational time in test phase of algorithm reduces about 80% of the same time needed for basic approach. Also we have about 20% computational time reductions in total time consist of test and train phase.
  9. Keywords:
  10. Intrusion Detection System ; Fuzzy-Genetic System ; Soft Computation ; Computational Intelligent Technique ; Multiple Attacks Classification

 Digital Object List

  • محتواي پايان نامه
  •   view

 Bookmark

No TOC