Sharif Digital Repository

The process of scanning the events occurring in a computer system or network and analyzing them for warning of intrusions is known as intrusion detection system (IDS). This paper presents a new intrusion detection system based on tabu search based fuzzy system. Here, we use tabu search algorithm to effectively explore and exploit the large state space associated with intrusion detection as a complicated classification problem. Experiments were performed on KDD-Cup99 data set which has information about intrusive and normal behaviors on computer networks. Results show that the proposed method obtains notable accuracy and lower cost in comparison with several renowned algorithms  

With the growing rate of network attacks, intelligent methods for detecting new attacks have attracted increasing interest. The RT-UNNID system, introduced in this paper, is one such system, capable of intelligent real-time intrusion detection using unsupervised neural networks. Unsupervised neural nets can improve their analysis of new data over time without retraining. In previous work, we evaluated Adaptive Resonance Theory (ART) and Self-Organizing Map (SOM) neural networks using offline data. In this paper, we present a real-time solution using unsupervised neural nets to detect known and new attacks in network traffic. We evaluated our approach using 27 types of attack, and observed... 

The growing number of Internet users and the prevalence of web applications make it necessary to deal with very complex software and applications in the network. This results in an increasing number of new vulnerabilities in the systems, and leading to an increase in cyber threats and, in particular, zero-day attacks. The cost of generating appropriate signatures for these attacks is a potential motive for using machine learning-based methodologies. Although there are many studies on using learning-based methods for attack detection, they generally use extracted features and overlook raw contents. This approach can lessen the performance of detection systems against content-based attacks... 

The capability of fuzzy systems to solve different kinds of problems has been demonstrated in several previous investigations. Genetic fuzzy systems (GFSs) hybridize the approximate reasoning method of fuzzy systems with the learning capability of evolutionary algorithms. The objective of this paper is to design and analysis of various kinds of genetic fuzzy systems to deal with intrusion detection problem as a new real-world application area which is not previously tackled with GFSs. The resulted intrusion detection system would be capable of detecting normal and abnormal behaviors in computer networks. We have presented three kinds of genetic fuzzy systems based on Michigan, Pittsburgh and... 

In this paper, we propose a hybrid approach for designing Intrusion Detection Systems. This approach is based on a Fuzzy Genetic Machine Learning Algorithm to generate fuzzy rules. The rules are able to solve the classification problem in designing an anomaly IDS. The proposed approach supports multiple attack classification. It means that, it is able to detect five classes consist of Denial of Service, Remote to Local, User to Root, Probing and normal classes. We present a two-layer optimization approach based on Pittsburgh style and then combine it with Michigan style. To improve the performance of the proposed system, we take advantages of memetic approach and proposed an enhanced version... 

Intrusion detection systems (IDS) are tools located inside computer networks that analyze the network traffics. In this paper, a novel fuzzy-evolutionary system is presented to effectively detect the intrusion in computer networks. This system utilizes a hybridization of simulated annealing heuristic and tabu search algorithm to improve the accuracy of fuzzy if-then rules as intrusion detectors. Each of these algorithms has its advantageous and disadvantageous. Using the hybrid model of both algorithms, the proposed system employs the good features of them to improve the accuracy of obtained rules. Evaluation of the proposed system is done on the KDDCup99 Dataset which has information about... 

Characteristics and way of behavior of attacks and infiltrators on computer networks are usually very difficult and need an expert. In addition; the advancement of computer networks, the number of attacks and infiltrations is also increasing. In fact, the knowledge coming from expert will lose its value over time and must be updated and made available to the system and this makes the need for expert person always felt. In machine learning techniques, knowledge is extracted from the data itself which has diminished the role of the expert. Various methods used to detect intrusions, such as statistical models, safe system approach, neural networks, etc., all weaken the fact that it uses all the... 

Wireless sensor networks (WSNs) are a new technology, foreseen to be used increasingly in the near future, and security is an important issue for them. However because of the nodes resource limitations, other schemes proposed for securing general ad hoc networks, are not appropriate for WSNs. Usually some nodes act maliciously and they are able to do different kinds of DoS attacks. In order to make the network more secure, malicious nodes should be isolated from the network. In this paper, we model the interaction of nodes in WSN and intrusion detection system (IDS) as a Bayesian game formulation and use this idea to make a secure routing protocol. By this approach nodes are motivated to act... 

In this paper, we use simulated annealing heuristics for constructing an intrusion detection system (IDS). The proposed IDS combines the learning ability of simulated annealing heuristics with the approximate reasoning method of fuzzy systems. The use of simulated annealing is an effort to effectively explore the large search space related to intrusion detection problems, and find the optimum set of fuzzy if-then rules. The aim of this paper is to present the capability of simulated annealing based fuzzy system to deal with intrusion detection classification problem as a new real-world application area. Experiments were performed with KDD-Cup99 intrusion detection benchmark data set. © 2008... 

The process of monitoring the events occurring in a computer system or network and analyzing them for sign of intrusions is known as intrusion detection system (IDS). The objective of this paper is to extract fuzzy classification rules for intrusion detection in computer networks. The proposed method is based on the iterative rule learning approach (IRL) to fuzzy rule base system design. The fuzzy rule base is generated in an incremental fashion, in that the evolutionary algorithm optimizes one fuzzy classifier rule at a time. The performance of final fuzzy classification system has been investigated using intrusion detection problem as a high-dimensional classification problem. Results show... 

The growing number of Internet users and the prevalence of web applications make it necessary to deal with very complex software and applications in the network. This results in an increasing number of new vulnerabilities in the systems, and leading to an increase in cyber threats and, in particular, zero-day attacks. The cost of generating appropriate signatures for these attacks is a potential motive for using machine learning-based methodologies. Although there are many studies on using learning-based methods for attack detection, they generally use extracted features and overlook raw contents. This approach can lessen the performance of detection systems against content-based attacks...