Databases Reference
In-Depth Information
The normal usage patterns are constructed from the statistical measures of
the system features. The behavior of the user is observed and any deviation
from the constructed normal behavior is detected as an intrusion.
2
The main goal of the IDS is to find intrusions among normal audit
data and this can be considered as a classification problem. One of the
main problems with IDS is the overhead which can become positively
high. As network speed becomes faster, there is an emerging need for
security techniques that will be able to keep up with the increased
network throughput.
3,4
Several machine learning, soft computing and
computational intelligence techniques have been investigated for the design
of IDS, e.g., neural networks,
5
linear genetic programming,
6
support
vector machine (SVM), Bayesian networks, multivariate adaptive regression
splines (MARS),
7
fuzzy inference systems (FISs),
8
hybrid intelligent
systems (HISs),
9
etc. All these aforesaid efforts are primarily focussed
on high detection rates, which completely ignoring the computational
complexity aspect. In view of this the proposed method tried to make
an intelligent IDS which is lightweight, while guaranteeing high detection
rates. The present method tried to solve that by figuring out important
intrusion features through hybrid adaptive particle swarm optimization
(HAPSO). Feature selection is one of the important and frequently used
techniques in data preprocesing for IDS.
10
It reduces the number of features,
removes irrelevant, redundant or noisy features, and brings the immediate
effects for IDS. In this research the hybrid method HAPSO objective is two
folds: (i) learning of Bayesian coecients and (ii) selection of optimal set
of intrusion features. HAPSO is based on the idea of adaptive PSO
11
for
continuous search space exploration and binary PSO
12
for discrete search
space exploration.
In terms of feature selection, many researchers have proposed
identifying important intrusion features through wrapper, filter and hybrid
approaches. Wrapper method exploits a machine learning algorithm to
evaluate the goodness of features or feature set. In the present study we use
HAPSO learnable extended Bayesian classifier
13
to evaluate the optimality
of features or feature set.
The rest of the chapter is organized as follows. Section 5.2 provides the
related research. Preliminary materials are presented in Sec. 5.3. Section 5.4
comprises of HAPSO/Bayesian classifier for IDS. Experimental results and
analysis is presented in Secs. 5.5 and 5.6 concludes the chapter with a
possible feature research directions.
