Databases Reference
In-Depth Information
feature and each leaf is labeled with a category or class. A decision tree can
then be used to classify a data point by starting at the root of the tree and
moving through it until a leaf node is reached. The leaf node would then
provide the classification of the data point.
Fuzzy logic:
These techniques have been in use in the area of computer
and network security since the late 1990s.
20
Fuzzy logic has been used for
intrusion detection for two primary reasons.
21
Firstly, several quantitative
parameters that are used in the context of intrusion detection e.g., CPU
usage time, connection interval, etc., can potentially be viewed as fuzzy
variables. Secondly, as stated by Bridges
et al.
,
21
the concept of security is
fuzzy in itself. In other words, the concept of fuzziness helps to smooth out
the abrupt separation of normal behaviour from abnormal behavior. That
is, a given data point falling outside/inside a defined “normal interval”,
will be considered anomalous/normal to the same degree regardless of its
distance from/within the interval.
Genetic algorithms:
It is a search technique used to find approximate
solutions to optimization and search problems. This has also been
extensively employed in the domain of intrusion detection to differentiate
normal network tra
c from anomalous connections. The major advantage
of genetic algorithms is their flexibility and robustness as a global search
method. In addition, a genetic algorithm search converges to a solution
from multiple directions and is based on probabilistic rules instead of
deterministic ones. In the domain of network intrusion detection, genetic
algorithms have been used in a number of ways. Some approaches have
used genetic algorithms directly to derive classification rules, while others
use genetic algorithms to select appropriate features or determine optimal
parameters of related functions, while different data mining techniques
are then used to acquire the rules. While the advantage of the genetic
approach was that it used numerous agents to monitor a variety of network
based parameters, lack of intra-agent communication and a lengthy training
process were some issues that were not addressed.
Neural network:
Neural network based intrusion detection systems have
traditionally been host based systems that focus on detecting deviations in
program behaviour as a sign of an anomaly. In the neural network approach
to intrusion detection, the neural network learns to predict the behaviour of
the various users and daemons in the system. The main advantage of neural
