Information Technology Reference
In-Depth Information
Testing Ensembles for Intrusion Detection: On the
Identification of Mutated Network Scans
Silvia González
1
, Javier Sedano
1
, Álvaro Herrero
2
, Bruno Baruque
2
,
and Emilio Corchado
3
1
Instituto Tecnológico de Castilla y León
C/ López Bravo 70, Pol. Ind. Villalonquejar, 09001 Burgos, Spain
javier.sedano@itcl.es
2
Department of Civil Engineering, University of Burgos, Spain
C/ Francisco de Vitoria s/n, 09006 Burgos, Spain
{ahcosio,bbaruque}@ubu.es
3
Departamento de Informática y Automática, Universidad de Salamanca
Plaza de la Merced, s/n, 37008 Salamanca, Spain
escorchado@usal.es
Abstract.
In last decades there have been many proposals from the machine
learning community in the intrusion detection field. One of the main problems
that Intrusion Detection Systems (IDSs) - mainly anomaly-based ones - have to
face are those attacks not previously seen (zero-day attacks). This paper pro-
poses a mutation technique to test and evaluate the performance of several clas-
sifier ensembles incorporated to network-based IDSs when tackling the task of
recognizing such attacks. The technique applies mutant operators that randomly
modifies the features of the captured packets to generate situations that other-
wise could not be provided to learning IDSs. As an example application for the
proposed testing model, it has been specially applied to the identification of
network scans and related mutations.
Keywords:
Network Intrusion Detection, Computational Intelligence, Machine
Learning, IDS Performance, Classifiers.
1 Introduction
One of the most harmful issues of attacks and intrusions, which increases the diffi-
culty of protecting computer systems, is the ever-changing nature of attack technolo-
gies and strategies.
For that reason, among others, IDSs [1], [2], [3] have become an essential asset in
addition to the computer security infrastructure of most organizations. In the context
of computer networks, an IDS can roughly be defined as a tool designed to detect
suspicious patterns that may be related to a network or system attack. Intrusion Detec-
tion (ID) is therefore a field that focuses on the identification of attempted or ongoing
attacks on a computer system (Host IDS - HIDS) or network (Network IDS - NIDS).
ID has been approached from several different points of view up to now; many dif-
ferent Computational Intelligence techniques - such as Genetic Programming [4],
Search WWH ::
Custom Search