SlideShare una empresa de Scribd logo

Intrusion detection system with GA

C
ChungHsiangHsueh
EducaciónTecnología
1 de 21
Intrusion Detection System B95901153 薛仲翔 B96901038 郭建言
Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
Security Audit Generate, record, review, and then sort the system events for some security purposes. System monitoring Avoid misusing Event reconstructing Accountability Damage assessing and recovering
The Development of IDS In 1950s, a document of requirements of Electronic Data Processing (EDP) audit was defined. In 1970s, audit processing was subsumed into "Trusted Computer System Evaluation Criteria“.
The Development of IDS (cont.) Audit reduction Distinguish risks and threats. Statistic analysis Masquerade attack Intrusion detection systems after 1980s Discovery, Haystack, MIDAS, NADIR, NSM, etc. Commercial product
Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
Architecture Functional device information source analysis engine response component Separated audit and audited system Intruder may shut down the IDS. Audit records may be altered or deleted. Reduce the loading of IDS
Strategies Information source, or event generator Host-based Network-based Application-based Target-based
Strategies (cont.) Analysis Misuse Anomaly Response Accountability Log Alarm the administrator Adjust IDS or the intruded system Notify routers and/or firewalls
Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
Genetic Algorithm(GA) 0 1 1 0 1 0 0 1 1 0 1 0 0 1 1 0 0 0 1 0 0 1 0 1 0 1 1 0 1 0 1 1 0 1 0 1 1 1 0 1 0 1 1 1 0 1 0 1 0 1 1 0 1 0 1 1 0 1 0 1 0 1 1 0 1 0 1 1 0 1 0 1 1 0 0 0 1 1 0 1 1 1 0 1 0 1 1 0 0 1 1 1 0 0 1 1 1 1 0 1 0 1 1 1 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 Selection Evaluation Selection Initialization Crossover Mutation 0 1 1 1 0 1 Until termination Replacement Crossover Higher fitness 1 1 0 0 1 0 Simple GA flow Prof. TianLi Yu 1 1 1 0 1 0 Mutation Lower fitness 0 0 1 0 1 1 GA is a kind of global mountain climbing algorithm
Why Genetic Algorithm(GA)? Misused detection is not treated well.(Because it needs continous updating) System based on GA can be easily re-trained. The space of potential solution is truely huge. Due to the parallelism that allows them to implicitly evaluate many schemas at once.
System Implementation(Developed by Bancovic et al.) Rule-Based IDS: If-then rules are trained to recognize normal connections. ‧MultiExpressionProgramming(MEP)isappliedtoconstructtherules. ‧Very low false-positive rate Linear classifier: Classifies connections into normal ones and potential attacks. ‧Low false-negative rate ‧high false-positive rate ->its decision has to be re-checked.
System Implementation Linear classifier: Population = 1000 ;Generation = 300 The features used to Describe the Attack: gene[1]*duration + gene[2]*src_bytes + gene[3]*dst_host_srv_serr_rate < gene[4] FitnessFunction: # squared percentage achieves better performance
System Implementation Rule-Based IDS: FitnessFunction :F-Measure If-then rules are trained to recognize normal connections. ‧MultiExpressionProgramming(MEP)isappliedtoconstructtherules. ‧Very low false-positive rate Service Hot Logged Threshold SampleRule used to identifyNormal Connections: ----------------------------------------------------------------- If(service==“http”andhot==“0”andlogged_in==“0”) Thennormal A rule
Results The experimental results of whole system Trained by 250000 of 491021 data from “KDD_10_percent” Retrained by the remaining data from KDD_10_percent
Discussion ‧Advantage: Perform the training process and the process of detecting intrusions faster while maintaining high detection rate. #Because only six feature are defined to train. ‧Drawback: The distribution of the attacks and normal connection in the datasets is not very realistic [7], i.e. only 20% of the training data set makes normal connections while in real world the situation is quite opposite, as the percentage of normal packets highly exceeds the percentage of intrusive ones.
Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
The Implementation of IDS with Some Popular Methods
Reference GASSATA, A Genetic Algorithm as an Alternative Tool for Security Audit Trails Analysis, Ludovic Me,2000 A Genetic Algorithm-based Solution for Intrusion Detection , ZoranaBanković et al,2009 駭客入侵偵測專業手冊,旗標出版社,Rebecca Gurley Bace著,賴冠州編譯,2001

Recomendados

Fault detection consequence
Fault detection consequenceFault detection consequence
Fault detection consequenceMahbub Rashid
 
SplunkLive! Houston Improving Healthcare Operations
SplunkLive! Houston Improving Healthcare OperationsSplunkLive! Houston Improving Healthcare Operations
SplunkLive! Houston Improving Healthcare OperationsSplunk
 
Basics of process fault detection and diagnostics
Basics of process fault detection and diagnosticsBasics of process fault detection and diagnostics
Basics of process fault detection and diagnosticsRahul Dey
 
STPA and Software Verification
STPA and Software VerificationSTPA and Software Verification
STPA and Software VerificationAsim Abdulkhaleq, Dr.rer.nat
 
Diagnostic process
Diagnostic processDiagnostic process
Diagnostic processHezzy Burton
 
Penetration testing services
Penetration testing servicesPenetration testing services
Penetration testing servicesAlisha Henderson
 
Adaptive training of vibration-based anomaly detector for wind turbine condit...
Adaptive training of vibration-based anomaly detector for wind turbine condit...Adaptive training of vibration-based anomaly detector for wind turbine condit...
Adaptive training of vibration-based anomaly detector for wind turbine condit...pcl-lab
 
626 Information leakage and Data Loss Prevention Tools
626 Information leakage and Data Loss Prevention Tools626 Information leakage and Data Loss Prevention Tools
626 Information leakage and Data Loss Prevention ToolsSplitty
 

Recomendados

Fault detection consequence
Fault detection consequenceFault detection consequence
Fault detection consequenceMahbub Rashid
 
SplunkLive! Houston Improving Healthcare Operations
SplunkLive! Houston Improving Healthcare OperationsSplunkLive! Houston Improving Healthcare Operations
SplunkLive! Houston Improving Healthcare OperationsSplunk
 
Basics of process fault detection and diagnostics
Basics of process fault detection and diagnosticsBasics of process fault detection and diagnostics
Basics of process fault detection and diagnosticsRahul Dey
 
STPA and Software Verification
STPA and Software VerificationSTPA and Software Verification
STPA and Software VerificationAsim Abdulkhaleq, Dr.rer.nat
 
Diagnostic process
Diagnostic processDiagnostic process
Diagnostic processHezzy Burton
 
Penetration testing services
Penetration testing servicesPenetration testing services
Penetration testing servicesAlisha Henderson
 
Adaptive training of vibration-based anomaly detector for wind turbine condit...
Adaptive training of vibration-based anomaly detector for wind turbine condit...Adaptive training of vibration-based anomaly detector for wind turbine condit...
Adaptive training of vibration-based anomaly detector for wind turbine condit...pcl-lab
 
626 Information leakage and Data Loss Prevention Tools
626 Information leakage and Data Loss Prevention Tools626 Information leakage and Data Loss Prevention Tools
626 Information leakage and Data Loss Prevention ToolsSplitty
 
Machine learning for sensor Data Analytics
Machine learning for sensor Data AnalyticsMachine learning for sensor Data Analytics
Machine learning for sensor Data AnalyticsMATLABISRAEL
 
IRJET- Intrusion Detection System using Genetic Algorithm
IRJET- Intrusion Detection System using Genetic AlgorithmIRJET- Intrusion Detection System using Genetic Algorithm
IRJET- Intrusion Detection System using Genetic AlgorithmIRJET Journal
 
Mathworks CAE simulation suite – case in point from automotive and aerospace.
Mathworks CAE simulation suite – case in point from automotive and aerospace.Mathworks CAE simulation suite – case in point from automotive and aerospace.
Mathworks CAE simulation suite – case in point from automotive and aerospace.WMG centre High Value Manufacturing Catapult
 
Validation
ValidationValidation
ValidationJanet Robinson
 
SE2018_Lec 19_ Software Testing
SE2018_Lec 19_ Software TestingSE2018_Lec 19_ Software Testing
SE2018_Lec 19_ Software TestingAmr E. Mohamed
 
Machine learning algorithm for classification of activity of daily life’s
Machine learning algorithm for classification of activity of daily life’sMachine learning algorithm for classification of activity of daily life’s
Machine learning algorithm for classification of activity of daily life’sSiddharth Chakravarty
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...akquinet enterprise solutions GmbH
 
Machine Learning AND Deep Learning for OpenPOWER
Machine Learning AND Deep Learning for OpenPOWERMachine Learning AND Deep Learning for OpenPOWER
Machine Learning AND Deep Learning for OpenPOWERGanesan Narayanasamy
 
Healthcare IT
Healthcare ITHealthcare IT
Healthcare ITRISC Networks
 
BigDansing presentation slides for SIGMOD 2015
BigDansing presentation slides for SIGMOD 2015BigDansing presentation slides for SIGMOD 2015
BigDansing presentation slides for SIGMOD 2015Zuhair khayyat
 
#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...
#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...
#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...Agile Testing Alliance
 
IRJET- Intrusion Detection using IP Binding in Real Network
IRJET- Intrusion Detection using IP Binding in Real NetworkIRJET- Intrusion Detection using IP Binding in Real Network
IRJET- Intrusion Detection using IP Binding in Real NetworkIRJET Journal
 
IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...
IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...
IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...IRJET Journal
 
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...Chester Chen
 
Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...Liming Zhu
 
AI for Software Engineering
AI for Software EngineeringAI for Software Engineering
AI for Software EngineeringMiroslaw Staron
 
IRJET - Automated Fraud Detection Framework in Examination Halls
IRJET - Automated Fraud Detection Framework in Examination Halls IRJET - Automated Fraud Detection Framework in Examination Halls
IRJET - Automated Fraud Detection Framework in Examination HallsIRJET Journal
 
From Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems ArchitecturesFrom Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems ArchitecturesObeo
 
4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less workIevgenii Katsan
 
Machine programming
Machine programmingMachine programming
Machine programmingDESMOND YUEN
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 

Más contenido relacionado

Similar a Intrusion detection system with GA

Machine learning for sensor Data Analytics
Machine learning for sensor Data AnalyticsMachine learning for sensor Data Analytics
Machine learning for sensor Data AnalyticsMATLABISRAEL
 
IRJET- Intrusion Detection System using Genetic Algorithm
IRJET- Intrusion Detection System using Genetic AlgorithmIRJET- Intrusion Detection System using Genetic Algorithm
IRJET- Intrusion Detection System using Genetic AlgorithmIRJET Journal
 
SE2018_Lec 19_ Software Testing
SE2018_Lec 19_ Software TestingSE2018_Lec 19_ Software Testing
SE2018_Lec 19_ Software TestingAmr E. Mohamed
 
Machine learning algorithm for classification of activity of daily life’s
Machine learning algorithm for classification of activity of daily life’sMachine learning algorithm for classification of activity of daily life’s
Machine learning algorithm for classification of activity of daily life’sSiddharth Chakravarty
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...akquinet enterprise solutions GmbH
 
Machine Learning AND Deep Learning for OpenPOWER
Machine Learning AND Deep Learning for OpenPOWERMachine Learning AND Deep Learning for OpenPOWER
Machine Learning AND Deep Learning for OpenPOWERGanesan Narayanasamy
 
BigDansing presentation slides for SIGMOD 2015
BigDansing presentation slides for SIGMOD 2015BigDansing presentation slides for SIGMOD 2015
BigDansing presentation slides for SIGMOD 2015Zuhair khayyat
 
#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...
#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...
#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...Agile Testing Alliance
 
IRJET- Intrusion Detection using IP Binding in Real Network
IRJET- Intrusion Detection using IP Binding in Real NetworkIRJET- Intrusion Detection using IP Binding in Real Network
IRJET- Intrusion Detection using IP Binding in Real NetworkIRJET Journal
 
IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...
IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...
IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...IRJET Journal
 
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...Chester Chen
 
Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...Liming Zhu
 
AI for Software Engineering
AI for Software EngineeringAI for Software Engineering
AI for Software EngineeringMiroslaw Staron
 
IRJET - Automated Fraud Detection Framework in Examination Halls
IRJET - Automated Fraud Detection Framework in Examination Halls IRJET - Automated Fraud Detection Framework in Examination Halls
IRJET - Automated Fraud Detection Framework in Examination HallsIRJET Journal
 
From Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems ArchitecturesFrom Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems ArchitecturesObeo
 
4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less workIevgenii Katsan
 
Machine programming
Machine programmingMachine programming
Machine programmingDESMOND YUEN
 

Similar a Intrusion detection system with GA (20)

Machine learning for sensor Data Analytics
Machine learning for sensor Data AnalyticsMachine learning for sensor Data Analytics
Machine learning for sensor Data Analytics
 
IRJET- Intrusion Detection System using Genetic Algorithm
IRJET- Intrusion Detection System using Genetic AlgorithmIRJET- Intrusion Detection System using Genetic Algorithm
IRJET- Intrusion Detection System using Genetic Algorithm
 
Mathworks CAE simulation suite – case in point from automotive and aerospace.
Mathworks CAE simulation suite – case in point from automotive and aerospace.Mathworks CAE simulation suite – case in point from automotive and aerospace.
Mathworks CAE simulation suite – case in point from automotive and aerospace.
 
Validation
ValidationValidation
Validation
 
SE2018_Lec 19_ Software Testing
SE2018_Lec 19_ Software TestingSE2018_Lec 19_ Software Testing
SE2018_Lec 19_ Software Testing
 
Machine learning algorithm for classification of activity of daily life’s
Machine learning algorithm for classification of activity of daily life’sMachine learning algorithm for classification of activity of daily life’s
Machine learning algorithm for classification of activity of daily life’s
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
 
Machine Learning AND Deep Learning for OpenPOWER
Machine Learning AND Deep Learning for OpenPOWERMachine Learning AND Deep Learning for OpenPOWER
Machine Learning AND Deep Learning for OpenPOWER
 
Healthcare IT
Healthcare ITHealthcare IT
Healthcare IT
 
BigDansing presentation slides for SIGMOD 2015
BigDansing presentation slides for SIGMOD 2015BigDansing presentation slides for SIGMOD 2015
BigDansing presentation slides for SIGMOD 2015
 
#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...
#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...
#ATAGTR2021 Presentation : "Use of AI and ML in Performance Testing" by Adolf...
 
IRJET- Intrusion Detection using IP Binding in Real Network
IRJET- Intrusion Detection using IP Binding in Real NetworkIRJET- Intrusion Detection using IP Binding in Real Network
IRJET- Intrusion Detection using IP Binding in Real Network
 
IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...
IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...
IRJET - Neural Network based Leaf Disease Detection and Remedy Recommenda...
 
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
 
Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...Dependable Operation - Performance Management and Capacity Planning Under Con...
Dependable Operation - Performance Management and Capacity Planning Under Con...
 
AI for Software Engineering
AI for Software EngineeringAI for Software Engineering
AI for Software Engineering
 
IRJET - Automated Fraud Detection Framework in Examination Halls
IRJET - Automated Fraud Detection Framework in Examination Halls IRJET - Automated Fraud Detection Framework in Examination Halls
IRJET - Automated Fraud Detection Framework in Examination Halls
 
From Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems ArchitecturesFrom Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems Architectures
 
4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work
 
Machine programming
Machine programmingMachine programming
Machine programming
 

Último

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Pooja Bhuva
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxPooja Bhuva
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxPooja Bhuva
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 

Último (20)

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 

Intrusion detection system with GA

  • 1. Intrusion Detection System B95901153 薛仲翔 B96901038 郭建言
  • 2. Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
  • 3. Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
  • 4. Security Audit Generate, record, review, and then sort the system events for some security purposes. System monitoring Avoid misusing Event reconstructing Accountability Damage assessing and recovering
  • 5. The Development of IDS In 1950s, a document of requirements of Electronic Data Processing (EDP) audit was defined. In 1970s, audit processing was subsumed into "Trusted Computer System Evaluation Criteria“.
  • 6. The Development of IDS (cont.) Audit reduction Distinguish risks and threats. Statistic analysis Masquerade attack Intrusion detection systems after 1980s Discovery, Haystack, MIDAS, NADIR, NSM, etc. Commercial product
  • 7. Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
  • 8. Architecture Functional device information source analysis engine response component Separated audit and audited system Intruder may shut down the IDS. Audit records may be altered or deleted. Reduce the loading of IDS
  • 9. Strategies Information source, or event generator Host-based Network-based Application-based Target-based
  • 10. Strategies (cont.) Analysis Misuse Anomaly Response Accountability Log Alarm the administrator Adjust IDS or the intruded system Notify routers and/or firewalls
  • 11. Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
  • 12. Genetic Algorithm(GA) 0 1 1 0 1 0 0 1 1 0 1 0 0 1 1 0 0 0 1 0 0 1 0 1 0 1 1 0 1 0 1 1 0 1 0 1 1 1 0 1 0 1 1 1 0 1 0 1 0 1 1 0 1 0 1 1 0 1 0 1 0 1 1 0 1 0 1 1 0 1 0 1 1 0 0 0 1 1 0 1 1 1 0 1 0 1 1 0 0 1 1 1 0 0 1 1 1 1 0 1 0 1 1 1 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 Selection Evaluation Selection Initialization Crossover Mutation 0 1 1 1 0 1 Until termination Replacement Crossover Higher fitness 1 1 0 0 1 0 Simple GA flow Prof. TianLi Yu 1 1 1 0 1 0 Mutation Lower fitness 0 0 1 0 1 1 GA is a kind of global mountain climbing algorithm
  • 13. Why Genetic Algorithm(GA)? Misused detection is not treated well.(Because it needs continous updating) System based on GA can be easily re-trained. The space of potential solution is truely huge. Due to the parallelism that allows them to implicitly evaluate many schemas at once.
  • 14. System Implementation(Developed by Bancovic et al.) Rule-Based IDS: If-then rules are trained to recognize normal connections. ‧MultiExpressionProgramming(MEP)isappliedtoconstructtherules. ‧Very low false-positive rate Linear classifier: Classifies connections into normal ones and potential attacks. ‧Low false-negative rate ‧high false-positive rate ->its decision has to be re-checked.
  • 15. System Implementation Linear classifier: Population = 1000 ;Generation = 300 The features used to Describe the Attack: gene[1]*duration + gene[2]*src_bytes + gene[3]*dst_host_srv_serr_rate < gene[4] FitnessFunction: # squared percentage achieves better performance
  • 16. System Implementation Rule-Based IDS: FitnessFunction :F-Measure If-then rules are trained to recognize normal connections. ‧MultiExpressionProgramming(MEP)isappliedtoconstructtherules. ‧Very low false-positive rate Service Hot Logged Threshold SampleRule used to identifyNormal Connections: ----------------------------------------------------------------- If(service==“http”andhot==“0”andlogged_in==“0”) Thennormal A rule
  • 17. Results The experimental results of whole system Trained by 250000 of 491021 data from “KDD_10_percent” Retrained by the remaining data from KDD_10_percent
  • 18. Discussion ‧Advantage: Perform the training process and the process of detecting intrusions faster while maintaining high detection rate. #Because only six feature are defined to train. ‧Drawback: The distribution of the attacks and normal connection in the datasets is not very realistic [7], i.e. only 20% of the training data set makes normal connections while in real world the situation is quite opposite, as the percentage of normal packets highly exceeds the percentage of intrusive ones.
  • 19. Outline The Development of IDS The Architecher and Strategies of IDS IDSwith GA The Implementation of IDS with Some Other Popular Methods
  • 20. The Implementation of IDS with Some Popular Methods
  • 21. Reference GASSATA, A Genetic Algorithm as an Alternative Tool for Security Audit Trails Analysis, Ludovic Me,2000 A Genetic Algorithm-based Solution for Intrusion Detection , ZoranaBanković et al,2009 駭客入侵偵測專業手冊,旗標出版社,Rebecca Gurley Bace著,賴冠州編譯,2001