Remote-to-Local attacks detection using incremental genetic algorithm

Intrusion detection is one of the most challenging problems in network security. Detection of attacks on a particular network is not an easy task. Since recently, several machine learning, pattern classification and evolutionary techniques have been used on KDD99Cup dataset for detecting different kinds of intrusions that exist in the dataset. In this paper, we present a genetic algorithm (GA)-based technique for detecting Remote-to-Local (R-to-L) attacks in the network. The problems in other techniques with accuracy, false positive rates and speed have been resolved by using incremental GA in our proposed mechanism. We extract features from the dataset and build rules upon them to identify the attacks. The speed of training and testing is reduced by using less number of features in the incremental GA. The results of the R-to-L Intrusion Detection System (IDS) are rechecked for confirmation by using two more detection systems. The latter detection systems make sure that a particular record identified by the first IDS is really an R-to-L attack. The overall system´s false positive rates are decreased and detection rates are increased. The model is verified on the dataset taken from KDD99Cup which is a standard dataset used for intrusion detection.