Evolutionary methods for detecting network intrusions

Intrusion detection (ID) is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of intrusions, defined as attempts to compromise the confidentiality, integrity, availability, or to bypass the security mechanisms of a computer or network. Internet services, and the number of Internet users increases every day this makes networks as a window for malicious users to do their damage becomes very great and lucrative. The objective of this paper is to incorporate different methods to detect and classify intrusion from normal network packet. Among several evolutionary techniques, Steady State Genetic-based Machine Leaning Algorithm (SSGBML) will be used to detect intrusions with Zeroth Level Classifier system (ZCS) are investigated here. Steady State Genetic Algorithm (SSGA) is used as a discovery mechanism instead of Simple Genetic Algorithm ( SGA). SGA replaces all old rules with new produced rule preventing old good rules from participating in the next rule generation. In contrast, SSGA gives a chance for previous rules to participate in new generations. ZCS is used to play the role of detector by matching incoming environment message with classifiers to determine whether the current message is normal or intrusion and receiving feedback from environment. The experiments and evaluations of the proposed method were performed with the KDD 99 intrusion detection dataset.