Adaptive anomaly‐based intrusion detection system using genetic algorithm and profiling

Abstract

Intrusion detection systems have been playing an important role in defeating treats in the Cyberspace. In this context, researchers have been proposing anomaly‐based methods for intrusion detection, on which the “normal” behavior is defined and the deviations (anomalies) are pointed out as intrusions. In this case, profiling is a relevant procedure used to establish a baseline for the normal behavior. In this work, an adaptive approach based on genetic algorithm is used to select features for profiling and parameters for anomaly‐based intrusion detection methods. Additionally, two anomaly‐based methods are introduced to be coupled with the proposed approach. One is based on basic statistics and the other is based on a projected clustering procedure. In the presented experiments performed on the CICIDS2017 dataset, our methods achieved results as good as detection rate equals to 92.85% and false positive rate of 0.69%. The presented approach iteratively adapts to new attacks and to the environmental requirements, such as security staff's preferences and available computational resources.