Publication: Evolving high-speed, easy-to-understand network intrusion detection rules with genetic programming
| dc.affiliation.dpto | UC3M. Departamento de Informática | es |
| dc.affiliation.grupoinv | UC3M. Grupo de Investigación: COSEC (Computer SECurity Lab) | es |
| dc.contributor.author | Orfila Díaz-Pabon, Agustín | |
| dc.contributor.author | Estévez Tapiador, Juan Manuel | |
| dc.contributor.author | Ribagorda Garnacho, Arturo | |
| dc.date.accessioned | 2010-11-02T11:01:49Z | |
| dc.date.available | 2010-11-02T11:01:49Z | |
| dc.date.issued | 2009-04 | |
| dc.description | Proceeding of: EvoWorkshops 2009: EvoCOMNET, EvoENVIRONMENT, EvoFIN, EvoGAMES, EvoHOT, EvoIASP, EvoINTERACTION, EvoMUSART, EvoNUM, EvoSTOC, EvoTRANSLOG, Tübingen, Germany, April 15-17, 2009 | |
| dc.description.abstract | An ever-present problem in intrusion detection technology is how to construct the patterns of (good, bad or anomalous) behaviour upon which an engine have to make decisions regarding the nature of the activity observed in a system. This has traditionally been one of the central areas of research in the field, and most of the solutions proposed so far have relied in one way or another upon some form of data mining–with the exception, of course, of human-constructed patterns. In this paper, we explore the use of Genetic Programming (GP) for such a purpose. Our approach is not new in some aspects, as GP has already been partially explored in the past. Here we show that GP can offer at least two advantages over other classical mechanisms: it can produce very lightweight detection rules (something of extreme importance for high-speed networks or resource-constrained applications) and the simplicity of the patterns generated allows to easily understand the semantics of the underlying attack. | |
| dc.description.status | Publicado | |
| dc.format.mimetype | application/pdf | |
| dc.identifier.bibliographicCitation | Applications of Evolutionary Computing. Lecture Notes in Computer Science Springer, vol. 5484, 2009, pp. 93-98 | |
| dc.identifier.doi | 10.1007/978-3-642-01129-0_11 | |
| dc.identifier.isbn | 3-642-01128-4 | |
| dc.identifier.isbn | 978-3-642-01128-3 | |
| dc.identifier.issn | 0302-9743 | |
| dc.identifier.publicationfirstpage | 93 | |
| dc.identifier.publicationlastpage | 98 | |
| dc.identifier.publicationvolume | 5484 | |
| dc.identifier.uri | https://hdl.handle.net/10016/9552 | |
| dc.language.iso | eng | |
| dc.publisher | Springer | |
| dc.relation.eventdate | April 15-17, 2009 | |
| dc.relation.eventplace | Tübingen (Germany) | |
| dc.relation.eventtitle | EvoWorkshops 2009: EvoCOMNET, EvoENVIRONMENT, EvoFIN, EvoGAMES, EvoHOT, EvoIASP, EvoINTERACTION, EvoMUSART, EvoNUM, EvoSTOC, EvoTRANSLOG | |
| dc.relation.ispartofseries | Lecture notes in computer science | |
| dc.relation.ispartofseries | 5484/2009 | |
| dc.relation.publisherversion | http://dx.doi.org/10.1007/978-3-642-01129-0_11 | |
| dc.rights | © Springer-Verlag | |
| dc.rights.accessRights | open access | |
| dc.subject.eciencia | Informática | |
| dc.subject.other | GP | |
| dc.subject.other | Genetic programming | |
| dc.subject.other | IDS | |
| dc.subject.other | Network intrusion detection | |
| dc.title | Evolving high-speed, easy-to-understand network intrusion detection rules with genetic programming | |
| dc.type | conference paper | * |
| dc.type.review | PeerReviewed | |
| dspace.entity.type | Publication |
Files
Original bundle
1 - 1 of 1