Evolving High-speed, Easy-to-understand Network Intrusion Detection Rules with Genetic Programming

Created by W.Langdon from gp-bibliography.bib Revision:1.3973

@InProceedings{Orfila:evows09,
  author =       "Agustin Orfila and Juan M. Estevez-Tapiador and 
                 Arturo Ribagorda",
  title =        "Evolving High-speed, Easy-to-understand Network
                 Intrusion Detection Rules with Genetic Programming",
  booktitle =    "Applications of Evolutionary Computing,
                 EvoWorkshops2009: {EvoCOMNET}, {EvoENVIRONMENT},
                 {EvoFIN}, {EvoGAMES}, {EvoHOT}, {EvoIASP},
                 {EvoINTERACTION}, {EvoMUSART}, {EvoNUM}, {EvoPhD},
                 {EvoSTOC}, {EvoTRANSLOG}",
  year =         "2009",
  month =        "15-17 " # apr,
  editor =       "Mario Giacobini and Ivanoe {De Falco} and Marc Ebner",
  series =       "LNCS",
  volume =       "5484",
  publisher =    "Springer Verlag",
  address =      "Tubingen, Germany",
  pages =        "93--98",
  keywords =     "genetic algorithms, genetic programming, POSTER",
  isbn13 =       "978-3-642-01128-3",
  DOI =          "doi:10.1007/978-3-642-01129-0_11",
  abstract =     "An ever-present problem in intrusion detection
                 technology is how to construct the patterns of (good,
                 bad or anomalous) behaviour upon which an engine have
                 to make decisions regarding the nature of the activity
                 observed in a system. This has traditionally been one
                 of the central areas of research in the field, and most
                 of the solutions proposed so far have relied in one way
                 or another upon some form of data mining--with the
                 exception, of course, of human-constructed patterns. In
                 this paper, we explore the use of Genetic Programming
                 (GP) for such a purpose. Our approach is not new in
                 some aspects, as GP has already been partially explored
                 in the past. Here we show that GP can offer at least
                 two advantages over other classical mechanisms: it can
                 produce very lightweight detection rules (something of
                 extreme importance for high-speed networks or resource
                 constrained applications) and the simplicity of the
                 patterns generated allows to easily understand the
                 semantics of the underlying attack.",
  notes =        "EvoWorkshops2009",
}

Genetic Programming entries for Agustin Orfila Diaz-Pabon Juan Manuel Estevez-Tapiador D Arturo Ribagorda Garnacho

Citations