Network intrusion detection by artificial immune system

With computer network’s fast penetration into our life, various types of malicious attacks and service abuses increase dramatically. Network security has become one of the big challenges in the modern networks. Intrusion Detection (ID) is one of the active branches in network security research field. Many technologies, such as neural networks, fuzzy logic and genetic algorithms have been applied in intrusion detection and the results are varied. In this thesis, an Artificial Immune System (AIS) based intrusion detection is explored. AIS is a bio-inspired computing paradigm that has been applied in many different areas including intrusion detection. The main objective of our research is to improve the AIS based Intrusion Detection System’s (IDS) performance on detection while keeping its system computing complexity to a low level.<br><br>An IDS requires specified monitoring parameter set. In a computer network, there are many parameters can be collected or monitored. The quantity of parameters could be real big. These parameters can be used for the intrusion detection purpose. However, the significance of these parameters in intrusion detection can be very different. If all parameters were used, the computing complexity of IDS would be high. Therefore the selection of a group of significant parameters is necessary. This process is called feature selection. Two feature selection algorithms, i.e. Rough set algorithm (RSA) and linear genetic programming (LPG) are selected and compared in this thesis. An improved AIS based IDS with these two feature selection algorithms are studied.<br><br>A basic feature selection algorithm only picks the features to be used, assuming they have equal contribution towards the system performance and that is not the case in reality. Therefore weighing the parameters’ contribution in the IDS is expected to further improve the performance. However, assigning weights to the selected features is not an easy work. In this thesis, a weight distribution scheme among selected features is proposed. With a simplified exhausted approach, an optimal weight allocation is obtained. The results show that the improved AIS based IDS with weighted feature selection can achieve 99.98 % of true positive rate while keeping the true negative rate at 99.94%. These results are obtained from the experiment on the popular testing dataset: KDD Cup 99. The results indicate the proposed scheme outperforms most of the existing IDS on the same testing data set.