A Genetic Algorithm (GA) approach with an improved initial population and selection operator, to efficiently detect various types of network intrusions. GA is used to optimize the search for attack scenarios in audit files, thanks to its good exploration / exploitation of balances; It provides the subset of potential attacks that are present in the audit file in a reasonable processing time. In the testing phase, the Network Security Lab - Knowledge Discovery and Data Mining (NSL-KDD99) benchmark data set was used to detect misuse activities. Combining the IDS with the genetic algorithm increases the performance of the detection rate of the network intrusion detection model and reduces the rate of false positives.
Intrusion Detection is a process used to detect suspicious activity at both the network and host levels. Two major ID techniques available are anomaly detection and misuse detection. In the anomaly-based detection system, audit data is used to differentiate between abnormal and normal data. On the other hand, the tamper detection system, also called as signature-based IDS, uses well-known attack patterns to match audit data and identify them as intrusions. The operation of malware detection models is in a sense very similar to that of antivirus applications. Misuse IDS can analyze the network or system and compare its activities with the signatures of known computer and network intrusive behaviors. To recognize traffic as an attack, IDS must be taught to recognize normal activity.
Several ways are available to accomplish this like the use of artificial intelligence techniques. Audit data used to test and create rules or define patterns can be collected from various sources, such as network traffic data, host system logs, and multi-process system calls. IDS require sensor. Sensor is the system in which an IDS is installed and running. The network sensor monitors network packets such as TCP / IP headers, the duration of the connection and the number of bytes transferred, etc. While the host sensor monitors system logs, memory usage on the host, and so on.