Increasing Detection Rate of User-to-Root Attacks Using Genetic Algorithms
- Resource Type
- Conference
- Authors
- Bankovic, Zorana; Bojanic, Slobodan; Nieto-Taladriz, Octavio; Badii, Atta
- Source
- The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007) Emerging Security Information, Systems, and Technologies, 2007. SecureWare 2007. The International Conference on. :48-53 Oct, 2007
- Subject
- Computing and Processing
Genetic algorithms
Intrusion detection
Machine learning algorithms
Protection
System testing
Pattern recognition
Filters
Benchmark testing
Information security
Machine learning
- Language
- ISSN
- 2162-2108
2162-2116
An extensive set of machine learning and pattern classification techniques trained and tested on KDD dataset failed in detecting most of the user-to-root attacks. This paper aims to provide an approach for mitigating negative aspects of the mentioned dataset, which led to low detection rates. Genetic algorithm is employed to implement rules for detecting various types of attacks. Rules are formed of the features of the dataset identified as the most important ones for each attack type. In this way we introduce high level of generality and thus achieve high detection rates, but also gain high reduction of the system training time. Thenceforth we re-check the decision of the user-toroot rules with the rules that detect other types of attacks. In this way we decrease the false-positive rate. The model was verified on KDD99, demonstrating higher detection rates than those reported by the stateof- the-art while maintaining low false-positive rate.