Summary of the doctoral thesis of Mathematics: Improving some artificial immune algorithms for network intrusion detection

It is impossible to find an optimal algorithm that can reduce time and memory complexities with best detection performance. These aspects are always in conflict with each other. Thus, in each chapter, we will propose algorithms to solve each problem quite independently.
Nội dung trích xuất từ tài liệu:
Summary of the doctoral thesis of Mathematics: Improving some artificial immune algorithms for network intrusion detectionMINISTRY OF EDUCATION VIETNAM ACADEMY AND TRAINING OF SCIENCE AND TECHNOLOGY GRADUATE UNIVERSITY OF SCIENCE AND TECHNOLOGY NGUYEN VAN TRUONGIMPROVING SOME ARTIFICIAL IMMUNE ALGORITHMS FOR NETWORK INTRUSION DETECTION Major: Mathematical foundations for Informatics Code: 62 46 01 10 SUMMARY OF THE DOCTORAL THESIS OF MATHEMATICS Hanoi – 2019Thesis is completed at: Graduate University of Science and Technology -Vietnam Academy of Science and Technology.Supervisors: 1. Assoc. Prof., Dr. Nguyen Xuan Hoai 2. Assoc. Prof., Dr. Luong Chi MaiReview 1:Review 2:Review 3:The thesis will be defended, meeting at: Graduate University of Scienceand Technology - Vietnam Academy of Science and Technology.At:Thesis can be found at the library: - National Library of Vietnam - Library of Graduate University Of Science And Technology 1INTRODUCTIONMotivationInternet users and computer networks are suffering from rapid increase in number of attacks.In order to keep them safe, there is a need for effective security monitoring systems, suchas Intrusion Detection Systems (IDS). However, intrusion detection has to face a number ofdifferent problems such as huge network traffic volumes, highly imbalanced data distribution,the difficulty to realize decision boundaries between normal and abnormal behavior, and arequirement for continuous adaptation to a constantly changing environment. As a result,many researchers have attempted to use different type of approaches to build reliable intrusiondetection system. One of the promising computational intelligence methods for intrusion detection that haveemerged recently are artificial immune systems (AIS) inspired by the biological immune system.Negative selection algorithm (NSA) of AIS, is widely used for intrusion detection systems(IDS). Despite its successful application, NSA has some weaknesses: 1-High false positive rateand/or false negative rate, 2-High training and/or testing time, 3-Exponential relationshipbetween the size of the training data and the number of detectors possibly generated fortesting, 4-Changeable definitions of ”normal data” and ”abnormal data” in dynamic networkenvironment. To overcome these limitations, trends of recent works are to concentrate oncomplex structure of immune detectors, matching methods and hybrid NSAs.Objectives Since data representation is one of the factors that affect the training and testing time,a compact and complete detector generation algorithm is investigated. The thesis investigates optimal algorithms to generate detector set in AIS. They help toreduce both training time and detecting time of AIS-based IDSs. Also, it is regarded to propose and investigate an AIS-based IDS that can promptly detectattacks, either if they are known or never seen before. The proposed system makes use of AISwith statistics as analysis methods and flow-based network traffic as data source.Problem statements Since the NSA has four main limitations as listed in the first section, this thesis concen-trates on three problems: 1. The first problem is to find compact representations of data. Objectives of this prob- lem’s solution is not only to minimize memory storage but also to reduce testing time. 2. The second problem is to propose algorithms that can reduce training time and testing time in compared with all existing related algorithms. 3. The third problem is to improve detection performance with respect to reducing false 2 alarm rates while keeping detection rate and accuracy rate as high as possible.It is impossible to find an optimal algorithm that can reduce time and memory complexitieswith best detection performance. These aspects are always in conflict with each other. Thus,in each chapter, we will propose algorithms to solve each problem quite independently. The intrusion detection problem mentioned in this thesis can be informally stated as:Given a finite set S of network flows which labeled with self (normal) or nonself (abnormal).The objective is to build classifying models on S that can label an unlabeled network flow s.Outline of thesis Chapter 1 introduces the background knowledge necessary to discuss the algorithmsproposed in following chapters. In Chapter 2, a combination of selection algorithms is presented. The technique reducesdetectors storage generated in training phase. Testing time, an important measurement in IDS,will also be reduced as a direct consequence of a smaller memory complexity. Tree structureis use ...