Applying Genetic Algorithms in the Identification of Novel Behavior Patterns in Network Data Streams

• Main Author: Johnson, Todd A.
• Published: NSUWorks 2005
• Subjects: Computer Sciences
• Online Access: http://nsuworks.nova.edu/gscis_etd/613

The National Strategy to Secure Cyberspace encourages individuals and organizations to identify vulnerabilities before a security breech occurs (PCIPB, 2003). Cabrera et al identify the detection of novel attacks as one of the most elusive and significant problems in intrusion detection (Cabrera, 2000). This sentiment is reiterated by other computer security researchers: (Endler, 1998), (Erbacher, 2002), (Ghosh, 1998) and (Lunt, 2000). A method to detect novel attacks has not been achieved because it implies the hopeless prerequisite of predicting the future. However, there has not been any research that attempts to automate the production of novel attacks. By automating the construction of novel attacks, the intrusion detection system (IDS) may be preemptively enhanced to recognize new attacks. The only difficulty is generating novel attacks. Motivated by the elusive and significant IDS vulnerability to unfamiliar attacks, the goal of this research was to create an evolutionary algorithm (EA) capable of creating original attacks. The EA, known as the Automated Vulnerability Detector (AVO), was designed to be capable of generating both known attacks and previously unknown attacks. It was believed that if these attacks could be discovered before they are used against the IDS, then the IDS could be upgraded proactively, rather than retroactively. The results demonstrate that the A VD can evolve new denial of service attacks.