Abstract—Anomaly base intrusion detection systems (IDSs) detection rate trend and enjoy relatively numerous false negatives and false positives. In this study, we aim to achieve a linear classification function using Memtic algorithm, to minimize errors of such IDSs and to improve such systems, as well. A combined system is offered in this paper which tries to find the optimum subset for detecting intrusion of any set of four attack classes of Knowledge Discovery in Database 99 (KDD99) by using of both correlation analysis amongst features and information theory. Then proper classification function is measured for each attack class through a Memetic algorithm. Bayesian networks are employed to combine results of any function in order to achieve the final classification. Kdd99 dataset and its refined version, NSL-kdd, were used to estimate the offered system, our findings showed 93.42 detection rate. Likewise, NSL-kdd estimation shows the suggested system for R2L attack class has succeeded to classify 86.60% of records which have not been classified correctly by the previous algorithms.
Index Terms—Anomaly base intrusion detection; KDD99; correlation analyzing; NSL-kdd; memetic algorithm; Bayesian networks ;classification function.
The authors are with the Department of Computer, Malek-Ashtar University of Technology, Tehran, I. R. Iran (e-mail: shirazi@mut.ac.ir; amin.namadchyan@gmail.com; alireza_khalili2001@yahoo.com).
Cite: H. M. Shirazi, A. Namadchian, and A. khalili Tehrani, "A Combined Anomaly Base Intrusion Detection Using Memetic Algorithm and Bayesian Networks," International Journal of Machine Learning and Computing vol. 2, no. 5, pp. 706-710, 2012.