Testing Ensembles for Intrusion Detection: On the Identification of Mutated Network Scans

González González, Silvia; Sedano Franco, Javier; Herrero Cosío, Álvaro; Baruque, Bruno; Corchado Rodríguez, Emilio Santiago

Título

Testing Ensembles for Intrusion Detection: On the Identification of Mutated Network Scans

Autor(es)

González González, Silvia

Sedano Franco, Javier

Herrero Cosío, Álvaro

Baruque, Bruno

Corchado Rodríguez, Emilio Santiago

Palabras clave

Computer Science

Fecha de publicación

2011

Editor

Springer Science + Business Media

Citación

Computational Intelligence in Security for Information Systems Lecture Notes in Computer Science. 4th International Conference, CISIS 2011, Held at IWANN 2011, Torremolinos-Málaga, Spain, June 8-10, 2011. Proceedings. Lecture Notes in Computer Science. Volumen 6694, pp. 109-117.

Resumen

In last decades there have been many proposals from the machine learning community in the intrusion detection field. One of the main problems that Intrusion Detection Systems (IDSs) - mainly anomaly-based ones - have to face are those attacks not previously seen (zero-day attacks). This paper proposes a mutation technique to test and evaluate the performance of several classifier ensembles incorporated to network-based IDSs when tackling the task of recognizing such attacks. The technique applies mutant operators that randomly modifies the features of the captured packets to generate situations that otherwise could not be provided to learning IDSs. As an example application for the proposed testing model, it has been specially applied to the identification of network scans and related mutations.

URI

https://hdl.handle.net/10366/134912

ISBN

978-3-642-21322-9 (Print) / 978-3-642-21323-6 (Online)

ISSN

0302-9743 (Print) / 1611-3349 (Online)

Aparece en las colecciones