An effective network-based Intrusion Detection using Conserved Self Pattern Recognition Algorithm augmented with near-deterministic detector generation

Abstract

The Human Immune System (HIS) employs multilevel defense against harmful and unseen pathogens through innate and adaptive immunity. Innate immunity protects the body from the known invaders whereas adaptive immunity develops a memory of past encounter and has the ability to learn about previously unknown pathogens. These salient features of the HIS are inspiring the researchers in the area of intrusion detection to develop automated and adaptive defensive tools. This paper presents a new variant of Conserved Self Pattern Recognition Algorithm (CSPRA) called CSPRA-ID (CSPRA for Intrusion Detection). The CSPRA-ID is given the capability of effectively identifying known intrusions by utilizing the knowledge of well-known attacks to build a conserved self pattern (APC detector) while it retains the ability to detect novel intrusions because of the nature of one-class classification of the T detectors. Furthermore, the T detectors in the CSPRA-ID are generated with a novel near-deterministic scheme that is proposed in this paper. The near-deterministic generation scheme places the detector with Brute Force method to guarantee the next detector to be very foreign to the existing detector. Moreover, the placement of the variable-sized detector is online determined during the Monte Carlo estimate of detector coverage and thus the detectors with an optimal distribution are generated without any additional optimization step. A comparative study between CSPRA-ID and one-class SVM shows that the CSPRA-ID is promising on DARPA network intrusion data in terms of detection accuracy and computation efficiency.