This document summarizes a seminar presentation on using genetic algorithms for network intrusion detection. It introduces network intrusion detection systems and genetic algorithms. It discusses problems addressed like security threats, challenges like new attack types, and the scope of applying genetic algorithms to intrusion detection. It reviews related literature and detection techniques. It outlines the proposed system architecture, which would generate a random rule population, evaluate it using a fitness function, and use genetic operators like selection, crossover and mutation to optimize the rule set over generations.

1. PROJECT SEMINARPROJECT SEMINAR
OnOn
““Network Intrusion DetectionNetwork Intrusion Detection
using Genetic Algorithmusing Genetic Algorithm””
Presented byPresented by
Under the Guidance ofUnder the Guidance of CoordinatorsCoordinators
Chakrapani D.SChakrapani D.S [ B.E, M.tech ][ B.E, M.tech ]
Lecturer, Dept of CSELecturer, Dept of CSE
ChetanChetan K. RK. R [ B.E, M.Tech ][ B.E, M.Tech ]
Sr. Lecturer , Dept of CSESr. Lecturer , Dept of CSE
Poornima K.MPoornima K.M [ B.E, M.Tech ][ B.E, M.Tech ]
Asst. Professor, Dept of CSEAsst. Professor, Dept of CSE
Jawaharlal Nehru National College of Engineering,Jawaharlal Nehru National College of Engineering,
ShimogaShimoga
HITESH KUMAR. P 4JN07CS027HITESH KUMAR. P 4JN07CS027
SAGAR. USAGAR. U 4JN07CS0704JN07CS070
SANDEEP TANTRY. K 4JN07CS072SANDEEP TANTRY. K 4JN07CS072
SHARATH KUMAR. K 4JN07CS078SHARATH KUMAR. K 4JN07CS078

2. Contents
1. Introduction
1.1 Introduction to Intrusion Detection System(IDS).
1.2 Introduction to genetic algorithm.
2. Problem Specification
2.1 Major problems addressed.
2.2 Challenges faced.
2.3 Scope of the project.
3. Literature Survey
3.1 Features & Technology used.
3.2 Drawbacks & Solutions.
4. System Architecture
4.1 Workflow diagrams & Modules.

3. Introduction to IntrusionIntroduction to Intrusion
Detection SystemDetection System
 Intrusion.Intrusion.
 ExternalExternal
 InternalInternal
 Intrusion Detection System.Intrusion Detection System.
 Misuse vs Anomaly.Misuse vs Anomaly.
 Host-based vs Network-based.Host-based vs Network-based.

4.  IDS - one piece of the whole Security puzzle.
 Lots of people use Firewall and Router logs for Intrusion
Detection .
 Important Security architecture but does not solve all
your problems .
 Mostly signature based .
 Example (Denial of Service [ DoS ] Attack).

5. Introduction-Genetic Algorithm
 Definition.
 Background Theory.
 A simple Genetic Algorithm.
StartStart
GenerateGenerate
randomrandom
populationpopulation
EvaluationEvaluation
FunctionFunction
OptimizationOptimization
Criteria met?Criteria met?
BestBest
IndividualsIndividuals
ResultResult
SelectionSelection
CrossoverCrossoverMutationMutation
yesyes
nono
GenerateGenerate
a newa new
PopulationPopulation

6. Applications.
Military
Information security in some multinational agencies.
Intrusion Prevention System.
Significance.
Network traffic analysis .
Detection of various attacks.

7. Major problems
 Security infrastructure.
 Threats originating from outside.
 Support Issues (OS, Platform)
 Evaluation Parameters.

8. Challenges
 Frequency vs Difficulty level.
 Hacktivists or cyber terrorists
 Deployment & Myths
 Using IDS in fully switched networks
 Interpreting all the data being presented
 Encryption, VPN, Tunnels
 Performance
 Response team.

9. Scope
 Combining knowledge from different sensors into a
Standard rule base.
 Local Area Security.
 Security purpose in main servers across the world.
 Intelligence Intrusion Detection System(IIDS) is an
ongoing Project in Mississippi University.

10. Literature Survey
• “The Integration of security sensors into the
Intelligent Intrusion Detection System (IIDS) in
a cluster environment” by Li, Wei
– In this paper the author has described the some
methods to detect Intrusion in Network.

11. • “Network Intrusion Detection” by Stephen
Northcutt, Judy Novak
– In this book the author has described some concepts
related to networks and concepts related to Intrusion
Detection

12. • “Principles of Information Security” - Michel E.
Whitman and Herbert J. Mattord
– In this paper the author has described about concepts
in network security completely.

13. • “Genetic Algorithms with Dynamic Niche
Sharing for Multimodal Function Optimization.”
by Miller, Brad. L. and Michael J. Shaw.
– In this paper the author has described about the
concepts of Genetic algorithm and its applications
(usage).

14. Applying Genetic Algorithm to IDS
• Genetic algorithms can be used to evolve simple rules for
network traffic.
The rules stored in the rule base are usually in the
following form
if { condition } then { act }
Eg. if {the connection has following information: source
IP address 124.12.5.18; destination IP
address:130.18.206.55; destination port number: 21;
connection time: 10.1 seconds }
then {stop the connection}

15. Rule definition for connection and range
of values of each field
AttributeAttribute Range Eg. Value DescriptionsRange Eg. Value Descriptions
0.0.0.0 – 255.0.0.0.0 – 255. d1.0b.**.** A subnet withd1.0b.**.** A subnet with
resperespe
Source IPSource IP 255.255.255255.255.255 (209.11.??.??) -ctive range of IP(209.11.??.??) -ctive range of IP
Destination IP 0.0.0.0 – 255.Destination IP 0.0.0.0 – 255. 82.12.b*.**82.12.b*.** A subnet with respA subnet with resp
255.255.255255.255.255 -ective range of IP-ective range of IP
Source Port no 0 - 65535Source Port no 0 - 65535 4233542335 Source Port noSource Port no
Dest Port no 0 - 65535 00080Dest Port no 0 - 65535 00080 HTTP ServiceHTTP Service
Duration 0 - 99999999 00000482 ConnectionDuration 0 - 99999999 00000482 Connection
DurationDuration
StateState 1 – 121 – 12 1111 (Internal Use)(Internal Use)
ProtocolProtocol 1 – 91 – 9 22 TCPTCP
ProtocolProtocol
Bytes sent 0 – 9999999999 0000007320Bytes sent 0 – 9999999999 0000007320 Originator sends reOriginator sends re

16. Chromosome structure for example
( d, 1, 0, b, -1, -1, -1, -1, 8, 2, 1, 2, 1, 2, b, -1, -1,( d, 1, 0, b, -1, -1, -1, -1, 8, 2, 1, 2, 1, 2, b, -1, -1,
-1, 4, 2, 3, 3, 5, 0, 0, 0, 8, 0, 0, 0, 0, 0, 0, 4, 8, 2,-1, 4, 2, 3, 3, 5, 0, 0, 0, 8, 0, 0, 0, 0, 0, 0, 4, 8, 2,
1, 1, 2, 0, 0, 0, 0, 0, 0, 7, 3, 2, 0, 0, 0, 0, 0, 0, 3,1, 1, 2, 0, 0, 0, 0, 0, 0, 7, 3, 2, 0, 0, 0, 0, 0, 0, 3,
8, 9, 1, 1 )8, 9, 1, 1 )

17. Drawbacks of other existing system
 All the internal rules should be defined.
 complex or loosely defined problems.
 Monitoring systems.
 Exact match for rules.
 About 400 different IDS on the market-Only a few are
scalable, and easy to maintain.

18. System Architecture
StartStart
GenerateGenerate
randomrandom
populationpopulation
EvaluationEvaluation
FunctionFunction
OptimizationOptimization
Criteria met?Criteria met?
BestBest
IndividualsIndividuals
ResultResult
SelectionSelection
CrossoverCrossoverMutationMutation
yesyes
nono
GenerateGenerate
a newa new
PopulationPopulation

19. Data setData set NetworkNetwork
sniffersniffer GAGA
Rule SetRule Set
RuleRule
BaseBase
Rule Base ModuleRule Base Module

20. Evaluation Function
= Outcome – Suspicious level= Outcome – Suspicious level
5757
Outcome =Outcome = Matched * Weight(i)Matched * Weight(i)
i=1i=1
Fitness = 1 - PenaltyFitness = 1 - Penalty
Penalty = (Penalty = ( * ranking )* ranking )
100100

21. Father
Mother
Crossover offspring
Point
Child 1
Child 2
Crossover

22. • For example,
209.103.51.134 and 101.1.25.193
209.103.25.193 and 101.1.51.134.

23. 11 1 0 1 0 11 0 1 0 1 Before MutationBefore Mutation
1 0 0 0 0 11 0 0 0 0 1 After MutationAfter Mutation
MutationMutation

24. Preferred Language
Java
Platform
Windows

25.  Li, Wei. 2002. “The integration of security sensors intoLi, Wei. 2002. “The integration of security sensors into
the Intelligent Intrusion Detection System (IIDS) in athe Intelligent Intrusion Detection System (IIDS) in a
cluster environment.” Master’s Project Report. Departmentcluster environment.” Master’s Project Report. Department
of Computer Science, Mississippi State University.of Computer Science, Mississippi State University.
 Miller, Brad. L. and Michael J. Shaw. 1996. “GeneticMiller, Brad. L. and Michael J. Shaw. 1996. “Genetic
Algorithms with Dynamic Niche Sharing for MultimodalAlgorithms with Dynamic Niche Sharing for Multimodal
Function Optimization.”Function Optimization.” In Proceedings of IEEEIn Proceedings of IEEE
International Conf. on Evolutionary Computation.International Conf. on Evolutionary Computation.
 ““Network Intrusion Detection” by Stephen Northcutt,Network Intrusion Detection” by Stephen Northcutt,
Judy Novak ( 3Judy Novak ( 3rdrd
edition).edition).
 ““Principles of Information SecurityPrinciples of Information Security” - Michel E. Whitman and” - Michel E. Whitman and
Herbert J. Mattord, (2Herbert J. Mattord, (2ndnd
Edition)Edition)
REFERENCESREFERENCES

26. Thanking youThanking you