Rule-based intrusion detection systems generally rely on hand crafted signatures developed by domain experts. This could lead to a delay in updating the signature bases and potentially compromising the security of protected systems. In this paper, we present a biologically-inspired computational approach to dynamically and adaptively learn signatures for network intrusion detection using a supervised learning classifier system. The classifier is an online and incremental parallel production rule-based system. A signature extraction system is developed that adaptively extracts signatures to the knowledge base as they are discovered by the classifier. The signature extraction algorithm is augmented by introducing new generalisation operators that minimise overlap and conflict between signatures. Mechanisms are provided to adapt main algorithm parameters to deal with online noisy and imbalanced class data. Our approach is hybrid in that signatures for both intrusive and normal behaviours are learnt. The performance of the developed systems is evaluated with a publicly available intrusion detection dataset and results are presented that show the effectiveness of the proposed system.

• 出版日期2009-12