Pedro A. Diaz-Gomez, Universidad El Bosque; and Dean F. Hougen, University of Oklahoma
A primary approach to computer security is the Intrusion Detection System (IDS). Off-line intrusion detection can be accomplished by searching audit trail logs of user activities for matches to patterns of events required for known attacks. Because such search is NP-complete, heuristic methods will need to be employed as databases of events and attacks grow. Genetic Algorithms (GAs) can provide appropriate heuristic search methods. However, balancing the need to detect all possible attacks in an audit trail with the need to avoid warnings of attacks that do not exist is a challenge, given the scalar fitness values required by GAs. A case study of a previously proposed GA-based IDS shows this difficulty with respect to its fitness function and proposes a new method to overcome it. Such analysis can be of benefit to the study of other multi-objective GAs.