signature based intrusion detection

As computer networks grow, so attacks and intrusions to these networks are increased. In order to have a fully secure computer network, one needs ‘intrusion detection systems’ (IDS) on top of firewalls. The goal of using an IDS is to supervise the abnormal activities and differentiate between normal and abnormal activities in a host system or in a network. An efficient IDS has high detection rate while keeping a low false alarm rate. In this paper, a new approach to classify KDD-Cup-99 data set using a combination of random forest method and genetic algorithm is presented. The purpose is to increase the speed of learning and test phases while improving the accuracy. Random forest is an ensemble learning method based on decision trees. Due to its relatively simple structure and good performance, it is used in many supervised learning applications.  However, like all tree based machine learning algorithms, having too many categorical features, can be a problem both for the speed and accuracy. This is exactly the case with the problem in hand, i.e. intrusion detection; many of the features are in the form of categorical data. For example, in R language, the maximum number of definable categorical features for random forest is 53. The contribution of this work is resolving this issue with the aid of Genetic Algorithm (GA). In this research information gain as a measure of importance is defined and the number of features is reduced based on genetic algorithm.

Web services play an important role in the development of service-oriented architecture and distributed architectures. Web services allow the reuse of software code and thus reduce the cost of programming and communication, they have received much attention in recent years, due to the use of the Internet as a medium of data transmission and autonomy of hardware and software platforms. On the other hand, Web services have specific security challenges. This is especially important when the organizations are dependent on the service in the form of Web services. In this case, with the weakness of the current security systems to protect Web services, these organizations are defenseless against all types of known and unknown threats that threaten Web services.Nowadays, intrusion detection systems, are well-known to complete the levels defense in cyberspace. The main purpose of this article is to conduct research on intrusion detection techniques and architectures of Web services to support passive defense issues in organizations that make use of Web services.The comparison between the architectures of intrusion detection, to achieve a high level of understanding of intrusion detection techniques in the web services, will help to improve current intrusion detection systems in the level of Web service, or to make specific intrusion detection systems for these services along with other security tools.