Elitism Enhancements for Genetic Algorithm based Network Intrusion Detection System

Traditional signature-based Network Intrusion Detection Systems (NIDS) suffer from high false negative rate because it can detect an intrusion only if there is an existing rule matching the particular real-time attack. The combination of Genetic Algorithms, network security schemes, and IDS practices has created a model of intelligence system that has the ability to derive new best-fit classification rules from already known attack patterns. Nevertheless, the existing NIDS approaches in this paradigm still experience substantial overhead and limited variety of resulting NIDS rules. We propose in this paper a new genetic algorithm-based NIDS called AceGA, which introduces three novel enhancements namely Wildcard Weight Penalty, Ace Comparison Elimination, and Elite's Traits Induction. It is shown that AceGA provides decreased time overhead and better rules quality. For demonstration purposes, DARPA datasets from MIT Lincoln Lab are used for training and testing the intrusion detection rules. Several simulation experiments are conducted to evaluate the efficiency and effectiveness of each of our proposed enhancements including the overall capability of AceGA to detect our selected types of attacks with satisfactory true positive and false positive rates. Additional statistical results depicting the accuracy, precision, sensitivity, and specificity of the resulting rules are thoroughly analyzed.