Network intrusion is an increasingly serious problem experienced by many organizations. In this increasingly hostile environment, networks must be able to detect whether a connection attempt is legitimate or not. The ever-changing nature of these attacks makes them difficult to detect. One solution is to use various data mining methods to determine if the network is being attacked. This paper compares the performance of two data mining methods— i.e., a standard artificial neural network (ANN) and an ANN guided by genetic algorithm (GA)— in classifying network connections as normal or attack. Using connection data drawn from a simulated US Air Force local area network each method was used to construct a predictive model. The models were then applied to validation data and the results were compared. The ANN guided by GA (90.67% correct classification) outperformed the standard ANN (81.75% correct classification) significantly, indicating the superiority of GAbased ANN.
Glorfeld, Louis W.; Bala, Hilol; and Miller, Robert, "Classifying Network Intrusions: A Comparison of Data Mining Methods" (2005). AMCIS 2005 Proceedings. 117.