Rule Learner and Multithreading Technique with Genetic Algorithm for Inline Intrusion Detection System for High Speed Network

Intrusion detection system plays the important role in recognizing unauthorized user, abnormal packets and malicious code in network. Investigators have proposed many techniques and methods of intrusion detection system. The challenging task in intrusion detection system is to find out appropriate method which offers low false positive rate and high classification accuracy. Rule based classifiers or learners are based choice for intrusion detection system. These are advanced and simple to implement. The performance of rule based intrusion detection system is depending on the rules produced by rule learner. Rule formation process is slow and time consuming task due to huge amount of packets in networks. Ensemble of rule learners are being used for intrusion detection system which provides high accuracy.

In this chapter, a novel architecture of intrusion detection system using single rule learner has presented. The system has implemented by using rule learner with multi-threading technique. In this implementation, the Ripple Down Rule learner is used as a classifier and Genetic Algorithm as a feature selection method with Multithreading technique. The advantages of parallel processing feature of multi-threading help to handle the heavy traffic in high speed network. The cache management module of the system is used to reduce the memory access rate. The proposed intrusion detection system is evaluated in terms of classification accuracy and false positive rate. The performance evaluation results show that the proposed intrusion detection system outperforms existing standard classifier. The logging mechanism of proposed system is useful to reprocess and analyses logged packets in future for investigation and forensic purpose. It is also found that the time required to generate rules from the training data set is lower as compared to the model building time of existing rule based classifiers in intrusion detection system.