Search for notes by fellow students, in your own course and all over the country.
Browse our notes for titles which look like what you need, you can preview any of the notes via a sample of the contents. After you're happy these are the notes you're after simply pop them into your shopping cart.
Title: Genetic Algorithm in Intrusion Detection Systems
Description: This note aims to explain the following: 1- Genetic Algorithm. 2- Intrusion Detection System. 3- Fitness Function. 4- How Genetic Algorithm can support the performance of Intrusion Detection System.
Description: This note aims to explain the following: 1- Genetic Algorithm. 2- Intrusion Detection System. 3- Fitness Function. 4- How Genetic Algorithm can support the performance of Intrusion Detection System.
Document Preview
Extracts from the notes are below, to see the PDF you'll receive please use the links above
An Enhanced Steady State Genetic Algorithm
Model for Misuse Network Intrusion Detection
System
ﻧﻤﻮذج ﻣﺤﺴﻦ ﻟﻠﺨﻮارزﻣﯿﺔ اﻟﺠﯿﻨﯿﺔ اﻟﻤﺴﺘﻘﺮة ﻻﻛﺘﺸﺎف اﻟﺘﻄﻔﻞ ﻓﻲ
اﻟﺸﺒﻜﺎت اﻟﺤﺎﺳﻮﺑﯿﺔ
By:
Firas Mohammad Ahmad AlAbsi
Supervisor:
Prof
...
And I would like to extend my
sincerest thanks and appreciation to my wife (Hala) who encouraged me
and helped me to overcome the difficulties
...
All my love to my
brothers: Hosam, Moayad, Moaath and my sister Doaa
...
He has the right to be kind enough to accept my sincere
respect and appreciation
...
To whom helped me, and was with me in heart and mind: I love you
...
وأﻗﺮ وأﻋﺘﺮف أن ھﺬا اﻟﻌﻤﻞ ﻟﻢ ﯾﻜﻦ ﻟﯿﻨﺠﺰ ﺑﺪون ﺟﮭﺪ اﻷﺳﺘﺎذ اﻟﺪﻛﺘﻮر رﯾﺎض
ﺷﺎﻛﺮ ﻧﻌﻮم، اﻟﺬي أوﺿﺢ ﻟﻲ ﻣﻌﺎﻟﻢ ھﺬا اﻟﻄﺮﯾﻖ، ﻓﻠﮫ اﻟﺤﻖ ﻓﻲ أن ﯾﺘﻘﺒﻞ ﻣﻨﻲ ﻓﺎﺋﻖ
اﻻﺣﺘﺮام واﻟﺘﻘﺪﯾﺮ
...
إﻟﻰ ﻛﻞ ﻣﻦ ﺳﺎﻋﺪﻧﻲ
...
They were the light in my path
...
Thank you for everything
...
1
Preface
1
1
...
3
Contributions
2
1
...
5
Limitations
3
1
...
1
5
Overview
VIII
2
...
2
...
2
...
2
...
2
...
3
Genetic Algorithm
13
2
...
5
Literature Review and Related Work
23
Chapter Three: Methods and Procedures
27
3
...
2
Methodology
27
Proposed Solution Model
29
3
...
4
Proposed Model Structure
30
Environment
30
3
...
1
3
...
1
...
4
...
2 Testing Data Set
31
3
...
2
31
3
...
3
Distinct Rules Database
32
3
...
4
Rules Evaluation
33
3
...
5
Stedy State Genetic Algorithm Unit
33
3
...
6
Rules Pool
34
3
...
7
3
...
1
Overview
39
4
...
3
Selecting the most Significant Features
40
4
...
4
...
4
...
4
...
4
...
5
...
5
...
5
...
5
...
5
...
6
...
6
...
7
The results of Detection Rate and False Positive Rate
62
4
...
9
How did this thesis achieve its objectives
64
4
...
6
Chapter Five: Conclusion and Future Work
65
5
...
2
Future Work
66
X
References
67
Appendix
71
XI
List of Tables
2
...
1
Network Data Feature Label
36
3
...
37
3
...
38
4
...
2
Distribution of Attacks before and after filtering
40
4
...
4
Important, secondary and unimportant features
41
4
...
6
Features after removing both irrelevant features and redundant
42
features
4
...
8
Detection Rate for each attack according to four classes – First
43
evaluation
4
...
10
Similar Fitness Values
45
4
...
12
Real Data from the Comparison System
50
4
...
14
Generated random numbers with selected individual
52
4
...
16
The result of Elitist Selection
54
4
...
18
The selected individual after applying RWS over the new fitness
56
values
4
...
20
Selected individuals using Tournament Selection
58
4
...
22
The parameters used in the system
60
4
...
24
Results of system DR and FPR
63
4
...
1
Network IDS vs
...
2
Misuse IDS vs
...
3
Genetic Algorithm Structure
15
3
...
1
Detection Rate
10
2
...
3
Precision
10
2
...
5
Overall Accuracy
10
2
...
7
Average Fitness
18
2
...
9
Sum Expected Fitness
18
2
...
11
Fitness Function for Rank Selection
19
4
...
2
The Ratio of First Fitness Value
48
4
...
4
Support-Confidence Fitness Function
49
4
...
The intruders began
to do violations and abuses over the networks
...
The main aim of this
thesis is to build Intrusion Detection System supported by enhanced Steady State
Genetic Algorithm in order to increase Detection Rate and to decrease False Positive
Rate
...
It also compared selection and crossover to choose the
best choice to implement it in a system; it was found that Stochastic Universal Sampling
Selection can be used with Uniform Crossover to produce the best results
...
In this thesis an enhancement has been done to the algorithm by using RewardPenality based Fitness Function and choosing the best choice for selection and
crossover; this has affected the Misuse based Network Intrusion Detection System by
increase DR to be equal 95% and decrease FPR to be equal 0
...
XVII
اﻟﻤﻠﺨﺺ
ﻟﻘﺪ ﺗﺰاﯾﺪ اﺳﺘﺨﺪام اﻟﺸﺒﻜﺎت ﻓﻲ اﻟﻘﺮون اﻟﻤﺎﺿﯿﺔ
...
واﻟﮭﺪف ﻣﻦ ھﺬه اﻟﺮﺳﺎﻟﺔ ھﻮ ﺑﻨﺎء ﻧﻈﺎم ﻻﻛﺘﺸﺎف اﻟﺘﻄﻔﻞ ﻣﺪ ّﻢ ﺑﺎﻟﺨﻮارزﻣﯿﺔ اﻟﺠﯿﻨﯿﺔ اﻟﻤﺴﺘﻘﺮة
ﻋ
اﻟﻤﺤ ّﻨﺔ ﻣﻦ أﺟﻞ زﯾﺎدة ﻧﺴﺒﺔ اﻻﻟﺘﻘﺎط اﻟﺼﺤﯿﺢ وﺗﻘﻠﯿﻞ ﻧﺴﺒﺔ اﻻﻟﺘﻘﺎط اﻟﺨﺎﻃﻰء
...
وأﯾﻀﺎ ﻗﺎم ﺑﻤﻘﺎرﻧﺔ اﻻﺧﺘﯿﺎر واﻟﺘﺰاوج ﻻﻋﺘﻤﺎد أﻓﻀﻞ ﺧﯿﺎر ﻟﺘﻄﺒﯿﻘﮫ ﻓﻲ اﻟﻨﻈﺎم، ﺣﯿﺚ
أﻧﮫ وﺟﺪ أن اﻧﺘﻘﺎء اﻟﻌﯿﻨﺎت اﻟﺸﺎﻣﻠﺔ اﻟﺘﺼﺎدﻓﯿﺔ ﺑﺎﻹﻣﻜﺎن اﺳﺘﺨﺪاﻣﮫ ﻣﻊ اﻟﺘﺰاوج اﻟﻤﻨﺘﻈﻢ ﻹﻋﻄﺎء أﻓﻀﻞ
اﻟﻨﺘﺎﺋﺞ وﻗﺪ ﺗﻢ ﻓﻲ ھﺬا اﻟﺒﺤﺚ اﺳﺘﺨﺪام اﻧﺘﻘﺎء اﻟﻌﯿﻨﺎت اﻟﺸﺎﻣﻠﺔ اﻟﺘﺼﺎدﻓﯿﺔ واﻟﺘﺰاوج اﻟﻤﻨﺘﻈﻢ ﻛﻌﻮاﻣﻞ
ﻟﻠﺨﻮارزﻣﯿﺔ اﻟﺠﯿﻨﯿﺔ اﻟﻤﺴﺘﻘﺮة ﻻﺳﺘﺨﺪاﻣﮭﺎ ﻓﻲ ﻧﻈﺎم ﻛﺸﻒ اﻟﺘﻄﻔﻞ
...
0%
...
1 Preface
Networks security has the researcher's attention because of the increase of
networks usage
...
NIDS designed to be strong enough to ensure secure environment
...
And to keep the (NIDS) as secure as need, the system
must detect intrusions with high Detection Rate (DR) and low False Positive Rate
(FPR)
...
1
...
Networks usage gives the chance to intruders to attack these networks
in somehow
...
(NIDS) is one of the
main components on network security
...
And to keep the (NIDS) as secure as the need, this thesis must escalate the
challenge against the intruders by detecting intrusions with increase Detection Rate
(DR) and decrease False Positive Rate (FPR)
...
This thesis tried to use enhanced Steady State Genetic Algorithm (SSGA) to
examine the (DR) and (FPR) of different network intrusions
...
3 Contributions
The main goal of the research is to apply SSGA to detect intrusions in the network
environment under misuse analysis
...
2- Use SSGA to increase DR and decrease FPR to produce new results
...
1
...
It will support the
security
...
Many of the
researchers did their researches on NIDS using anomaly analysis, but there are a few
3
researches that used GA in NIDS using misuse analysis, and this is the main reason
which gives the importance to the research
...
1
...
The research will be applied on misuse-IDS only, not on anomaly
...
The research will deal only with detection
systems
...
6 Thesis Outline
Chapter Two: This chapter views some knowledge about Intrusion Detection System
(elements, classes of detection technologies and network attacks), Genetic Algorithm
(elements and operator types) and finally literature review and related work
...
The methodology that has been
followed to find the results was discussed
...
Chapter Five: In this chapter, the conclusion of thesis has been presented, and also
future work related to this thesis domain
...
1 Overview:
Intrusion Detection System (IDS) has been used to detect the unwanted threats
...
Steady State Genetic Algorithm has many elements; each element can affect the
performance of the algorithm
...
Then it will explain with examples the
elements of Steady State Genetic Algorithm
...
2
...
2
...
1 Intrusion Detection System
An Intrusion Detection System was defined by Information Assurance
Technology Analysis Center (IATAC), (2009) as: "Intrusion detection is the act of
detecting unwanted traffic on a network or a device
...
IDS is a
software that automates the intrusion detection process"
...
IDS also can help security administrators by giving an alert to notify
administrators about the events, or giving them a summarized report about those events
...
2-
Some of threats are originated inside the firewall
3-
Firewalls are subject to attacks
...
2
...
Behavior based System:
Al-Sharafat, (2009) explained that Knowledge based Intrusion Detection
technique accumulates knowledge explicitly from specific attack and possible
vulnerabilities to exploit at different attacking attempts
...
Another strength point for knowledge based approach is that the system will
analyze the problem in order to understand it and take an appropriate action
...
Firstly, to
have a good and an effective knowledge based IDS, the information must be up to date
...
Secondly, this method may have
to face a generalization issue
...
Al-Sharafat, (2009) also explained that behavior based intrusion detection
system must have the normal and the intruder behaviors
...
The alarm will be generated if there
is a difference, and the behavior will be considered as intrusion
...
This approach may have a high false-alarm rate because the learning phase
may not cover all of the entire behavior scope
...
2- Host based System vs
...
Both of them look for specific pattern which called signature to
indicate malicious activities or policy violations
...
etc, then it
was called Network based IDS
...
etc, then it was called Host based IDS
...
, 2010)
Kozushko, (2003) mentioned that these two technologies are similar in the root
but they are different in their operational use
...
In other side, Host based Intrusion Detection relates to processing data that
originated in computer
...
Selvakani and Rajesh, (2007) showed the following figure which explained the
difference between Host and Network based IDS and the location of IDS and firewall:
Figure (2
...
Host IDS
Primary classes of Detection methodologies:
121-
Misuse Detection
Anomaly Detection
Misuse detection:
In this methodology there is a signature or pattern which will be compared with
the observed events to detect the unknown threat, (Scarfone & Mell, 2007)
...
exe", this can be effectively detected, because its characteristics known as
malicious activity
...
exe", because the signature "freepics
...
exe"
...
2-
Anomaly Detection:
In this methodology the IDS has many profiles which describe the normal
behaviors; for example, the user profile will describe the normal behavior of the user,
when the user events occurred
...
(Scarfone & Mell ,2007)
...
Figure (2
...
Anomaly IDS
10
2
...
3 Intrusion Detection Evaluation:
Kang, Fuller and Honavar (2005) defined False Positive Rate as "a fraction of
normal data mis-identified as intrusion", and defined Detection Rate as "a fraction of the
intrusion identified"
...
1)
FPR equation:
(2
...
3)
(2
...
5)
TP = True Positive
TN = True Negative
FN = False Negative
FP = False Positive
11
2
...
4 Network Attacks:
Attack types fall into the following categories:
a- Denial of Service
...
b- User to Root (U2R):" is a class of attacks in which all attacker starts out with
access to a normal user account on the system and is able to exploit vulnerability
to gain root access to the system"
...
d- Probing: "is a class of attacks in which an attacker scans a network of computers
to gather information or find known vulnerabilities"
...
The following table displays each category
12
with its types and the distribution of that type which included in 10% of KDD Cup
99
...
00014
Normal
normal
19
...
00100
DoS
back
0
...
00022
land
0
...
00013
neptune
21
...
00007
pod
0
...
00003
smurf
57
...
01944
teardrop
0
...
00038
ipsweep
0
...
00056
nmap
0
...
00016
portsweep
0
...
00005
satan
0
...
00018
U2R
Probe
Table (2
...
2
...
GA's are also described as a particular class of evolutionary
algorithms that use techniques inspired by evolution such as selection, crossover and
mutation
...
Each gene has a locus and alleles; it may be
phenotype or genotype
...
Each gene has Locus
(position of gene) and Alleles (values of gene)
...
Why Genetic Algorithm was used in search and optimization?
Deb, (1998) discussed the idea of using GA in search and optimization
...
Those are direct which uses objective function and constraints to guide the search
strategy
...
The second group of traditional search and optimization is gradient-based
method which uses the first and second-order derivations of the objective function,
and/or constraints to guide this search process
...
For this, GAs are used to pass a mentioned problem, moreover
using GAs supports convergence to an optimal solution
...
The effectiveness of using GA in problem solving depends on many factors
...
The second factor depends on the selection of Fitness Function
...
Adewumi, (2010) explained that among the evolutionary algorithms, GA's are
the most successful because of its unique characteristics, these characteristics include:
1- Parallelism
...
3- Ability to explore large solution space
...
5- Ability to handle noisy function and escape from local optima and the best of all
...
These are the reasons which make the success of GA as evolutionary algorithms, and
make the success of GA in problem solving
...
Step 1: Generate an initial population randomly, and calculate the Fitness Function for
each string
...
Step 3: Apply the crossover operator on the strings in the mating pool to generate a
tentative new population of size n
...
Calculate the fitness values of the solution strings in the new population
...
To clarify the process, Selvakani and Rajesh, (2007) showed the following
Genetic Algorithm structure:
Figure (2
...
Richter, (2010) explained the process
steps of SSGA in his dissertation as the following:
1
Select the s(n) individuals of the initial population independently and
randomly
...
Steps 3' and 3'' are mutually
exclusive
...
Let z*
be the result of uniform crossover applied on x and y and let z be the
result of mutation applied on z*
...
Let z be the
result of mutation applied on x
...
Otherwise, add z to the
population
...
Eliminate randomly one element in W from the current population
...
2
...
Iteration can create a new population
...
It will concatenate each problem parameters as binary
encoding genes into a single binary string
...
Deb, (1998) mentioned that there is a specific performance is measured versus
the population size:
In very small population size, you need more generations to find optimal
solutions
...
17
In Adequate population size, it is adequate to allow necessary scheme
processing and GA performs successfully
...
-
Evaluation
For each chromosome there is a Fitness Function used to evaluate the fitness of
each chromosome
...
-
Encoding
The gene is a problem parameter; it can be encoded as a binary, integer, or real
number
...
If the parameter defined as enumerated
type, then the encoding must deal with the situations of the parameter value within its
enumeration
...
So a
parameter is an integer binary string in the genetic representation
...
Types of selection are:
o Roulette Wheel Selection (RWS): The chance of a chromosome being
selected is proportional to its fitness value
...
Step 2: Calculate sum fitness (Sf) for all chromosomes in the population:
18
(2
...
7)
Step 4: Find expected fitness (Ef) for each chromosome in the population:
(2
...
9)
Step 6: Generate random number (G) in the range [0,SumEf]
(2
...
Step 8: Redo n times from step 6, where n = population size
...
Then apply the selection with each two
chromosomes in the arranged set
...
This mean there is no chance to apply Genetic Algorithm between weak
and strong chromosomes
...
Finally the
Roulette Wheel can be used to choose the selected chromosomes
...
Step 2: Assign a rank value to each chromosome according to its
arrangement in the set
...
11)
Where 1
Wheel n times as described in Roulette Wheel Selection, in this technique
one can spin the Roulette Wheel just once but after determining n points in
the wheel
...
o Binary Tournament Selection: for n times do the following:
-
Choose two chromosomes randomly
...
GA operator: Crossover
This process is used to interchange genes between chromosomes to create
offsprings
...
20
Step 2: interchange the two parent chromosomes at this point to produce
two new offspring's
...
Step 2: interchange the two parent chromosomes between these points
...
Ex: Parent 1: 10010000
Parent 2: 00101101
If mixing ratio is equal to 0
...
Offspring 1: 1102121112010112
Offspring 2: 0201010201120201
21
-
GA operator: Mutation
This process will change the value of one gene of the chromosome
...
Step 2: Flip the value of the chosen gene
...
Ex: the following chromosome:
2
...
0,3
...
2,5
...
6,4
...
9
When the bit mutated to the upper boundary:
2
...
0,3
...
2,6
...
6,4
...
9
o Uniform (Used for integer and float representation)
Step 1: Choose a gene
...
Ex: Chromosome:
2
...
0,3
...
2,5
...
6,4
...
9
The value must be in the range (1
...
0)
5
...
7
The new chromosome will be:
2
...
0,3
...
2,6
...
6,4
...
9
22
-
Replacement
This process will compare between several chromosomes to choose the best
...
o Triple Tournament:
It will replace the worst two chromosomes between three chromosomes by the
chromosome with the highest fitness value
...
Kumar, Husian, Upreti and Gupta (2010) mentioned common terminating
conditions such as:
The found solution satisfies minimum criteria
...
Allocating budget (ex: time, money) reached
...
As mentioned before, the process will continue until satisfaction of the end
condition, but in some cases according to Chinneck, (2006), it is better to stop the
process in case of very little change between generations; this means that the worst
solution string fitness in the population has not changed for several generations
...
Select the best solution between these populations and consider it as a final
new population
...
Machine learning can be used to
support the rules in the rules pool
...
Kumar, Husian, Upreti and
Gupta, (2010) described some applications of GA in problem solving
...
The path represented as a set of
orientation vectors with equal distance
...
2- Gaming
There is a large structure of possible traits for the game (aggressiveness,
probability of running away
...
Those possible traits can be created and then Genetic
Algorithm can be used to find the best combination of these structures to beat the
player
...
5 Literature Review and Related Work
Diaz-Gomez and Hougen, (2007) presented an iterative process for doing
Misuse Detection and compared the results with Genetic Misuse Detection
...
Selvakani and Rajesh, (2007) performed GA-based approach for Network
Misuse Detection
...
They used KDD Cup 99 data set to find the probability of Detection and they found the
overall performance = 59% Detection Rate and False Alarm Rate = 0
...
They used
GA-based approach for Network Misuse Detection in order to frame the rules needed
...
To reduce the number of computer resources required to
detect an attack
...
They used KDD-99 in testing
...
She tested her model on Anomaly NID, and did not test it on Misuse as this
research did
...
The improved GA was reduced user interface, and improved
acceptance probability
...
25 DR and
3
...
672 DR and 2
...
Al-Sharafat and Naoum, (2009) used SSGA to detect intrusions in Anomaly
based NIDS
...
6%) ,(Probe: 37
...
8%) and (R2L: 83
...
But they didn't use genetic
algorithm in misuse detection
...
His research was done just over DoS and Probe, but this
thesis done over four types of attack
...
Agravat and Rao, (2011) described two objectives of fuzzy Genetic-based
learning algorithms and discussed its usage to detect intrusion in a computer network
...
They used 10% labeled data for training
and testing of the GA, they used 20 attributes of 41 from KDD Cup 99, and they used
the following parameters:
The number of elite solutions = 20 %
The Crossover probability = 0
...
1
The number of generation = 50
The results after testing are with Precision = 0
...
985
Uppalaiah, Anand, Narsimha, Swaraj & Bharat, (2012) presented Genetic
Algorithm to identify various attack type of connection
...
The
average Detection Rate was 83
...
Naoum, Abed & Al-sultani, (2012) classified intrusions using an Enhanced
Resilience Back Propagation Neural Network
...
7% average Detection Rate,
26
and 15
...
But this thesis used Genetic Algorithm instead of
Resilience Back Propagation Neural Network, and got better results
...
They got
the following Detection Rate results (Probe: 71
...
4%), (U2R: 18
...
4%), but in this thesis we got new results
...
1 Overview
This chapter will explain how to apply the system and how to get the results
...
3
...
The relevant data has been collected from KDD Cup 99
...
Training data has been received and distinguished as condition part that holds
the features values, and action part that holds the label of the attack
...
Reward Penality based Fitness Function has been developed and used as an
element of (SSGA) to evaluate the rule
...
28
The resulted rules after using (SSGA) will be stored in the rules pool, to be used
at the next step to examine the testing dataset
...
The strong system must have high Detection Rate
(DR) and low False Positive Rate (FPR)
...
Figure (3
...
3 The algorithm of Steady State Genetic Algorithm
Start a new Generation:
Step (1): Determine a population size
...
For each population in the rule pool, do:
Step (3): Select the chromosome using Stochastic Universal Sampling Selection
...
Step (5): Apply Flip Bit Mutation
...
Step (7): Apply Binary Tournament Replacement
...
Step (9): Go to the next population
...
3
...
4
...
Each feature determined a value; some features have a binary value, and other features
have a real value
...
The combination of feature values for 41 features will determine an instance of
attack as it is in the feature 42
...
31
3
...
1
...
The data of training data set came from KDD Cup 99
...
3
...
1
...
This thesis used 50000 records as testing data set
...
4
...
The detector should also filter the
message from redundancy and deal with the most significant features
...
The first part of the detector is the message receiver which has received the
message that came from the training dataset
...
Someone may ask that the representation is a part of Genetic Algorithm,
but why does the researcher include the representation in the detector?
Logically, the answer is that the representation element is correct to be anywhere
before the selection element, but after receiving message
...
32
The values of the most significant features selected in this research are varied
between binary numbers and real numbers, so the real representation is preferred,
because it includes both types; binary and real type
...
The
condition part of the rule has a collection of values related to collection of features
...
The fourth part has to make a relation between the condition values and type of
attack to keep in consideration that if those features have those values then the type of
attack will be as it is in the feature number 42
...
The fifth part of the detector is to represent a rule with the most significant
features
...
So there are many researches to answer
the question: What are the most significant features that sufficient to recognize the
attack?
This research collected some of those researches and represented the condition
action rule according to the researches results
...
3
...
3 Distinct Rules Database:
This database has the same data stored in training data set, but the data had the
following operations done over it:
1- Classifying to the 5 classes (Normal, DoS, Probe, R2L and U2R)
...
33
3- Filtering the rules with the best significant features
...
4
...
The evaluation process had been done
using Reward-Penality based Fitness Function
...
4
...
Evaluation:
Using Reward Penality Fitness Function as proposed by
(Alabsi and Naoum, 2012), each chromosome will be
evaluated, in order to be selected in the selection stage
...
Crossover:
At this stage, Uniform Crossover will be used by selecting
random points within a chromosome and interchange the
two parent chromosomes at these points to produce two
new offsprings
...
Mutation:
34
If the feature value is discreate value, then Mutation will
use flip bit by choosing a random gene then flip the value
of a chosen gene; if the gene is equal to 0 then it will be
equal to 1 else it will be equal to 0
...
Apply Evaluation:
Evaluations of each chromosome using Reward Penality
Fitness Function as described in chapter 4
...
And also
helps in applying Replacement
...
Check the Stop Criteria:
Checking the stop criteria can be done by searching about
an answer for the question: Are there any additional rules
to be produced? If the answer is yes, then the Genetic
Algorithm applied additional generation, otherwise, the
Genetic Algorithm will be stopped
...
4
...
35
3
...
7 Testing Classifier (Matching):
In this phase the proposed model will try to match the received packet with the
existent rules in order to distinguish the data and discover the intrusions to be alerted
...
5 Population: The Data set (KDD Cup 99):
Mukkamala, Sung and Abraham, (2004) mentioned that: "In 1998 DARBA
Intrusion Detective program acquired raw TCP/IP dump data for network by simulating
a typical U
...
Air Force LAN
...
KDD'99 features can be classified into three groups, (Tavallaee, Bagheri & Ghorbani,
2009):
Basic features: are all the attributes that can be extracted from a TCP/IP
connection
...
Content features: include features used to look for suspicious behavior in the
data portion e
...
, number of failed login attempt
...
System Evaluation:
The evaluation of proposed model will be determined by the Detection Rate
(DR) and False Positive Rate (FPR), in this sense; the results can be compared with
others
...
b- User to Root
c- Remote to Local
d- Probing
To identify each type of attack, the feature issue must be taken in consideration
...
1): Network Data Feature Label
Zainal, Maarof, Shamsuddin, and Abraham, (2008), proposed an ensemble of
one-class classifier, the classifier deployed three techniques which are: Linear Genetic
Programming (LGP), Adaptive Neural Fuzzy Inference System (ANFIS) and Random
Forest (RF)
...
They addressed the issue by reducing the input features in order to
disclose the hidden significant features; they used the following features for each attack:
37
Attack
Features
Normal
f12, f31, f32, f33, f35, f36, f37, f41
Probe
f2, f3, f23, f34, f36, f40
DoS
f5, f10, f24, f29, f33, f34, f38, f40
U2R
f3, f4, f6, f14, f17, f22
R2L
f3, f4, f10, f23, f33, f36
Table (3
...
In their paper they demonstrated
that the ensemble of different learning paradigms can improve the detection accuracy
...
Class 1:
{1,3,5,6,8-10,14,15,17,20-23,25-29,33,35,36,38,39,41}
<2,4,7,11,12,16,18,19,24,30,31,34,37,40> (13,32)
Class 2:
{3,5,6,23,24,32,33} <1,4,7-9,12-19,21,22,25-28,34-41> (2,10,11,20,29,30,31,36,37)
Class 3:
{1,3,5,6,8,19,23-28,32,33,35,36,38-41} <2,7,9-11,14,17,20,22,29,30,34,37>
(4,12,13,15,16,18,19,21,3 )
Class 4:
{5,6,15,16,18,32,33} <7,8,11,13,17,19-24,26,30,36-39>
(9,10,12,14,27,29,31,34,35,40,41)
Class 5:
{3,5,6,24,32,33} <2,4,7-23,26-31,34-41> (1,20,25,38 )
38
These classified features will help the work in selecting feature step in the
detecting phase
...
One
can use empirical methods to test all possibilities by taking two features at a time, then
three features at a time and so on until they got the significant features, but here, they
tried to remove one feature each time and tried empirical methods, so they got the
following results:
Attack
Features
Normal
F5, F6, F10, F13, F40
Probe
F3, F12, F27, F31, F35
DoS
F7, F8, F12, F13, F23
U2R
F14, F17, F25, F36, F38
R2L
F6, F11, F12, F19, F22
Table (3
...
However, this research found that the research of Mukkamala, Sung and
Abraham (2004) has given acceptable results so it is adopted to be used in the stage of
representing rules with the most significant features
...
1 Overview
Network Intrusion Detection System has been built
...
There are many results which have
appeared through the system execution
...
4
...
On the KDD official
website the whole data is available, but this research used 5% of the whole data as
training dataset
...
The following table shows the distribution of the
attacks through the training dataset:
Attack
No
...
49 %
DoS
174302
69,72 %
R2L
1125
0
...
0116 %
Probe
3319
1
...
1): Distribution of Attacks within Training Dataset
40
The training dataset used to support the system about the knowledge related to
the attacks, whereas the testing dataset used to be tested and to evaluate the system itself
by evaluating the Detection Rate and False Positive Rate
...
3 Selecting the most Significant Features
The KDD Cup 99 dataset contains a huge number of records, each of which has
41 features plus one attribute has a name of the attack to be used as a labeled record
...
The process of comparing a record of testing a dataset with the whole data in the
training dataset using 41 features will have resources and time consuming
...
Mukkamala, Sung and Abraham, (2004) selected the most significant features
by eliminating useless features
...
3)
...
2)
...
of records before filtering
No
...
2) Distribution of Attacks before and after filtering [Mukkamala, Sung and Abraham (2004)]
41
Zainal, Maarof, Shamsuddin, and Abraham, (2008) selected the most significant
features by using one-class classifier; the classifier deployed three techniques which are:
Linear Genetic Programming (LGP), Adaptive Neural Fuzzy Inference System (ANFIS)
and Random Forest (RF)
...
2)
...
3)
...
of records before filtering
No
...
3) Distribution of Attacks before and after filtering [Zainal, Maarof, Shamsuddin, and Abraham, (2008)]
Mukkamala and Sung, (2003) selected the most significant features after
describing the features as important, secondary and unimportant
...
4): Important, secondary and unimportant features [Mukkamala and sung (2003)]
...
5)
...
of records before filtering
No
...
5) Distribution of Attacks before and after filtering [Mukkamala and sung (2003)]
Chou, Yen, and Luo, (2008) selected the most significant features by using an
algorithm to remove irrelevant features and redundant features
...
6): Features after removing both irrelevant and
redundant features [Chou, Yen, and Luo(2008)]
The data has been filtered as their results to get the number of records as shown below (4
...
Attack
No
...
of records after filtering
Normal
71225
------------
DoS
174302
7642
Probe
3319
1092
R2L
1125
319
U2R
29
22
Table (4
...
Each one contains 5000
records
...
Attack
No
...
1%
0
...
3%
Probe
11
91%
91%
0%
91%
U2R
6
83%
33%
0%
66%
R2L
1
100%
0%
0%
0%
Normal
3183
18%
40%
13%
------
Table (4
...
of records
Class 1
Class 2
Class 3
Class 4
DoS
3400
100%
0
...
2%
0
...
5%
36%
1%
------
Table (4
...
Hence, the most significant features according to class 1 will be selected
...
4 Fitness Function
Intrusion Detection System was used to protect the system against malicious
activities
...
Steady State Genetic Algorithm can't be done without the selection process
which depends mainly on fitness value that obtained using Fitness Function
...
Hence, Fitness Function
must take two points in its consideration:
First: the reward must be as more as the chromosome's strength
...
Hence, this research suggested Reward-Penality based Fitness Function
...
Each category record was compared to the whole data
...
To understand the reason of creating column A, and column AB, suppose there
are 5 features for DoS category, each feature's value should be in a specific range or
equal to a specific value in order to evaluate the record as DoS, but in such cases, the
five features got the same values as a record in DoS but still not DoS because of a
specific value of one or more of the hidden features
...
Else, if the condition of the selected record is equal to the condition of the
45
compared record but the actions of both records don't meet each other, then the value of
column A of the selected record will increase by one
...
1)
Where:
X = the maximum value of AB in the population
...
Now, let us discuss the content of the function:
(AB/(AB+A)) gives the rate of the AB value in proportion to the sum of AB and A
values, the resulted value will reflect the strength of the record
...
To obtain the importance and strength of the record, one can subtract the
weakness value from the strength value by calculating ((AB-A)/(AB+A)) as in the
function above
...
10) : Similar Fitness Values
But, in such cases the resulted value will not be accurate because it will deal
with record1 and record2 as the same strength, whereas it is clear that record2 is
stronger than record1 because of the value of AB, so the function should be supported
with other positive and negative values to apply policy of Reward and Penality to the
records as following:
46
AB/X: gives the rate which reflects the strength of the record depending on the
strongest record in the population, the resulted value will be equal to Zero in the worst
case (If AB value = 0) and will be equal to One in the best case if the AB value of that
record is the highest AB value in the population, so it logically should be added to the
function to reward the record
...
Now, assume that the record with the best case, so AB value of that record is the
highest AB value in the AB column, and A value is equal to Zero, this means that
Fitness = 2, on the other hand, assume that the record with the worst case, so A value of
that record is the highest A value in the A column, and AB value is equal to Zero, this
means that fitness = -2 , but the fitness value provided by the Fitness Function must
assign a non-negative cost to each candidate (Bottaci, 2001), so the constant value of 2
will be added to the function to make the fitness value equal to 0 in the worst case, and
fitness value equal to 4 in the best case, in this manner, the fitness value will be positive
and in the interval [0,4] at any case
...
47
4
...
1 Fitness Results
The following table is from the real data set, the table contents of column A and
column AB are filled according to the comparison process described above with a
simple population of 4 records for each category, whereas the contents of the column
Fitness is calculated using suggested Fitness Function
...
143
3
...
246
0
...
985
3
...
049
1
...
002
1
...
000
3
...
016
2
...
006
3
...
000
3
...
501
1
...
11): Real Data
4
...
2 Discussion of Fitness Results
Now, Observe that the normal record with AB = 3 is fitter than the normal
record with A=1 in the case of A=0 in both records
...
48
Observe the best case Probe record with fitness value = 4 that means constant
number (2) + 1 (because A value = 0) + 1 (Because AB is the greatest AB value in the
population)
...
Observe that U2R record with A = 818 and AB = 3 is fitter than U2R record
with A=10 and AB = 1, because the maximum value of A is very high, and the
maximum value of AB is very low, in these cases the Reward and Penality issue affect
the fitness value obviously
...
4
...
If the fitness value of the rule X is greater than the fitness value of the rule Y
according to the first Fitness Function, then the fitness value of the rule X also is greater
than the fitness value of the rule Y according to the second Fitness Function
...
2)
(4
...
To say
that the new Fitness Function is getting a good result, the values of R1 and R2 must be
close to each other
...
4)
Where:
Support: indicates the recurrence of AB within all the rules in the population
...
t1and t2 were used as thresholds to balance between support value and confidence
value, assume that (t1 = 0
...
9843)
...
5)
Where,
N: the number of records in the population
...
50
4
...
4 Comparing Results
The system has been built for a population of 68 records of R2L attack
...
Fitness Value 1 and R1 are related to the Reward-Penality based Fitness
Function, whereas Fitness Value 2 and R2 are related to the Support-Confidence
Framework Fitness Function
...
Val
...
Val 2
R1
R2
180930
11
0
...
004
0
...
004
0
1
3
...
985
0
...
961
0
51
3
...
004
0
...
979
0
2
3
...
985
0
...
961
0
4
3
...
986
0
...
962
0
3
3
...
985
0
...
962
0
4
3
...
986
0
...
962
0
6
3
...
987
0
...
963
0
16
3
...
990
0
...
966
0
37
3
...
998
0
...
974
0
91
3
...
019
0
...
994
107
3
...
025
1
...
000
0
Table (4
...
Finally, the result of
R3 was calculated using equation (4
...
0001)
...
5 Tracing the Selection process:
This section will present the tracing of many types of Steady State Genetic
Algorithm Selection process
...
The tracing results suppose that there are two populations with size
8
...
Chromosome ID
Fitness Value
1
1
...
163
3
1
4
1
...
167
6
1
...
167
8
3
...
167
10
3
...
333
12
3
...
167
14
3
...
167
16
2
...
13): ID and fitness value for U2R chromosomes
The data is divided into two populations
...
Those values can be achieved using the following equations:
52
Sum Fitness (Sf), Average Fitness (Af) and Sum Expected Fitness Value (SumEf), as
represented in the equations (2
...
7, 2
...
4
...
1 Trace with Roulette Wheel Selection
Here, there is a randomly generated number, then Sum Expected Fitness value
(SumEf) calculation will be applied continuously until reaching to the record that makes
the (SumEf) value greater than the generated number, then that record considered as the
selected individual using RWS
...
14) below, shows the tracing of generated random number and the
selected individual corresponding to the generated number
...
Selected Individual
1
6
7
2
5
7
3
1
2
4
4
6
5
6
7
6
5
7
7
1
2
8
4
6
9
0
...
999
14
11
4
12
12
0
...
999
14
14
6
...
999
13
16
7
...
14): Generated random numbers with selected individual
53
According to the selected individual, Table (4
...
167
7
3
...
163
6
1
...
167
7
3
...
163
6
1
...
167
14
3
...
333
9
3
...
167
15
3
...
167
15
3
...
15): Prepared population with RWS
4
...
2 Trace with Elitism Selection
This type of selection will arrange the population records in decreasing order
according to their Fitness Values
...
16) shows the result of Elitism Selection
...
167
7
3
...
167
6
1
...
348
1
1
...
163
3
1
11
3
...
333
10
3
...
167
13
3
...
167
15
3
...
333
Table (4
...
5
...
The new fitness values calculated
for the records using the equation (2
...
17) shows the result of ranking selection:
55
ID
Fitness Value
Rank
Max
Min
New Fitness Value
5
3
...
71
0
...
29
7
3
...
53
0
...
62
8
3
...
58
0
...
75
6
1
...
29
0
...
95
4
1
...
3
0
...
04
1
1
...
77
0
...
33
2
1
...
01
0
...
007
3
1
1
1
...
24
1
...
333
8
1
...
13
0
...
333
7
1
...
94
0
...
267
6
1
...
05
0
...
167
5
1
...
64
0
...
167
4
1
...
48
1
...
167
3
1
...
23
1
...
167
2
1
...
95
1
...
333
1
1
...
41
1
...
17): The values of rank and new fitness values for each record using rank selection
After calculating the fitness values, RWS selection will be applied to get the
selected individual
...
18) shows the result of RWS applied on the new fitness
values
...
03
4
5
3
...
07
2
7
4
...
59
2
9
19
...
95
11
11
9
...
90
9
13
26
15
14
0
...
86
12
16
3
...
18): The selected individual after applying RWS over the new fitness values
4
...
4 Trace with Stochastic Universal Sampling (SUS):
The idea of this type of selection is to select individuals at specific points
...
The record fitness value affects the Selection of the
individual
...
19) shows the result of selected individual and their fitness values:
57
Counter
Selected individual ID
Selected individual Fitness Value
1
1
1
...
163
3
4
1
...
167
5
6
1
...
167
7
7
3
...
167
9
9
3
...
167
11
10
3
...
333
13
12
3
...
167
15
14
3
...
167
Table (4
...
5
...
Finally, choose the record with the
highest fitness values records
...
20)
shows the result of randomly chosen numbers, the selected individuals
corresponding to the random numbers and the selected record
...
20): Selected individuals using Tournament Selection
Table (4
...
59
#
RWS
Elitism
Ranking
SUS
Tournament
1
7
5
3
1
7
2
7
7
6
2
5
3
2
8
6
4
7
4
6
6
4
5
5
5
7
4
6
6
7
6
7
1
2
7
5
7
2
2
6
7
8
8
6
3
3
8
6
9
9
11
14
9
14
10
14
12
11
9
13
11
12
10
10
10
12
12
9
9
9
11
14
13
14
13
16
12
9
14
15
14
11
13
12
15
13
15
12
14
12
16
15
16
12
14
11
Table (4
...
Notice that there aren't two
Selection types have the same chromosomes arrangement; this note will be helpful in
the next section
...
6 Comparing between Selection and Crossover types
...
4; the Steady State Genetic Algorithm has many
stages
...
But when applying the algorithm for each stage, just
one type can be taken to get the result
...
It will determine the Selection type and Crossover type that gives the
best result when they combined together within Steady State Genetic Algorithm
...
6
...
The detection system with Steady State Genetic Algorithm has been built
...
22): The parameters used in the system
The Steady State Genetic algorithm was applied with Roulette Wheel Selection
and Single Point Crossover in the first trial, and then applied with Roulette Wheel
Selection and Two Points Crossover in the second trial
...
61
The results are observed for each trial in the 10th generation and 15th generation to
ensure the judgment
...
6
...
After applying the GA with many generations, the following results have been gotten:
Choice
Selection
Crossover
After 10 Generations
After 15 Generations
# of records
DR
# of records
DR
1
RWS
One Point
94
0
...
53
2
RWS
Two Points
117
0
...
53
3
RWS
Uniform
112
0
...
4
4
Elitism
One Point
98
0
...
4
5
Elitism
Two Points
125
0
...
53
6
Elitism
Uniform
137
0
...
53
7
Ranking
One Point
87
0
...
46
8
Ranking
Two Points
91
0
...
53
9
Ranking
Uniform
110
0
...
53
10
SUS
One Point
98
0
...
40
11
SUS
Two Points
125
0
...
46
12
SUS
Uniform
137
0
...
53
13
Tournament
One Point
79
0
...
46
14
Tournament
Two Points
110
0
...
46
15
Tournament
Uniform
117
0
...
46
Table (4
...
Some are bad and some are good
...
So SSGA will
62
discover all the hidden rules but the process will vary from choice to choice in the term
of number of generations to discover the rules and the time consuming in discovering
rules, Because the time consuming will be as high as the number of generations
increase
...
2- For each Selection process, the Uniform Crossover produced better results than
Two Points Crossover
...
But
Roulette Wheel Selection with Uniform Crossover (Choice 3) produced worse
results than Tournament Selection with Uniform Crossover (Choice 15)
...
4
...
Intrusion Detection System has been built, and Steady State Genetic Algorithm
has been used to support the system
...
1) and FPR
was calculated using equation (2
...
Both values where calculated for each type of
attack
...
If
DR approaches to 100%, it means that system has a good DR
...
After system execution, the execution gave
the following results
...
03%
0
...
37%
0
...
24): Results of system DR and FPR
4
...
This part will compare thesis results with other results; the criteria are Average
of the DR and Average of the FPR
...
9%
...
Stewart, (2009) found that the
average of DR is equal to 79
...
Al-sharafat (2009) found that the average FPR equal 0
...
69%, which is worse than the results of this research
...
The comparison is clear in Table
(4
...
29%
Alsharafat
98
...
094%
Stewart
79
...
69%
Table (4
...
4
...
The first method
is Reward Penality based Fitness Function, which is completely new
...
This thesis has got a high DR, and a low FPR
...
297%
...
The internal
comparison is between Selection methods and Crossover operators, which help the
model in choosing the best choice which performs better
...
65
Chapter Five
Conclusion and Future Work
5
...
The main
goal of this research is to enhance the SSGA for misuse NIDS in order to increase DR
and decrease FPR
...
KDD Cup 99 has a huge amount of records, each record has 42 features
...
IDS tried to use the
results of each research to determine the suitable research result
...
Different Selection methods and Crossover types was combined together and
tested
...
The results of comparing between Selection and Crossover type are similar
when using some types, the tracing helps in ensuring that different selection types have
different arrangement of the records
...
297%
...
The comparison results show that this
research is accepted
...
2 Future Work
The proposed model for Intrusion Detection System has been built and
supported with Steady State Genetic Algorithm
...
1- Additional researches needed to find the DR and FPR for Normal behavior
...
i
...
Binary Tournament Replacement and Triple Tournament
Replacement
...
4- There is a need to build an Intrusion Detection System which depends on the hybrid
of Anomaly and Misuse analysis
...
6- The research should be applied on another type of attacks
...
67
References
Adewumi, A
...
(2010)
...
(master thesis)
...
Johannesburg
...
Available at:
http://wiredspace
...
ac
...
pdf?sequence=6
Agravat,M
...
(2011)
...
First international conference on computer science ,
engineering and application (CCSEA)
...
Available at: http://airccj
...
Alabsi,F
...
(2012) "Fitness Function for Genetic Algorithm used in
Intrusion Detection System"
...
Vol(2)
...
PP (129-134), available at:
http://www
...
com/journals/Vol_2_No_4_April_2012/17
...
Naoum,R
...
Development of genetic-based machine learning
for Network Intrusion Detection
...
Available at:
http://www
...
org/journals/waset/v55/v55-5
...
Development of genetic-based machine learning
algorithm for network intrusion detection (gbml-nid)
...
Berlanga
...
J
...
M
...
, Gatco
...
J
...
F
...
From:
http://sci2s
...
es/docencia/doctoMineriaDatos/Ber06-ICAIS
...
,2001, A Genetic Algorithm Fitness Function for mutation testing
presented at SEMINAL 2001, International workshop on software engineering using
Metaheuristic Innovative algorithm, a workshop at 23-rd Int
...
From:
http://www2
...
ac
...
Chinneck,J
...
(2006)
...
Canada
...
Available at:
http://www
...
carleton
...
68
Chou,T
...
Yen,K
...
Luo,J
...
"Network Intrusion Detection Design Using
Feature Selection of Soft Computing Paradigms"
...
No (47)
...
Cleary, B
...
“Problems with crossover bias for binary string representations in
genetic algorithms”
...
Californai state university
...
Californa
...
Das, V
...
Sharma, S
...
Srikanth, M
...
(2010)
...
International
Journal of Computer Science and Information Technology (IJCSIT)
...
No
(6)
...
Available at: http://airccse
...
Deb, K
...
PP
...
Diaz-Gomez,P
...
(2006)
...
15th international conference on computing
...
Available at: http://www
...
edu/~pdiazgo/diazp-Misuse
...
Hougen,D
...
Misuse Detection: An Iterative Process vs
...
On proceeding International Conference on
Enterprise Information Systems(2)
...
ou
...
A
...
Garcia-Teodoro, P
...
Macia-Fernandoz, G
...
(2009)
...
ScienceDirect
...
Pages 18-28
...
ugr
...
Ghali,N
...
Feature selection for effective anomaly based intrusion detection
...
Available at:
http://paper
...
org/07_book/200903/20090339
...
Abdul Mukit, M
...
(2012)
...
International Journal of Network
Security & its Applications
...
No(2)
...
Information Assurance Technology Analysis Center (IATAC)
...
Intrusion
Detection System
...
USA
...
Anomaly network intrusion detection system
based on distributed time-delay neural network (DTDNN)
...
Vol (5)
...
Pages 457-471
...
taylors
...
my/Vol%205%20Issue%204%20December%2010/Vol_5_4
_457_471_L
...
%20Ibrahim
...
Fuller,D
...
(2005)
...
Available at:
http://www
...
iastate
...
Khan, S
...
"Rule based Network Intrusion Detection using Genetic
Algorithm"
...
Vol (18)
...
PP (2629)
...
(2003)
...
nmt
...
pdf Viewed at: 13-Dec-2011
...
, Husian, M
...
, Gupta, D
...
Genetic algorithm: review
and application
...
Vol (2)
...
Page 451
...
csjournals
...
Mukkamala, S
...
, Abrham, A
...
rmltech
...
Naoum, R
...
, Al-Sultani,Z
...
"An Enhanced Resilient Back
propagation Artificial Neural Network for Intrusion Detection System"
...
Vol(12)
...
PP (11-16)
...
(2010)
...
(Doctorate Dissertation)
...
Montana
...
Available at: http://www
...
montana
...
Scarfone, K
...
(2007)
...
National Institute of Standards and Technology
...
Available at: http://csrc
...
gov/publications/nistpubs/800-94/SP80094
...
, Stidsen, T
...
Hybird systems:genetic algorithms,neural networks
and fuzzy logic, DAIMI IR
Selvakani,S
...
S
...
Genetic algorithm for framing rules for intrusion
detection
...
Available at:
http://paper
...
org/07_book/200711/20071144
...
(2009)
...
(master thesis)
...
Ontario
...
Available at:
http://qspace
...
queensu
...
Sung, A
...
(2003), "Feature Selection for Intrusion Detection using
Neural Networks and Support Vector Machines", To appear in Journal of the
Transportation Research Board (of the National Academies)
...
ltrc
...
edu/TRB_82/TRB2003-002459
...
, Bagheri,E
...
, Ghorbani,A
...
A detailed analysis of the
KDD Cup 99 data set
...
Available at:
http://www
...
com/publications/CISDA
...
, Anand, K
...
, Swaraj, S
...
(2012)
...
International Journal for
Computer Science and Technology
...
Issue (1)
...
Zainal, A
...
, Shamsuddin, S
...
, (Sept – 2008)"Ensemble of
One-class Classifier for Network Intrusion Detection System", Fourth International
Conference on Information Assurance and Security (ISIAS '08)
...
Available at: http://www
...
net/ias08_1
...
Fill(ds, "normal")
daprobe
...
Fill(ds, "dos")
dau2r
...
Fill(ds, "r2l")
datest
...
Tables("KDDtest$")
...
Count
NoRowsTableNormal = ds
...
Rows
...
Tables("Probe")
...
Count
NoRowsTableDos = ds
...
Rows
...
Tables("U2R")
...
Count
NoRowsTableR2L = ds
...
Rows
...
Tables("KDDtest$")
...
Item(5)
n6 = ds
...
Rows(TestCounter)
...
Tables("KDDtest$")
...
Item(10)
n13 = ds
...
Rows(TestCounter)
...
Tables("KDDtest$")
...
Item(40)
Dim normalcounter As Integer
For normalcounter = 0 To NoRowsTableNormal - 1
If ds
...
Rows(normalcounter)
...
Tables("Normal")
...
Item(2) = n6 Then
If ds
...
Rows(normalcounter)
...
Tables("Normal")
...
Item(4) = n13 Then
If ds
...
Rows(normalcounter)
...
Tables("KDDtest$")
...
Item(42) = "normal
...
Text = Val(TxtNormal4Count
...
Text = Val(TxtNotNormal4Count
...
Tables("KDDtest$")
...
Item(3)
p12 = ds
...
Rows(TestCounter)
...
Tables("KDDtest$")
...
Item(27)
72
-
-
-
p31 = ds
...
Rows(TestCounter)
...
Tables("KDDtest$")
...
Item(35)
Dim ProbeCounter As Integer
For ProbeCounter = 0 To NoRowsTableProbe - 1
If ds
...
Rows(ProbeCounter)
...
Tables("Probe")
...
Item(2) = p12 Then
If ds
...
Rows(ProbeCounter)
...
Tables("Probe")
...
Item(4) = p31 Then
If ds
...
Rows(ProbeCounter)
...
Tables("KDDtest$")
...
Item(42)
= "ipsweep
...
Tables("KDDtest$")
...
Item(42) = "nmap
...
Tables("KDDtest$")
...
Item(42) = "portsweep
...
Tables("KDDtest$")
...
Item(42) = "satan
...
Text = Val(TxtProbe4Count
...
Text = Val(TxtNotProbe4Count
...
Tables("KDDtest$")
...
Item(7)
d8 = ds
...
Rows(TestCounter)
...
Tables("KDDtest$")
...
Item(12)
d13 = ds
...
Rows(TestCounter)
...
Tables("KDDtest$")
...
Item(23)
Dim DosCounter As Integer
For DosCounter = 0 To NoRowsTableDos - 1
If ds
...
Rows(DosCounter)
...
Tables("Dos")
...
Item(2) = d8 Then
If ds
...
Rows(DosCounter)
...
Tables("Dos")
...
Item(4) = d13 Then
If ds
...
Rows(DosCounter)
...
Tables("KDDtest$")
...
Item(42)
= "back
...
Tables("KDDtest$")
...
Item(42) = "land
...
Tables("KDDtest$")
...
Item(42) = "neptune
...
Tables("KDDtest$")
...
Item(42) = "pod
...
Tables("KDDtest$")
...
Item(42) = "smurf
...
Tables("KDDtest$")
...
Item(42) = "teardrop
...
Text = Val(TxtDos4Count
...
Text = Val(TxtNotDos4Count
...
Tables("KDDtest$")
...
Item(14)
ds
...
Rows(TestCounter)
...
Tables("KDDtest$")
...
Item(25)
ds
...
Rows(TestCounter)
...
Tables("KDDtest$")
...
Item(38)
Dim U2RCounter As Integer
For U2RCounter = 0 To NoRowsTableU2R - 1
If ds
...
Rows(U2RCounter)
...
Tables("U2R")
...
Item(2) = u17 Then
If ds
...
Rows(U2RCounter)
...
Tables("U2R")
...
Item(4) = u38 Then
If ds
...
Rows(U2RCounter)
...
Tables("KDDtest$")
...
Item(42)
= "buffer_overflow
...
Tables("KDDtest$")
...
Item(42) = "loadmodule
...
Tables("KDDtest$")
...
Item(42) = "perl
...
Tables("KDDtest$")
...
Item(42) = "rootkit
...
Text = Val(TxtU2R4Count
...
Text = Val(TxtNotU2R4Count
...
Tables("KDDtest$")
...
Item(6)
r11 = ds
...
Rows(TestCounter)
...
Tables("KDDtest$")
...
Item(12)
r19 = ds
...
Rows(TestCounter)
...
Tables("KDDtest$")
...
Item(22)
-
Dim R2LCounter As Integer
For R2LCounter = 0 To NoRowsTableR2L - 1
If ds
...
Rows(R2LCounter)
...
Tables("R2L")
...
Item(2) = r11 Then
If ds
...
Rows(R2LCounter)
...
Tables("R2L")
...
Item(4) = r19 Then
If ds
...
Rows(R2LCounter)
...
Tables("KDDtest$")
...
Item(42)
= "ftp_write
...
Tables("KDDtest$")
...
Item(42) = "guess_passwd
...
Tables("KDDtest$")
...
Item(42) = "imap
...
Tables("KDDtest$")
...
Item(42) = "multihop
...
Tables("KDDtest$")
...
Item(42) = "phf
...
Tables("KDDtest$")
...
Item(42) = "spy
...
Tables("KDDtest$")
...
Item(42) = "warezclient
...
Tables("KDDtest$")
...
Item(42) = "warezmaster
...
Text = Val(TxtR2L4Count
...
Text = Val(TxtNotR2L4Count
...
-
Private CSTrain As New SqlConnection("Data Source=MO3ATH-PC;Initial
Catalog=master;Integrated Security=True")
Private datrain As New SqlDataAdapter("Select * from kddcup$", CSTrain)
Private dos As New SqlConnection("Data Source=MO3ATH-PC;Initial Catalog=S-DoS;Integrated
Security=True")
Private u2r As New SqlConnection("Data Source=MO3ATH-PC;Initial Catalog=S-U2R;Integrated
Security=True")
Private r2l As New SqlConnection("Data Source=MO3ATH-PC;Initial Catalog=S-R2L;Integrated
Security=True")
Private probe As New SqlConnection("Data Source=MO3ATH-PC;Initial Catalog=SProbe;Integrated Security=True")
-
Private Sub Button21_Click(ByVal sender As System
...
EventArgs)
Handles Button21
...
Fill(ds, "buffer_overflow")
datrain
...
Tables("kddcup$")
...
Count
NoRowsTableU2R = ds
...
Rows
...
Tables("buffer_overflow")
...
Item(1)
u17 = ds
...
Rows(Attack)
...
Tables("buffer_overflow")
...
Item(3)
u38 = ds
...
Rows(Attack)
...
Tables("buffer_overflow")
...
Item(5)
uA = ds
...
Rows(Attack)
...
Tables("buffer_overflow")
...
Item(7)
uid = ds
...
Rows(Attack)
...
Tables("kddcup$")
...
Item(13) Then
If u17 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(24) Then
If u38 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(35) Then
If ds
...
Rows(KddCounter)
...
" Then
uAB = uAB + 1
Else
uA = uA + 1
End If
End If
End If
End If
End If
End If
Next
Dim Ocmd As New Data
...
SqlCommand
Ocmd
...
StoredProcedure
Ocmd
...
Parameters
...
Parameters
...
Parameters
...
CommandText = "updateu2r1"
Try
u2r
...
ExecuteNonQuery()
Catch ex As Exception
End Try
u2r
...
Text = "Done"
End Sub
Private Sub Button20_Click(ByVal sender As System
...
EventArgs) Handles Button20
...
Fill(ds, "rootkit")
datrain
...
Tables("kddcup$")
...
Count
NoRowsTableU2R = ds
...
Rows
...
Tables("rootkit")
...
Item(1)
u17 = ds
...
Rows(Attack)
...
Tables("rootkit")
...
Item(3)
u38 = ds
...
Rows(Attack)
...
Tables("rootkit")
...
Item(5)
uA = ds
...
Rows(Attack)
...
Tables("rootkit")
...
Item(7)
uid = ds
...
Rows(Attack)
...
Tables("kddcup$")
...
Item(13) Then
If u17 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(24) Then
If u38 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(35) Then
If ds
...
Rows(KddCounter)
...
" Then
uAB = uAB + 1
Else
uA = uA + 1
End If
End If
End If
End If
End If
End If
Next
Dim Ocmd As New Data
...
SqlCommand
Ocmd
...
StoredProcedure
Ocmd
...
Parameters
...
Parameters
...
Parameters
...
CommandText = "updateu2r2"
Try
u2r
...
ExecuteNonQuery()
Catch ex As Exception
End Try
u2r
...
Text = "Done"
End Sub
Private Sub Button22_Click(ByVal sender As System
...
EventArgs) Handles Button22
...
Fill(ds, "phf")
datrain
...
Tables("kddcup$")
...
Count
NoRowsTableR2L = ds
...
Rows
...
Tables("phf")
...
Item(1)
r11 = ds
...
Rows(Attack)
...
Tables("phf")
...
Item(3)
r19 = ds
...
Rows(Attack)
...
Tables("phf")
...
Item(5)
rA = ds
...
Rows(Attack)
...
Tables("phf")
...
Item(7)
rid = ds
...
Rows(Attack)
...
Tables("kddcup$")
...
Item(5) Then
If r11 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(11) Then
If r19 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(21) Then
If ds
...
Rows(KddCounter)
...
" Then
rAB = rAB + 1
Else
rA = rA + 1
End If
End If
End If
End If
End If
End If
Next
Dim Ocmd As New Data
...
SqlCommand
Ocmd
...
StoredProcedure
Ocmd
...
Parameters
...
Parameters
...
Parameters
...
CommandText = "updater2l"
Try
r2l
...
ExecuteNonQuery()
Catch ex As Exception
End Try
r2l
...
Text = "Done"
End Sub
Private Sub Button5_Click_1(ByVal sender As System
...
EventArgs) Handles Button5
...
Fill(ds, "ipsweep")
datrain
...
Tables("kddcup$")
...
Count
NoRowsTableProbe = ds
...
Rows
...
Tables("ipsweep")
...
Item(1)
p12 = ds
...
Rows(Attack)
...
Tables("ipsweep")
...
Item(3)
p31 = ds
...
Rows(Attack)
...
Tables("ipsweep")
...
Item(5)
pA = ds
...
Rows(Attack)
...
Tables("ipsweep")
...
Item(7)
pid = ds
...
Rows(Attack)
...
Tables("kddcup$")
...
Item(2) Then
If p12 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(26) Then
If p31 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(34) Then
If ds
...
Rows(KddCounter)
...
" Then
pAB = pAB + 1
Else
pA = pA + 1
End If
End If
End If
End If
End If
End If
Next
Dim Ocmd As New Data
...
SqlCommand
Ocmd
...
StoredProcedure
Ocmd
...
Parameters
...
Parameters
...
Parameters
...
CommandText = "updateprobe1"
Try
probe
...
ExecuteNonQuery()
Catch ex As Exception
End Try
probe
...
Text = "Done"
End Sub
Private Sub Button2_Click_1(ByVal sender As System
...
EventArgs) Handles Button2
...
Fill(ds, "portsweep")
datrain
...
Tables("kddcup$")
...
Count
NoRowsTableProbe = ds
...
Rows
...
Tables("portsweep")
...
Item(1)
p12 = ds
...
Rows(Attack)
...
Tables("portsweep")
...
Item(3)
p31 = ds
...
Rows(Attack)
...
Tables("portsweep")
...
Item(5)
pA = ds
...
Rows(Attack)
...
Tables("portsweep")
...
Item(7)
pid = ds
...
Rows(Attack)
...
Tables("kddcup$")
...
Item(2) Then
If p12 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(26) Then
If p31 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(34) Then
If ds
...
Rows(KddCounter)
...
" Then
pAB = pAB + 1
Else
pA = pA + 1
78
-
End If
End If
End If
End If
End If
End If
Next
Dim Ocmd As New Data
...
SqlCommand
Ocmd
...
StoredProcedure
Ocmd
...
Parameters
...
Parameters
...
Parameters
...
CommandText = "updateprobe2"
Try
probe
...
ExecuteNonQuery()
Catch ex As Exception
End Try
probe
...
Text = "Done"
End Sub
Private Sub Button1_Click_1(ByVal sender As System
...
EventArgs) Handles Button1
...
Fill(ds, "satan")
datrain
...
Tables("kddcup$")
...
Count
NoRowsTableProbe = ds
...
Rows
...
Tables("satan")
...
Item(1)
p12 = ds
...
Rows(Attack)
...
Tables("satan")
...
Item(3)
p31 = ds
...
Rows(Attack)
...
Tables("satan")
...
Item(5)
pA = ds
...
Rows(Attack)
...
Tables("satan")
...
Item(7)
pid = ds
...
Rows(Attack)
...
Tables("kddcup$")
...
Item(2) Then
If p12 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(26) Then
If p31 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(34) Then
If ds
...
Rows(KddCounter)
...
" Then
pAB = pAB + 1
Else
pA = pA + 1
End If
End If
End If
End If
End If
79
-
End If
Next
Dim Ocmd As New Data
...
SqlCommand
Ocmd
...
StoredProcedure
Ocmd
...
Parameters
...
Parameters
...
Parameters
...
CommandText = "updateprobe3"
Try
probe
...
ExecuteNonQuery()
Catch ex As Exception
End Try
probe
...
Text = "Done"
End Sub
Private Sub Button19_Click(ByVal sender As System
...
EventArgs) Handles Button19
...
Fill(ds, "back")
datrain
...
Tables("kddcup$")
...
Count
NoRowsTableDos = ds
...
Rows
...
Tables("back")
...
Item(1)
d8 = ds
...
Rows(Attack)
...
Tables("back")
...
Item(3)
d13 = ds
...
Rows(Attack)
...
Tables("back")
...
Item(5)
dA = ds
...
Rows(Attack)
...
Tables("back")
...
Item(7)
did = ds
...
Rows(Attack)
...
Tables("kddcup$")
...
Item(6) Then
If d8 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(11) Then
If d13 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(22) Then
If ds
...
Rows(KddCounter)
...
" Then
dAB = dAB + 1
Else
dA = dA + 1
End If
End If
End If
End If
End If
End If
Next
Dim Ocmd As New Data
...
SqlCommand
Ocmd
...
StoredProcedure
Ocmd
...
Parameters
...
Parameters
...
Parameters
...
CommandText = "updatedos1"
Try
dos
...
ExecuteNonQuery()
Catch ex As Exception
End Try
dos
...
Text = "Done"
End Sub
Private Sub Button18_Click(ByVal sender As System
...
EventArgs) Handles Button18
...
Fill(ds, "land")
datrain
...
Tables("kddcup$")
...
Count
NoRowsTableDos = ds
...
Rows
...
Tables("land")
...
Item(1)
d8 = ds
...
Rows(Attack)
...
Tables("land")
...
Item(3)
d13 = ds
...
Rows(Attack)
...
Tables("land")
...
Item(5)
dA = ds
...
Rows(Attack)
...
Tables("land")
...
Item(7)
did = ds
...
Rows(Attack)
...
Tables("kddcup$")
...
Item(6) Then
If d8 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(11) Then
If d13 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(22) Then
If ds
...
Rows(KddCounter)
...
" Then
dAB = dAB + 1
Else
dA = dA + 1
End If
End If
End If
End If
End If
End If
Next
Dim Ocmd As New Data
...
SqlCommand
Ocmd
...
StoredProcedure
Ocmd
...
Parameters
...
Parameters
...
Parameters
...
CommandText = "updatedos2"
Try
dos
...
ExecuteNonQuery()
Catch ex As Exception
End Try
dos
...
Text = "Done"
End Sub
Private Sub Button17_Click(ByVal sender As System
...
EventArgs) Handles Button17
...
Fill(ds, "neptune")
datrain
...
Tables("kddcup$")
...
Count
NoRowsTableDos = ds
...
Rows
...
Tables("neptune")
...
Item(1)
d8 = ds
...
Rows(Attack)
...
Tables("neptune")
...
Item(3)
d13 = ds
...
Rows(Attack)
...
Tables("neptune")
...
Item(5)
dA = ds
...
Rows(Attack)
...
Tables("neptune")
...
Item(7)
did = ds
...
Rows(Attack)
...
Tables("kddcup$")
...
Item(6) Then
If d8 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(11) Then
If d13 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(22) Then
If ds
...
Rows(KddCounter)
...
" Then
dAB = dAB + 1
Else
dA = dA + 1
End If
End If
End If
End If
End If
End If
Next
Dim Ocmd As New Data
...
SqlCommand
Ocmd
...
StoredProcedure
Ocmd
...
Parameters
...
Parameters
...
Parameters
...
CommandText = "updatedos3"
Try
dos
...
ExecuteNonQuery()
Catch ex As Exception
End Try
dos
...
Text = "Done"
End Sub
Private Sub Button16_Click(ByVal sender As System
...
EventArgs) Handles Button16
...
Fill(ds, "pod")
datrain
...
Tables("kddcup$")
...
Count
NoRowsTableDos = ds
...
Rows
...
Tables("pod")
...
Item(1)
d8 = ds
...
Rows(Attack)
...
Tables("pod")
...
Item(3)
d13 = ds
...
Rows(Attack)
...
Tables("pod")
...
Item(5)
dA = ds
...
Rows(Attack)
...
Tables("pod")
...
Item(7)
did = ds
...
Rows(Attack)
...
Tables("kddcup$")
...
Item(6) Then
If d8 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(11) Then
If d13 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(22) Then
If ds
...
Rows(KddCounter)
...
" Then
dAB = dAB + 1
Else
dA = dA + 1
End If
End If
End If
End If
End If
End If
Next
Dim Ocmd As New Data
...
SqlCommand
Ocmd
...
StoredProcedure
Ocmd
...
Parameters
...
Parameters
...
Parameters
...
CommandText = "updatedos4"
Try
dos
...
ExecuteNonQuery()
Catch ex As Exception
End Try
dos
...
Text = "Done"
End Sub
Private Sub Button15_Click(ByVal sender As System
...
EventArgs) Handles Button15
...
Fill(ds, "smurf")
datrain
...
Tables("kddcup$")
...
Count
NoRowsTableDos = ds
...
Rows
...
Tables("smurf")
...
Item(1)
d8 = ds
...
Rows(Attack)
...
Tables("smurf")
...
Item(3)
d13 = ds
...
Rows(Attack)
...
Tables("smurf")
...
Item(5)
dA = ds
...
Rows(Attack)
...
Tables("smurf")
...
Item(7)
did = ds
...
Rows(Attack)
...
Tables("kddcup$")
...
Item(6) Then
If d8 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(11) Then
If d13 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(22) Then
If ds
...
Rows(KddCounter)
...
" Then
dAB = dAB + 1
Else
dA = dA + 1
End If
End If
End If
End If
End If
End If
Next
Dim Ocmd As New Data
...
SqlCommand
Ocmd
...
StoredProcedure
Ocmd
...
Parameters
...
Parameters
...
Parameters
...
CommandText = "updatedos5"
Try
dos
...
ExecuteNonQuery()
Catch ex As Exception
End Try
dos
...
Text = "Done"
End Sub
Private Sub Button6_Click_1(ByVal sender As System
...
EventArgs) Handles Button6
...
Fill(ds, "teardrop")
datrain
...
Tables("kddcup$")
...
Count
NoRowsTableDos = ds
...
Rows
...
Tables("teardrop")
...
Item(1)
d8 = ds
...
Rows(Attack)
...
Tables("teardrop")
...
Item(3)
d13 = ds
...
Rows(Attack)
...
Tables("teardrop")
...
Item(5)
dA = ds
...
Rows(Attack)
...
Tables("teardrop")
...
Item(7)
did = ds
...
Rows(Attack)
...
Tables("kddcup$")
...
Item(6) Then
If d8 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(11) Then
If d13 = ds
...
Rows(KddCounter)
...
Tables("kddcup$")
...
Item(22) Then
If ds
...
Rows(KddCounter)
...
" Then
dAB = dAB + 1
Else
dA = dA + 1
End If
End If
End If
End If
End If
End If
Next
Dim Ocmd As New Data
...
SqlCommand
Ocmd
...
StoredProcedure
Ocmd
...
Parameters
...
Parameters
...
Parameters
...
CommandText = "updatedos6"
Try
dos
...
ExecuteNonQuery()
Catch ex As Exception
End Try
dos
...
Text = "Done"
End Sub
Code for calculating Fitness Function
Private Sub Button21_Click(ByVal sender As System
...
EventArgs) Handles
Button21
...
Fill(ds, "buffer_overflow")
Dim uA, uAB, uid As Integer
Dim uFitnessValue As Double
Dim NoRowsTableU2R As Integer
NoRowsTableU2R = ds
...
Rows
...
Tables("buffer_overflow")
...
Item(6) > maxA Then
maxA = ds
...
Rows(j)
...
Tables("buffer_overflow")
...
Item(7) > maxAB Then
maxAB = ds
...
Rows(j)
...
Tables("buffer_overflow")
...
Item(6)
uAB = ds
...
Rows(y)
...
Tables("buffer_overflow")
...
Item(8)
uFitnessValue = 2 + ((uAB - uA) / (uA + uAB)) + uAB / maxAB - uA / maxA
uFitnessValue = Double
...
ToString("#0
...
SqlClient
...
CommandType = CommandType
...
Connection = u2r
Ocmd
...
AddWithValue("@id", uid)
Ocmd
...
AddWithValue("@FitnessValue", uFitnessValue)
Ocmd
...
Open()
Ocmd
...
Message)
End Try
u2r
...
Text = "Done"
End Sub
Private Sub Button20_Click(ByVal sender As System
...
EventArgs)
Handles Button20
...
Fill(ds, "rootkit")
Dim uA, uAB, uid As Integer
Dim uFitnessValue As Double
Dim NoRowsTableU2R As Integer
NoRowsTableU2R = ds
...
Rows
...
Tables("rootkit")
...
Item(6) > maxA Then
maxA = ds
...
Rows(j)
...
Tables("rootkit")
...
Item(7) > maxAB Then
maxAB = ds
...
Rows(j)
...
Tables("rootkit")
...
Item(6)
uAB = ds
...
Rows(y)
...
Tables("rootkit")
...
Item(8)
uFitnessValue = 2 + ((uAB - uA) / (uA + uAB)) + uAB / maxAB - uA / maxA
uFitnessValue = Double
...
ToString("#0
...
SqlClient
...
CommandType = CommandType
...
Connection = u2r
Ocmd
...
AddWithValue("@id", uid)
Ocmd
...
AddWithValue("@FitnessValue", uFitnessValue)
Ocmd
...
Open()
Ocmd
...
Message)
End Try
u2r
...
Text = "Done"
End Sub
Private Sub Button22_Click(ByVal sender As System
...
EventArgs)
Handles Button22
...
Fill(ds, "phf")
Dim rA, rAB, rid As Integer
Dim rFitnessValue As Double
Dim NoRowsTableR2L As Integer
NoRowsTableR2L = ds
...
Rows
...
Tables("phf")
...
Item(6) > maxA Then
maxA = ds
...
Rows(j)
...
Tables("phf")
...
Item(7) > maxAB Then
maxAB = ds
...
Rows(j)
...
Tables("phf")
...
Item(6)
rAB = ds
...
Rows(y)
...
Tables("phf")
...
Item(8)
rFitnessValue = 2 + ((rAB - rA) / (rA + rAB)) + rAB / maxAB - rA / maxA
rFitnessValue = Double
...
ToString("#0
...
SqlClient
...
CommandType = CommandType
...
Connection = r2l
Ocmd
...
AddWithValue("@id", rid)
Ocmd
...
AddWithValue("@FitnessValue", rFitnessValue)
Ocmd
...
Open()
Ocmd
...
Message)
End Try
r2l
...
Text = "Done"
End Sub
Private Sub Button5_Click_1(ByVal sender As System
...
EventArgs)
Handles Button5
...
Fill(ds, "ipsweep")
Dim pA, pAB, pid As Integer
Dim pFitnessValue As Double
Dim NoRowsTableprobe As Integer
NoRowsTableprobe = ds
...
Rows
...
Tables("ipsweep")
...
Item(6) > maxA Then
maxA = ds
...
Rows(j)
...
Tables("ipsweep")
...
Item(7) > maxAB Then
maxAB = ds
...
Rows(j)
...
Tables("ipsweep")
...
Item(6)
pAB = ds
...
Rows(y)
...
Tables("ipsweep")
...
Item(8)
pFitnessValue = 2 + ((pAB - pA) / (pA + pAB)) + pAB / maxAB - pA / maxA
pFitnessValue = Double
...
ToString("#0
...
SqlClient
...
CommandType = CommandType
...
Connection = probe
Ocmd
...
AddWithValue("@id", pid)
Ocmd
...
AddWithValue("@FitnessValue", pFitnessValue)
Ocmd
...
Open()
Ocmd
...
Message)
End Try
probe
...
Text = "Done"
End Sub
Private Sub Button2_Click_1(ByVal sender As System
...
EventArgs)
Handles Button2
...
Fill(ds, "portsweep")
Dim pA, pAB, pid As Integer
Dim pFitnessValue As Double
Dim NoRowsTableprobe As Integer
NoRowsTableprobe = ds
...
Rows
...
Tables("portsweep")
...
Item(6) > maxA Then
maxA = ds
...
Rows(j)
...
Tables("portsweep")
...
Item(7) > maxAB Then
maxAB = ds
...
Rows(j)
...
Tables("portsweep")
...
Item(6)
pAB = ds
...
Rows(y)
...
Tables("portsweep")
...
Item(8)
pFitnessValue = 2 + ((pAB - pA) / (pA + pAB)) + pAB / maxAB - pA / maxA
pFitnessValue = Double
...
ToString("#0
...
SqlClient
...
CommandType = CommandType
...
Connection = probe
Ocmd
...
AddWithValue("@id", pid)
Ocmd
...
AddWithValue("@FitnessValue", pFitnessValue)
Ocmd
...
Open()
Ocmd
...
Message)
88
End Try
probe
...
Text = "Done"
End Sub
Private Sub Button1_Click_1(ByVal sender As System
...
EventArgs)
Handles Button1
...
Fill(ds, "satan")
Dim pA, pAB, pid As Integer
Dim pFitnessValue As Double
Dim NoRowsTableprobe As Integer
NoRowsTableprobe = ds
...
Rows
...
Tables("satan")
...
Item(6) > maxA Then
maxA = ds
...
Rows(j)
...
Tables("satan")
...
Item(7) > maxAB Then
maxAB = ds
...
Rows(j)
...
Tables("satan")
...
Item(6)
pAB = ds
...
Rows(y)
...
Tables("satan")
...
Item(8)
pFitnessValue = 2 + ((pAB - pA) / (pA + pAB)) + pAB / maxAB - pA / maxA
pFitnessValue = Double
...
ToString("#0
...
SqlClient
...
CommandType = CommandType
...
Connection = probe
Ocmd
...
AddWithValue("@id", pid)
Ocmd
...
AddWithValue("@FitnessValue", pFitnessValue)
Ocmd
...
Open()
Ocmd
...
Message)
End Try
probe
...
Text = "Done"
End Sub
Private Sub Button19_Click(ByVal sender As System
...
EventArgs)
Handles Button19
...
Fill(ds, "back")
Dim dosA, dosAB, dosid As Integer
Dim dosFitnessValue As Double
Dim NoRowsTabledos As Integer
NoRowsTabledos = ds
...
Rows
...
Tables("back")
...
Item(6) > maxA Then
maxA = ds
...
Rows(j)
...
Tables("back")
...
Item(7) > maxAB Then
maxAB = ds
...
Rows(j)
...
Tables("back")
...
Item(6)
dosAB = ds
...
Rows(y)
...
Tables("back")
...
Item(8)
dosFitnessValue = 2 + ((dosAB - dosA) / (dosA + dosAB)) + dosAB / maxAB - dosA / maxA
dosFitnessValue = Double
...
ToString("#0
...
SqlClient
...
CommandType = CommandType
...
Connection = dos
Ocmd
...
AddWithValue("@id", dosid)
Ocmd
...
AddWithValue("@FitnessValue", dosFitnessValue)
Ocmd
...
Open()
Ocmd
...
Message)
End Try
dos
...
Text = "Done"
End Sub
Private Sub Button18_Click(ByVal sender As System
...
EventArgs)
Handles Button18
...
Fill(ds, "land")
Dim dosA, dosAB, dosid As Integer
Dim dosFitnessValue As Double
Dim NoRowsTabledos As Integer
NoRowsTabledos = ds
...
Rows
...
Tables("land")
...
Item(6) > maxA Then
maxA = ds
...
Rows(j)
...
Tables("land")
...
Item(7) > maxAB Then
maxAB = ds
...
Rows(j)
...
Tables("land")
...
Item(6)
dosAB = ds
...
Rows(y)
...
Tables("land")
...
Item(8)
dosFitnessValue = 2 + ((dosAB - dosA) / (dosA + dosAB)) + dosAB / maxAB - dosA / maxA
dosFitnessValue = Double
...
ToString("#0
...
SqlClient
...
CommandType = CommandType
...
Connection = dos
Ocmd
...
AddWithValue("@id", dosid)
Ocmd
...
AddWithValue("@FitnessValue", dosFitnessValue)
Ocmd
...
Open()
Ocmd
...
Message)
End Try
dos
...
Text = "Done"
End Sub
Private Sub Button17_Click(ByVal sender As System
...
EventArgs)
Handles Button17
...
Fill(ds, "neptune")
Dim dosA, dosAB, dosid As Integer
Dim dosFitnessValue As Double
Dim NoRowsTabledos As Integer
NoRowsTabledos = ds
...
Rows
...
Tables("neptune")
...
Item(6) > maxA Then
maxA = ds
...
Rows(j)
...
Tables("neptune")
...
Item(7) > maxAB Then
maxAB = ds
...
Rows(j)
...
Tables("neptune")
...
Item(6)
dosAB = ds
...
Rows(y)
...
Tables("neptune")
...
Item(8)
dosFitnessValue = 2 + ((dosAB - dosA) / (dosA + dosAB)) + dosAB / maxAB - dosA / maxA
dosFitnessValue = Double
...
ToString("#0
...
SqlClient
...
CommandType = CommandType
...
Connection = dos
Ocmd
...
AddWithValue("@id", dosid)
Ocmd
...
AddWithValue("@FitnessValue", dosFitnessValue)
Ocmd
...
Open()
Ocmd
...
Message)
End Try
dos
...
Text = "Done"
End Sub
Private Sub Button16_Click(ByVal sender As System
...
EventArgs)
Handles Button16
...
Fill(ds, "pod")
Dim dosA, dosAB, dosid As Integer
Dim dosFitnessValue As Double
Dim NoRowsTabledos As Integer
NoRowsTabledos = ds
...
Rows
...
Tables("pod")
...
Item(6) > maxA Then
maxA = ds
...
Rows(j)
...
Tables("pod")
...
Item(7) > maxAB Then
maxAB = ds
...
Rows(j)
...
Tables("pod")
...
Item(6)
dosAB = ds
...
Rows(y)
...
Tables("pod")
...
Item(8)
dosFitnessValue = 2 + ((dosAB - dosA) / (dosA + dosAB)) + dosAB / maxAB - dosA / maxA
dosFitnessValue = Double
...
ToString("#0
...
SqlClient
...
CommandType = CommandType
...
Connection = dos
Ocmd
...
AddWithValue("@id", dosid)
Ocmd
...
AddWithValue("@FitnessValue", dosFitnessValue)
Ocmd
...
Open()
Ocmd
...
Message)
End Try
dos
...
Text = "Done"
End Sub
Private Sub Button15_Click(ByVal sender As System
...
EventArgs)
Handles Button15
...
Fill(ds, "smurf")
Dim dosA, dosAB, dosid As Integer
Dim dosFitnessValue As Double
Dim NoRowsTabledos As Integer
NoRowsTabledos = ds
...
Rows
...
Tables("smurf")
...
Item(6) > maxA Then
maxA = ds
...
Rows(j)
...
Tables("smurf")
...
Item(7) > maxAB Then
maxAB = ds
...
Rows(j)
...
Tables("smurf")
...
Item(6)
dosAB = ds
...
Rows(y)
...
Tables("smurf")
...
Item(8)
dosFitnessValue = 2 + ((dosAB - dosA) / (dosA + dosAB)) + dosAB / maxAB - dosA / maxA
dosFitnessValue = Double
...
ToString("#0
...
SqlClient
...
CommandType = CommandType
...
Connection = dos
Ocmd
...
AddWithValue("@id", dosid)
Ocmd
...
AddWithValue("@FitnessValue", dosFitnessValue)
Ocmd
...
Open()
92
Ocmd
...
Message)
End Try
dos
...
Text = "Done"
End Sub
Private Sub Button6_Click_1(ByVal sender As System
...
EventArgs)
Handles Button6
...
Fill(ds, "teardrop")
Dim dosA, dosAB, dosid As Integer
Dim dosFitnessValue As Double
Dim NoRowsTabledos As Integer
NoRowsTabledos = ds
...
Rows
...
Tables("teardrop")
...
Item(6) > maxA Then
maxA = ds
...
Rows(j)
...
Tables("teardrop")
...
Item(7) > maxAB Then
maxAB = ds
...
Rows(j)
...
Tables("teardrop")
...
Item(6)
dosAB = ds
...
Rows(y)
...
Tables("teardrop")
...
Item(8)
dosFitnessValue = 2 + ((dosAB - dosA) / (dosA + dosAB)) + dosAB / maxAB - dosA / maxA
dosFitnessValue = Double
...
ToString("#0
...
SqlClient
...
CommandType = CommandType
...
Connection = dos
Ocmd
...
AddWithValue("@id", dosid)
Ocmd
...
AddWithValue("@FitnessValue", dosFitnessValue)
Ocmd
...
Open()
Ocmd
...
Message)
End Try
dos
...
Text = "Done"
End Sub
-
Code for using Steady State Genetic Algorithm
-
Public Class Form1
Private U2R As New SqlConnection("Data Source=MO3ATH-PC;Initial Catalog=SU2R;Integrated Security=True")
Private CSTrain As New SqlConnection("Data Source=MO3ATH-PC;Initial
Catalog=master;Integrated Security=True")
Private datrain As New SqlDataAdapter("Select * from kddcup$", CSTrain)
-
Dim
Dim
Dim
Dim
Dim
ds As New DataSet
NoRowsTableU2R_initial As Integer
NoRowsTableU2R As Integer
FirstPopValue, FinalPopValue As Integer
GAParameter As String
93
-
Dim dau2r As New SqlDataAdapter("Select * from rootkit", U2R)
Dim steep1, steep2, steep3 As Integer
Private Sub Form1_Load(ByVal sender As System
...
EventArgs)
Handles MyBase
...
Fill(ds, "rootkit")
End Sub
Private Sub Button13_Click(ByVal sender As System
...
EventArgs) Handles Button13
...
SelectedItem = Nothing Then
MsgBox("Please Select Selection type")
Exit Sub
ElseIf CmbCrossover
...
SelectedItem = Nothing Then
MsgBox("Please Select Replacement type")
Exit Sub
ElseIf TxtPopSize
...
SelectedIndex = 0 Then
GAParameter = GAParameter & "1"
ElseIf CmbSelection
...
SelectedIndex = 2 Then
GAParameter = GAParameter & "3"
ElseIf CmbSelection
...
SelectedIndex = 4 Then
GAParameter = GAParameter & "5"
End If
' DataBase Definition
Dim NoRowsTableU2R As Integer
NoRowsTableU2R = ds
...
Rows
...
Tables("rootkit")
...
Count
TableNameu2r = "rootkit"
dau2r
...
Tables(TableNameu2r)
...
Count
Dim Generation As Integer
Generation = 1
Dim OldGeneration As Double(,) = New Double(NoRowsTableU2R, 11) {}
Dim LastGenerationNoRowsTabledos As Integer
LastGenerationNoRowsTabledos = 0
' ##### Start of GENERATION
##########################################
Do While LastGenerationNoRowsTabledos < NoRowsTableU2R 'And Generation <> 16
ds
...
Fill(ds, "kddcup$")
94
-
dau2r
...
Tables(TableNameu2r)
...
Count
Dim AllPopulation_Old As Double(,) = New Double(NoRowsTableU2R, 1) {}
Dim AllPopulation_New As Double(,) = New Double(NoRowsTableU2R, 1) {}
Dim CrossedPopulation As Double(,) = New Double(NoRowsTableU2R, 4) {}
Dim CurrentGeneration As Double(,) = New Double(NoRowsTableU2R, 11) {}
Dim SelectedGeneration As Double(,) = New Double(NoRowsTableU2R, 11) {}
For PopulationIndex = 0 To NoRowsTableU2R - 1 Step Val(TxtPopSize
...
Text) - 1
If NoRowsTableU2R < FinalPopValue Then
FinalPopValue = NoRowsTableU2R - 1
End If
If Generation = 1 Then
For PopIndex = 0 To NoRowsTableU2R - 1
OldGeneration(PopIndex, 0) = 0
OldGeneration(PopIndex, 1) = 0
OldGeneration(PopIndex, 2) = 0
OldGeneration(PopIndex, 3) = 0
OldGeneration(PopIndex, 4) = 0
OldGeneration(PopIndex, 5) = 0
OldGeneration(PopIndex, 6) = 0
OldGeneration(PopIndex, 7) = 0
OldGeneration(PopIndex, 8) = 0
OldGeneration(PopIndex, 9) = 0
OldGeneration(PopIndex, 10) = 0
OldGeneration(PopIndex, 11) = 0
Next
End If
' ##############################################
' Selection Process
If CmbSelection
...
Tables("rootkit")
...
Item(9)
Next
AverageFitness = SumFitness / (FinalPopValue - FirstPopValue + 1)
SumExpectedFitness = 0
For icount = FirstPopValue To FinalPopValue
SumExpectedFitness = SumExpectedFitness +
ds
...
Rows(icount)
...
Tables("rootkit")
...
Item(9) / AverageFitness
SumExpectedFitness1 = SumExpectedFitness1 + ExpectedFitness
SelectedIndividual = ds
...
Rows(j)
...
Tables("rootkit")
...
Item(8)
AllPopulation_New(icount, 1) = ds
...
Rows(SelectedIndividual - 1)
...
SelectedIndex = 1 Then
'Elitist Selection
'********************************************************
For icount1 = FirstPopValue To FinalPopValue
AllPopulation_New(icount1, 0) = ds
...
Rows(icount1)
...
Tables("rootkit")
...
Item(9)
Next
For icount2 = FirstPopValue To FinalPopValue
For icount3 = FirstPopValue To FinalPopValue - 1
If AllPopulation_New(icount3 + 1, 1) > AllPopulation_New(icount3, 1) Then
TempInt = AllPopulation_New(icount3 + 1, 0)
TempDouble = AllPopulation_New(icount3 + 1, 1)
95
-
AllPopulation_New(icount3 + 1, 0) = AllPopulation_New(icount3, 0)
AllPopulation_New(icount3 + 1, 1) = AllPopulation_New(icount3, 1)
AllPopulation_New(icount3, 0) = TempInt
AllPopulation_New(icount3, 1) = TempDouble
End If
Next
Next
'********************************************************
ElseIf CmbSelection
...
Tables("rootkit")
...
Item(8)
AllPopulation_New(icount1, 1) = ds
...
Rows(icount1)
...
1
End If
min = 2 - max
AllPopulation_FitnessRanked(PopIndex, 0) = AllPopulation_Ranked(PopIndex, 0)
AllPopulation_FitnessRanked(PopIndex, 1) = max - (max - min) *
((AllPopulation_Ranked(PopIndex, 1) - 1) / (Val(TxtPopSize
...
Tables("rootkit")
...
Item(9) /
AverageFitness
Next
For icount = FirstPopValue To FinalPopValue
RndNum = Int((Rnd() * 100)) Mod SumExpectedFitness
SumExpectedFitness1 = 0
j = FirstPopValue
While (j < FinalPopValue)
ExpectedFitness = ds
...
Rows(j)
...
SelectedIndex = 3 Then
' SUS
96
-
SumFitness = 0
For icount = FirstPopValue To FinalPopValue
SumFitness = SumFitness + ds
...
Rows(icount)
...
Text)
SumExpectedFitness = 0
j = FirstPopValue
While (j < FinalPopValue)
ExpectedFitness = ds
...
Rows(j)
...
Tables("rootkit")
...
Item(8)
If SumExpectedFitness > RndNum Then
Exit While
Else
j = j + 1
End If
End While
AllPopulation_New(icount, 0) = ds
...
Rows(j)
...
Tables("rootkit")
...
Item(9)
Next
' *******************************************
ElseIf CmbSelection
...
Tables("rootkit")
...
Item(9) >
ds
...
Rows(RndNum2 - 1)
...
Tables("rootkit")
...
Item(8)
AllPopulation_New(icount, 1) = ds
...
Rows(RndNum1 - 1)
...
Tables("rootkit")
...
Item(8)
AllPopulation_New(icount, 1) = ds
...
Rows(RndNum2 - 1)
...
SelectedIndex = 0 Then
GAParameter = GAParameter & "1"
For steep = 0 To NoRowsTableU2R - 1 Step 2
RndNum1 = Int((Rnd() * 100)) Mod Val(TxtPopSize
...
Tables("rootkit")
...
Item(1)
Cross21 = ds
...
Rows(steep + 1)
...
Tables("rootkit")
...
Item(2)
Cross22 = ds
...
Rows(steep + 1)
...
Tables("rootkit")
...
Item(2)
Cross22 = ds
...
Rows(steep)
...
Tables("rootkit")
...
Item(3)
Cross23 = ds
...
Rows(steep + 1)
...
Tables("rootkit")
...
Item(3)
Cross23 = ds
...
Rows(steep)
...
Tables("rootkit")
...
Item(4)
97
-
Cross24 = ds
...
Rows(steep + 1)
...
Tables("rootkit")
...
Item(4)
Cross24 = ds
...
Rows(steep)
...
Tables("rootkit")
...
Item(5)
Cross25 = ds
...
Rows(steep)
...
Tables("rootkit")
...
Item(5)
Cross25 = ds
...
Rows(steep + 1)
...
SelectedIndex = 1 Then
GAParameter = GAParameter & "2"
For steep = 0 To NoRowsTableU2R - 1 Step 2
RndNum1 = Int((Rnd() * 100)) Mod 2 + 1
Cross11 = ds
...
Rows(steep)
...
Tables("rootkit")
...
Item(1)
If RndNum1 = 1 Then
Cross12 = ds
...
Rows(steep + 1)
...
Tables("rootkit")
...
Item(2)
Cross13 = ds
...
Rows(steep + 1)
...
Tables("rootkit")
...
Item(3)
Cross14 = ds
...
Rows(steep)
...
Tables("rootkit")
...
Item(4)
Cross15 = ds
...
Rows(steep)
...
Tables("rootkit")
...
Item(5)
ElseIf RndNum1 = 2 Then
Cross12 = ds
...
Rows(steep)
...
Tables("rootkit")
...
Item(2)
Cross13 = ds
...
Rows(steep + 1)
...
Tables("rootkit")
...
Item(3)
Cross14 = ds
...
Rows(steep + 1)
...
Tables("rootkit")
...
Item(4)
Cross15 = ds
...
Rows(steep)
...
Tables("rootkit")
...
Item(5)
End If
CrossedPopulation(steep, 0) = Cross11
CrossedPopulation(steep, 1) = Cross12
CrossedPopulation(steep, 2) = Cross13
CrossedPopulation(steep, 3) = Cross14
CrossedPopulation(steep, 4) = Cross15
CrossedPopulation(steep + 1, 0) = Cross21
CrossedPopulation(steep + 1, 1) = Cross22
CrossedPopulation(steep + 1, 2) = Cross23
CrossedPopulation(steep + 1, 3) = Cross24
CrossedPopulation(steep + 1, 4) = Cross25
Next
ElseIf CmbCrossover
...
Tables("rootkit")
...
Item(1)
98
-
Cross21 = ds
...
Rows(steep)
...
Tables("rootkit")
...
Item(1)
Cross21 = ds
...
Rows(steep + 1)
...
Tables("rootkit")
...
Item(2)
Cross22 = ds
...
Rows(steep)
...
Tables("rootkit")
...
Item(2)
Cross22 = ds
...
Rows(steep + 1)
...
Tables("rootkit")
...
Item(3)
Cross23 = ds
...
Rows(steep)
...
Tables("rootkit")
...
Item(3)
Cross23 = ds
...
Rows(steep + 1)
...
Tables("rootkit")
...
Item(4)
Cross24 = ds
...
Rows(steep)
...
Tables("rootkit")
...
Item(4)
Cross24 = ds
...
Rows(steep + 1)
...
Tables("rootkit")
...
Item(5)
Cross25 = ds
...
Rows(steep)
...
Tables("rootkit")
...
Item(5)
Cross25 = ds
...
Rows(steep + 1)
...
Tables("kddcup$")
...
Count
maxA = 0
maxAB = 0
For j = 0 To NoRowsTableU2R - 1
If ds
...
Rows(j)
...
Tables(TableNameu2r)
...
Item(6)
End If
If ds
...
Rows(j)
...
Tables(TableNameu2r)
...
Item(7)
End If
Next
Dim FitnessValue As Double
For Attack = 0 To NoRowsTableU2R - 1
dAB = 0
dA = 0
d7 = CrossedPopulation(Attack, 0)
d8 = CrossedPopulation(Attack, 1)
d12 = CrossedPopulation(Attack, 2)
d13 = CrossedPopulation(Attack, 3)
d23 = CrossedPopulation(Attack, 4)
For kddcounter = 0 To NoRowsTablekddcup - 1
If d7 = ds
...
Rows(kddcounter)
...
Tables("kddcup$")
...
Item(7) Then
If d12 = ds
...
Rows(kddcounter)
...
Tables("kddcup$")
...
Item(12)
If d23 = ds
...
Rows(kddcounter)
...
Tables("kddcup$")
...
Item(41) = "rootkit
...
5)
Else
FitnessValue = 2 + ((dAB - dA) / (dA + dAB)) + dAB / maxAB - dA / maxA
End If
CurrentGeneration(Attack, 0) = 0
CurrentGeneration(Attack, 1) = CrossedPopulation(Attack, 0)
CurrentGeneration(Attack, 2) = CrossedPopulation(Attack, 1)
CurrentGeneration(Attack, 3) = CrossedPopulation(Attack, 2)
CurrentGeneration(Attack, 4) = CrossedPopulation(Attack, 3)
CurrentGeneration(Attack, 5) = CrossedPopulation(Attack, 4)
CurrentGeneration(Attack, 6) = dA
CurrentGeneration(Attack, 7) = dAB
CurrentGeneration(Attack, 8) = NoRowsTableU2R + Attack
CurrentGeneration(Attack, 9) = FitnessValue
CurrentGeneration(Attack, 10) = Generation
CurrentGeneration(Attack, 11) = Val(GAParameter)
Next
' ##############################################
' Replacement Process
If CmbReplacment
...
Length < OldGeneration
...
Length
RemindIndex = Math
...
Length - CurrentGeneration
...
Length
RemindIndex = Math
...
Length - OldGeneration
...
GetUpperBound(0) - 1
If Generation = 1 Then
SelectedGeneration(PopIndex, 0) = CurrentGeneration(PopIndex, 0)
SelectedGeneration(PopIndex, 1) = CurrentGeneration(PopIndex, 1)
SelectedGeneration(PopIndex, 2) = CurrentGeneration(PopIndex, 2)
SelectedGeneration(PopIndex, 3) = CurrentGeneration(PopIndex, 3)
SelectedGeneration(PopIndex, 4) = CurrentGeneration(PopIndex, 4)
SelectedGeneration(PopIndex, 5) = CurrentGeneration(PopIndex, 5)
SelectedGeneration(PopIndex, 6) = CurrentGeneration(PopIndex, 6)
SelectedGeneration(PopIndex, 7) = CurrentGeneration(PopIndex, 7)
SelectedGeneration(PopIndex, 8) = CurrentGeneration(PopIndex, 8)
SelectedGeneration(PopIndex, 9) = CurrentGeneration(PopIndex, 9)
SelectedGeneration(PopIndex, 10) = CurrentGeneration(PopIndex, 10)
SelectedGeneration(PopIndex, 11) = CurrentGeneration(PopIndex, 11)
Else
If CurrentGeneration(PopIndex, 9) > OldGeneration(PopIndex, 9) Then
SelectedGeneration(PopIndex, 0) = CurrentGeneration(PopIndex, 0)
SelectedGeneration(PopIndex, 1) = CurrentGeneration(PopIndex, 1)
SelectedGeneration(PopIndex, 2) = CurrentGeneration(PopIndex, 2)
SelectedGeneration(PopIndex, 3) = CurrentGeneration(PopIndex, 3)
SelectedGeneration(PopIndex, 4) = CurrentGeneration(PopIndex, 4)
SelectedGeneration(PopIndex, 5) = CurrentGeneration(PopIndex, 5)
SelectedGeneration(PopIndex, 6) = CurrentGeneration(PopIndex, 6)
SelectedGeneration(PopIndex, 7) = CurrentGeneration(PopIndex, 7)
SelectedGeneration(PopIndex, 8) = CurrentGeneration(PopIndex, 8)
SelectedGeneration(PopIndex, 9) = CurrentGeneration(PopIndex, 9)
SelectedGeneration(PopIndex, 10) = CurrentGeneration(PopIndex, 10)
SelectedGeneration(PopIndex, 11) = CurrentGeneration(PopIndex, 11)
Else
SelectedGeneration(PopIndex, 0) = OldGeneration(PopIndex, 0)
SelectedGeneration(PopIndex, 1) = OldGeneration(PopIndex, 1)
SelectedGeneration(PopIndex, 2) = OldGeneration(PopIndex, 2)
SelectedGeneration(PopIndex, 3) = OldGeneration(PopIndex, 3)
SelectedGeneration(PopIndex, 4) = OldGeneration(PopIndex, 4)
SelectedGeneration(PopIndex, 5) = OldGeneration(PopIndex, 5)
SelectedGeneration(PopIndex, 6) = OldGeneration(PopIndex, 6)
SelectedGeneration(PopIndex, 7) = OldGeneration(PopIndex, 7)
SelectedGeneration(PopIndex, 8) = OldGeneration(PopIndex, 8)
SelectedGeneration(PopIndex, 9) = OldGeneration(PopIndex, 9)
101
-
-
SelectedGeneration(PopIndex, 10) = OldGeneration(PopIndex, 10)
SelectedGeneration(PopIndex, 11) = OldGeneration(PopIndex, 11)
End If
End If
Next
For PopIndex = OldGeneration
...
GetUpperBound(0) - 1
SelectedGeneration(PopIndex, 0) = CurrentGeneration(PopIndex, 0)
SelectedGeneration(PopIndex, 1) = CurrentGeneration(PopIndex, 1)
SelectedGeneration(PopIndex, 2) = CurrentGeneration(PopIndex, 2)
SelectedGeneration(PopIndex, 3) = CurrentGeneration(PopIndex, 3)
SelectedGeneration(PopIndex, 4) = CurrentGeneration(PopIndex, 4)
SelectedGeneration(PopIndex, 5) = CurrentGeneration(PopIndex, 5)
SelectedGeneration(PopIndex, 6) = CurrentGeneration(PopIndex, 6)
SelectedGeneration(PopIndex, 7) = CurrentGeneration(PopIndex, 7)
SelectedGeneration(PopIndex, 8) = CurrentGeneration(PopIndex, 8)
SelectedGeneration(PopIndex, 9) = CurrentGeneration(PopIndex, 9)
SelectedGeneration(PopIndex, 10) = CurrentGeneration(PopIndex, 10)
SelectedGeneration(PopIndex, 11) = CurrentGeneration(PopIndex, 11)
Next
End If
LastGenerationNoRowsTabledos = NoRowsTableU2R
' Saving Data in the Table
Dim CheckCounter As Integer
Dim Redundant As Integer
For PopIndex = 0 To NoRowsTableU2R - 1
d7 = SelectedGeneration(PopIndex, 1)
d8 = SelectedGeneration(PopIndex, 2)
d12 = SelectedGeneration(PopIndex, 3)
d13 = SelectedGeneration(PopIndex, 4)
d23 = SelectedGeneration(PopIndex, 5)
Redundant = 0
For CheckCounter = 0 To NoRowsTableU2R - 1
If d7 = ds
...
Rows(CheckCounter)
...
Tables(TableNameu2r)
...
Item(2) And d12 =
ds
...
Rows(CheckCounter)
...
Tables(TableNameu2r)
...
Item(4) And d23 =
ds
...
Rows(CheckCounter)
...
CommandType = CommandType
...
Connection = U2R
Ocmd
...
AddWithValue("@tableid", SelectedGeneration(PopIndex, 0))
Ocmd
...
AddWithValue("@f7", SelectedGeneration(PopIndex, 1))
Ocmd
...
AddWithValue("@f8", SelectedGeneration(PopIndex, 2))
Ocmd
...
AddWithValue("@f12", SelectedGeneration(PopIndex, 3))
Ocmd
...
AddWithValue("@f13", SelectedGeneration(PopIndex, 4))
Ocmd
...
AddWithValue("@f23", SelectedGeneration(PopIndex, 5))
Ocmd
...
AddWithValue("@A", SelectedGeneration(PopIndex, 6))
Ocmd
...
AddWithValue("@AB", SelectedGeneration(PopIndex, 7))
Ocmd
...
AddWithValue("@FitnessValue", SelectedGeneration(PopIndex, 9))
Ocmd
...
AddWithValue("@generation", SelectedGeneration(PopIndex, 10))
Ocmd
...
AddWithValue("@GAparameter", SelectedGeneration(PopIndex, 11))
Ocmd
...
Open()
Ocmd
...
Message)
End Try
U2R
...
Clear()
dau2r
...
Tables(TableNameu2r)
...
Count
' ##### END of GENERATION
###############################################################
Loop
MsgBox("End")
End Sub
End Class
-
Code for Testing for R2L-phf
-
Dim U2RCounter, TestCounter As Integer
NoRowsTabler2l = ds
...
Rows
...
Tables("KDDtest$")
...
Count
For TestCounter = 0 To NoRowsTableTest - 1
r6 = ds
...
Rows(TestCounter)
...
Tables("KDDtest$")
...
Item(11)
r12 = ds
...
Rows(TestCounter)
...
Tables("KDDtest$")
...
Item(19)
r22 = ds
...
Rows(TestCounter)
...
Tables(r2lname)
...
Item(1) = r6 Then
If ds
...
Rows(U2RCounter)
...
Tables(r2lname)
...
Item(3) = r12 Then
If ds
...
Rows(U2RCounter)
...
Tables(r2lname)
...
Item(5) = r22 Then
If ds
...
Rows(TestCounter)
...
" Then
match
...
Text) + 1
ElseIf ds
...
Rows(TestCounter)
...
" Then
Txtnormal
...
Text) + 1
Else
mismatch
...
Text) + 1
End If
Exit For
End If
End If
End If
End If
End If
Next
Next
Title: Genetic Algorithm in Intrusion Detection Systems
Description: This note aims to explain the following: 1- Genetic Algorithm. 2- Intrusion Detection System. 3- Fitness Function. 4- How Genetic Algorithm can support the performance of Intrusion Detection System.
Description: This note aims to explain the following: 1- Genetic Algorithm. 2- Intrusion Detection System. 3- Fitness Function. 4- How Genetic Algorithm can support the performance of Intrusion Detection System.