Journal of Intelligent Systems (Jun 2022)

Improving the efficiency of intrusion detection in information systems

  • Ouarda Lounis,
  • Malika Bourenane,
  • Yousfi Nacer Eddine,
  • Brahim Bouderah

DOI
https://doi.org/10.1515/jisys-2022-0059
Journal volume & issue
Vol. 31, no. 1
pp. 835 – 854

Abstract

Read online

Policy Interaction Graph Analysis is a Host-based Intrusion Detection tool that uses Linux MAC Mandatory access control policy to build the licit information flow graph and uses a detection policy defined by the administrator to extract illicit behaviour from the graph. The main limitation of this tool is the generation of a huge signature base of illicit behaviours; hence, this leads to the use of huge memory space to store it. Our primary goal in this article is to reduce this memory space while keeping the tool’s efficiency in terms of intrusion detection rate and false generated alarms. First, the interactions between the two nodes of the graph were grouped into a single interaction. The notion of equivalence class was used to classify the paths in the graph and was compressed by using a genetic algorithm. Such an approach showed its efficiency compared to the approach proposed by Pierre Clairet, by which the detection rate obtained was 99.9%, and no false-positive with a compression rate of illicit behaviour signature database reached 99.44%. Having these results is one of the critical aspects of realizing successful host-based intrusion detection systems.

Keywords