Efficient tuning methodologies for a network payload anomaly inspection scheme

Abstract

Consumers and service providers are both becoming increasingly concerned about new, never-before-seen attacks. Anomaly-based intrusion prevention is an important part of cybersecurity, which offers the possibility of detecting some zero-day attacks. Typically, detection speed and efficacy (in terms of true and false positives) are considered in evaluating intrusion detection schemes. However, effective configuration (training and tuning) is critical for deployment of such schemes in practice. As network traffic may shift over time, the ability to perform fast reconfiguration is needed to provide the level of security necessary for future applications. We present parallel mapping and genetic algorithms-based approaches, which can be used to achieve rapid training and tuning for a highly efficient payload-based anomaly detection algorithm.