Grid intrusion detection based on soft computing by modeling real-user's normal behaviors

Abstract

This paper proposes a novel structure of GRID intrusion detection system based on distributed intelligent agents and soft computing techniques (SCGIDS). The SCGIDS models each real-user's normal behaviors and saves the real-user's normal behavior description parameters to a specific database. The on-line real-user's behaviors are then evaluated by a soft computing system with these saved normal behavior description parameters; if the deviation is exceed a specific value, the intrusion may appear. Additionally, the proposed SCGIDS has the ability of self-learning. When the on-line real-user's normal behavior excursion is in an allowed extent, the parameters of the corresponding real-user's normal behavior description parameters are adjusted automatically. More advantages of the SCGIDS are that it has simple intrusion trace-back method and the intrusion evidences for the law can be collected very easily. The soft computing based SCGIDS consists of the SOM (self-organize map) dimension reduction technique, the novel fuzzy neural network and an improved genetic algorithm. The key components are simulated in the LINUX with Globus 2.1. The prototype experimental results show that the proposed SCGIDS is a very accurate system for GRID intrusion detection.