Artiicial Intelligence and Intrusion Detection: Current and Future Directions

Intrusion Detection systems (IDSs) have previously been built by hand. These systems have diiculty successfully classifying intruders, and require a signiicant amount of computational overhead making it diicult to create robust real-time IDS systems. Artiicial Intelligence techniques can reduce the human eeort required to build these systems and can improve their performance. Learning and induction are used to improve the performance of search problems, while clustering has been used for data analysis and reduction. AI has recently been used in Intrusion Detection (ID) for anomaly detection, data reduction and induction, or discovery, of rules explaining audit data. We survey uses of artiicial intelligence methods in ID, and present an example using feature selection to improve the classiication of network connections. The network connection classiication problem is related to ID since intruders can create \private" communications services undetectable by normal means. We also explore some areas where AI techniques may further improve IDSs. Intrusion Detection (ID) is the identiication of attempted or ongoing attacks on a computer system or network. Issues in ID research include data collection, data reduction, behavior classiication, reporting and response. Although there are many signiicant open problems in ID research, we focus on data reduction and classiication. Data reduction consists of analyzing a collection of data in order to identify the most important components of the data, thereby reducing processing time, communications overhead and storage requirements. Classiication is the process of identifying attackers and intruders. Artiicial intelligence (AI) techniques have been used in many IDSs to perform these important tasks. Section 2 of this paper will brieey discuss artiicial intelligence methods and describe some of the methods which will appear in this paper. Section 3 will discuss the problem of data reduction and discuss how AI methods have been used in a variety of IDSs to solve this problem. Section 4