One-Class Classification of Low Volume DoS Attacks with Genetic Programming

Abstract

We use Genetic Programming in a machine learning approach to learn a detector of DoS-related network intrusion events. We present a one class classifier technique that trains a model from one class of data-normal, i.e., non-intrusion events. Our technique, after ensemble fusion, is competitive with one-class modelling with Support Vector Machines. We compare with three datasets and our best GP-based classifiers are able to outperform one-class SVM. For two out of four test cases, the advantage of GP classifiers when compared with one-class SVM is less than 1% which does not represent a significant improvement. On the last two cases, GP achieves significantly better results and making it a viable choice for anomaly detection task.