Abstract
Security Audit Trail Analysis problem consists in detecting predefined attack scenarios in the audit trails. Each attack scenario is defined by a number of occurrences of auditable events. This problem is classified as an NP-Hard combinatorial optimization problem. In this paper, we propose to use the Bat echolocation approach to solve such problem. The proposed approach named an Enhanced Binary Bat Algorithm (EBBA) is an improvement of Bat Algorithm (BA). The fitness function is defined as the global attacks risks. In order to improve , the fitness function is combined with the Manhattan distance measure. Thus, intrusion detection process is guided, on one hand, by the fitness function that aims to maximize the global attacks risks and, on the other hand, by the Manhattan distance that attempts to reduce false Positives and false negatives. The best solution retained has the smallest Manhattan distance. Experiments show that the use of the Manhattan distance improves substantially the intrusion detection quality. The comparative study proves the effectiveness of the proposed approach to make correct prediction.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
