Network Anomaly Detection System using Genetic Algorithm and Fuzzy Logic

Due to the sheer number of applications that uses computer networks, in which some are crucial to users and enterprises, network management is essential. Therefore, integrity and availability of computer networks become priorities, making it a fundamental resource to be managed. In this work, a scheme combining Genetic Algorithm and a Fuzzy Logic for network anomaly detection is discussed. The Genetic Algorithm is used to generate a Digital Signature of Network Segment using Flow Analysis, where information extracted from network flows data is used to predict the networks traffic behavior for a given time interval. Furthermore, a Fuzzy Logic scheme is applied to decide whether an instance represents an anomaly or not, differing from some approaches present in the literature. Indeed, it is proposed an expert system with the capability to monitor the network's traffic with IP flows while expected behaviors are generated in a regular time interval basis, issuing alarms when a possible problem is present. The proposed anomaly detection system exposes network problems autonomously. The results acquired from applying the proposed approach in a real network traffic flows achieve an accuracy of 96.53% and false positive rate of 0.56%. Moreover, our method succeeds in achieving higher performance compared to several other approaches.