Research on Detector Generation Algorithm Based on Multiple Populations GA
基于多种群遗传算法的检测器生成算法研究

Efficient detector generation algorithm is the kernel of anomaly detection. Aiming at low true positive (TP) value, unhandy matching threshold value and large detector set size of existent algorithms, a novel detector generation algorithm based on multiple populations genetic algorithm is put forward in this paper. According to morphologic analysis of intrusion detection system and covering problem principle, self set is divided into several partitions on the basis of their characters. Each population evolves according to each self partition independently and their best populations will be combined as the final matured detector set, which decreases redundancy of detectors, minimizes the size of detector set, and maintains diversity of detectors. Matching threshold r is self-adaptive according to maxSelf which enlarges application area of the algorithm by applying several matching rules. The TP value is improved compared with traditional algorithm through theoretical proof and efficiency of the algorithm is testified by simulation tests. Time complexity of the algorithm is analyzed and the algorithm does not have a significant time complexity increase.