Fuzzy Rough Classification Models for Network Intrusion Detection
Keywords:FNN, Fuzzy-Rough NN, FRONN, VQNN, OWANN
In recent years advancements in communication technology have led to a wide range of Internet services. While an overwhelming number of Internet users have shown interest in such services, incidences of cyber-attacks by miscreants have thwarted their dependence on electronically-accessible services. In order to deal with this alarming situation intrusion detection systems (IDS) have emerged as a potential solution to analyse network activities of users and report attempts of possible intrusions. Building an intrusion detection system is a complex and challenging task. This requires analysis of network data from several dimensions so as to develop a pragmatic system to handle different forms of intrusive behaviour of attackers. In this paper, we propose a hybrid intrusion detection approach which combines techniques based on both fuzzy and rough set theories to classify network data as normal and anomalous. Our approach comprises of two phases; in the first phase the most relevant features are extracted using a set of rank and search based methods; and in the second phase we classify the reduced dataset as normal or anomalous using five different classifiers, namely, Fuzzy Nearest Neighbour, Fuzzy-Rough Nearest Neighbour, Fuzzy-Rough Ownership NN, Vaguely Quantified Nearest Neighbours, and Ordered Weighted Average Nearest Neighbours. Experimental results show that the proposed hybrid approach has the ability to achieve high intrusion detection rate and low false alarm
(1) Abraham A, Thomas JP, Chebrolu S (2005) Feature deduction and ensemble design of intrusion detection systems. Computers & Security 295-307. doi: 10.1016/j.cose.2004.09.008
(2) Dubois D, Prade H (1992) Putting rough sets and fuzzy sets together. In: Huang S (ed) Intelligent Decision Support, Springer, Netherlands, pp.203-232 .
(3) Pawlak Z (1991) Rough sets: Theoretical Aspects of Reasoning About Data. Kluwer Academic Publishing. Springer, Netherlands
(4) Zadeh L (1965) Fuzzy sets. Information and Control 338-353. doi: 10.1016/S0019-9958(65)90241-X.
(5) Gong, S. (2011) Feature Selection Method for Network Intrusion Based on GQPSO Attribute Reduction, International Conference on Multimedia Technology (ICMT), 6365 – 6368. doi: 10.1109/ICMT.2011.6003117
(6) Hoque MS, Mukit MA, Bikas MAN (2012) An Implementation of Intrusion Detection System using Genetic Algorithm, International Journal of Network Security and Its Applications (IJNSA), .109-120. doi:
(7) Zhou YP, Fang JA. (2009) Intrusion Detection Model Based on Hierarchical Fuzzy Inference System”. Second IEEE International Conference on Information and Computing Science. IEEE Computer Society, 144–147. doi: 10.1109/ICIC.2009.145
(8) Tong X, Wang Z, Yu H (2009) A research using hybrid RBF/Elman neural network for intrusion detection system secure model. Computer Physics Communications 1795-1801. doi: 10.1016/j.cpc.2009.05.004
(9) Mohamadi H, Habibi J, Abadeh MS (2008) Misuse intrusion detection using a Fuzzy-Meta-heuristic approach. In Proceedings of 2nd Asia Intl. Conference on modeling and simulation 439-444. doi: 10.1109/AMS.2008.128
(10) Panigrahi A, Patra, MR (2015) An Evolutionary Computation based Classification Model for Network Intrusion Detection, International Conference on Distributed Computing and Internet Technology (ICDCIT-2015) 318-324. doi: 10.1007/978-3-319-14977-6-31
(11) Killer JM, Gray MR, Givens JA (1985) A Fuzzy K-Nearest Neighbour Algorithm. Systems Man and Cybernet 580-585. doi: 10.1109/TSMC.1985.6313426
(12) Jesen R, Cornelis, C (2008) A New Approach to Fuzzy-Rough Nearest Neighbour Classification. Rough sets and current trends of computing 310-319. doi: 10.1007/978-3-540-88425-5_32
(13) Yager, RR (1988) On ordered weighted averaging aggregation operators in multicriteria decision making, Systems, Man and Cybernetics 183-190. doi: 10.1109/21.87068
(14) Tavallaee M, Bagheri E, Lu W, Ghorbani A (2009) A detailed analysis of the KDD CUP 99 data set. Proceedings of the 2009 IEEE Symposium on Computational Intelligence in Security and Defence Applications 1-6. doi: 10.1109/CISDA.2009.5356528
(15) Kohavi R, John GH (1997) Wrapper for feature subset selection . Artificial Intelligence 273-324. doi: 10.1016/S004-3702(97)00043-X
(16) Koller D, Sahami M (1995) Toward optimal feature selection. In Proceeding of International Conference on Machine Learning.284-92.
(17) Han J, Kamber M (2006) Data Mining Concepts and Techniques, 2ndedn, Morgan Kaufmann, San Francisco.
(18) Holte RC (1993) Very simple classification rules perform well on most commonly used datasets. Machine Learning 63-90. doi: 10.1023/A:1022631118932
(19) Kononenko I (1994) Estimating attributes: Analysis and extension of relief. In Proceedings of the Seventh European Conference on Machine Learning. 171-182. doi: 10.1007/3-540-57868-4_57
(20) Marko RS, Igor K (2003) Theoretical and empirical analysis of relief and relief. Machine Learning Journal 23-69. doi: 10.1023/A:1025667309714.
(21) Rich E, Knight K (1991) Artificial Intelligence. McGraw-Hill, 2nd Edition, New-York
(22) Li Y, Guo L (2007) An Active Learning based TCM-KNN Algorithm for Supervised Network Intrusion Detection. Computers & Security. 459-467. doi: 10.1016/j.cose.2007.10.002
(23) Kavitha B, Karthikeyan S, Maybell PS (2012) An Ensemble Design of Intrusion Detection System for Handling Uncertainty using Neutrosophic Logic Classifier. Knowledge-Based Systems 88-96. doi: 10.1016/l.knosys.2011.12.004
(24) Chen RC, Cheng KF, Hsieh CF (2009) Using Rough Set and Support Vector Machine for Network Intrusion Detection. International Journal of Network Security and its Applications (IJNSA) 1-13.
(25) Sindhu SSS, Geetha S, Kannan A (2012) Decision Tree based Light Weight Intrusion Detection using a Wrapper Approach. Expert System with Applications 129-141. doi: 10.1016/j.eswa.2011.06.013.
(26) Rowayda A, Sadek M, Soliman S, Elsayed HS (2013) Effective Anomaly Intrusion Detection System based on Neural Network with Indicator Variable and Rough set Reduction. International Journal of Computer Science Issues (IJCSI) 227-233.