Intrusion Detection System using Ripple Down Rule learner and Genetic Algorithm

Intrusion detection system is used to identify anomalous packets in network. It can also identify unauthorized, malicious activity and malicious code in network. Currently, differnet apporaches of network intrusion detection systems are proposed by researchers. The classification based techniques has some issues such as model overfitting and classification evaluation. The challenging task in intrusion detection is to reduce the false positives and increase classification accuracy. The rule based techniques are simple, advanced and help to reduce the false positives. The rule-based intrusion detection systems and their performances mainly depend on the rule sets. But rules formation becomes a tedious and time consuming task due to the enormous amount of network traffic. In this paper, a novel architecture for intrusion detection system is presented which we call as RDRID. The RDRID is simple and advanved rule based intrusion detection system that reduce false positives and increase classification accuracy. In our implementation, we make use of Ripple Down Rule learner as classifier with Genetic Algorithm based features selection. The Genetic Algorithm is used to select the relevant features from training dataset. The performance of the proposed technique is evaluated in terms of classification accuracy, model building time and False Positive rates. The experimental results show that the proposed approach outperforms existing standard classifier. Keywords—Ripple Down Rule, Genetic Algorithm, False Positive rate, Accuracy, Classification

[1]  P. S. Avadhani,et al.  Genetic Algorithm based Weight Extraction Algorithm for Artificial Neural Network Classifier in Intrusion Detection , 2012 .

[2]  Xinghuo Yu,et al.  A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection , 2009, IEEE Network.

[3]  Nada Lavra,et al.  LEARNING RIPPLE DOWN RULES FOR EFFICIENT LEMMATIZATION , 2007 .

[4]  N. Srinivasan,et al.  Using Random Forests for Network-based Anomaly detection at Active routers , 2008, 2008 International Conference on Signal Processing, Communications and Networking.

[5]  Fabio Roli,et al.  Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues , 2013, Inf. Sci..

[6]  Tuomo Sipola,et al.  Combining conjunctive rule extraction with diffusion maps for network intrusion detection , 2013, 2013 IEEE Symposium on Computers and Communications (ISCC).

[7]  Michele Colajanni,et al.  Framework and Models for Multistep Attack Detection , 2011 .

[8]  Paul Compton,et al.  Local Patching Produces Compact Knowledge Bases , 1994, EKAW.

[9]  Mohamed A. Shaheen,et al.  Adaptive Layered Approach using Machine Learning Techniques with Gain Ratio for Intrusion Detection Systems , 2012, ArXiv.

[10]  Manas Ranjan Patra,et al.  A Hybrid Intelligent Approach for Network Intrusion Detection , 2012 .

[11]  Hussein A. Abbass,et al.  An adaptive genetic-based signature learning system for intrusion detection , 2009, Expert Syst. Appl..

[12]  Abdolreza Mirzaei,et al.  Intrusion detection using fuzzy association rules , 2009, Appl. Soft Comput..

[13]  Sebastian Zander,et al.  Automated traffic classification and application identification using machine learning , 2005, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l.