An efficient class association rule-pruning method for unified intrusion detection system using genetic algorithm

Genetic network programming (GNP)-based class association rule mining has been demonstrated to be efficient for misuse and anomaly detection. However, misuse detection is weak in detecting brand new attacks, while anomaly detection has a defect of high positive false rate. In this paper, a unified detection method is proposed to integrate misuse detection and anomaly detection to overcome their disadvantages. In addition, GNP-based class association rule mining method extracts an overwhelming number of rules which contain much redundant and irrelevant information. Therefore, in this paper, an efficient class association rule-pruning method is proposed based on matching degree and genetic algorithm (GA). In the first stage, a matching degree-based method is applied to preprune the rules in order to improve the efficiency of the GA. In the second stage, the GA is implemented to pick up the effective rules among the rules remaining in the first stage. Simulations on KDDCup99 show the high performance of the proposed method. © 2012 Institute of Electrical Engineers of Japan. Published by John Wiley & Sons, Inc.

[1]  Mohammad Zulkernine,et al.  Random-Forests-Based Network Intrusion Detection Systems , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[2]  Shingo Mabu,et al.  Network Intrusion Detection Using Class Association Rule Mining Based on Genetic Network Programming , 2010 .

[3]  Giovanni Vigna,et al.  Intrusion detection: a brief history and overview , 2002 .

[4]  Marzena Kryszkiewicz,et al.  Representative Association Rules and Minimum Condition Maximum Consequence Association Rules , 1998, PKDD.

[5]  Wei Lu,et al.  Detecting New Forms of Network Intrusion Using Genetic Programming , 2004, Comput. Intell..

[6]  Arthur B. Maccabe,et al.  The architecture of a network level intrusion detection system , 1990 .

[7]  William L. Fithen,et al.  State of the Practice of Intrusion Detection Technologies , 2000 .

[8]  Mohammed J. Zaki Generating non-redundant association rules , 2000, KDD '00.

[9]  Zied Elouedi,et al.  Naive Bayes vs decision trees in intrusion detection systems , 2004, SAC '04.

[10]  Shingo Mabu,et al.  An Intrusion-Detection Model Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming , 2011, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[11]  Shingo Mabu,et al.  A Graph-Based Evolutionary Algorithm: Genetic Network Programming (GNP) and Its Extension Using Reinforcement Learning , 2007, Evolutionary Computation.

[12]  Malcolm I. Heywood,et al.  A Linear Genetic Programming Approach to Intrusion Detection , 2003, GECCO.

[13]  Hong Shen,et al.  Mining the optimal class association rule set , 2002, Knowl. Based Syst..

[14]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[15]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[16]  Octavio Nieto-Taladriz,et al.  Improving network security using genetic algorithm approach , 2007, Comput. Electr. Eng..

[17]  Salvatore J. Stolfo,et al.  Mining Audit Data to Build Intrusion Detection Models , 1998, KDD.

[18]  Giandomenico Spezzano,et al.  GP Ensemble for Distributed Intrusion Detection Systems , 2005, ICAPR.