Genetic-fuzzy association rules for network intrusion detection systems

A network intrusion detection system (NIDS) based on genetic-fuzzy association rules is presented in the paper, which mines rules in an incremental manner in order to meet the realtime requirement of a NIDS. More precisely, the proposed NIDS adopts the incremental mining of fuzzy association rules from network traffic, in which membership functions of fuzzy variables are optimized by a genetic algorithm. The proposed online system belongs to anomaly detection, not misuse detection. Some denial-of-service (DoS) attacks were experimented in this study to show the performance of the proposed NIDS. The results show that the proposed NIDS can detect DoS attacks in both effectiveness and efficiency.

[1]  Adel Nadjaran Toosi,et al.  A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers , 2007, Comput. Commun..

[2]  Andrew W. Moore,et al.  Bayesian Neural Networks for Internet Traffic Classification , 2007, IEEE Transactions on Neural Networks.

[3]  Jian Yin,et al.  Prior Knowledge SVM-based Intrusion Detection Framework , 2007, Third International Conference on Natural Computation (ICNC 2007).

[4]  Rayford B. Vaughn,et al.  An improved algorithm for fuzzy data mining for intrusion detection , 2002, 2002 Annual Meeting of the North American Fuzzy Information Processing Society Proceedings. NAFIPS-FLINT 2002 (Cat. No. 02TH8622).

[5]  Norbik Bashah Idris,et al.  Improved hybrid intelligent intrusion detection system using AI technique , 2007 .

[6]  Jun Ma,et al.  A new algorithm for mining fuzzy association rules , 2004, Proceedings of 2004 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.04EX826).

[7]  Zied Elouedi,et al.  Naive Bayes vs decision trees in intrusion detection systems , 2004, SAC '04.

[8]  Das Amrita,et al.  Mining Association Rules between Sets of Items in Large Databases , 2013 .

[9]  Rayford B. Vaughn,et al.  Adaptive intrusion detection with data mining , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[10]  Jeffrey Posluns,et al.  Snort 2.0 Intrusion Detection , 2003 .

[11]  S. Bridges INTRUSION DETECTION VIA FUZZY DATA MINING , 2000 .

[12]  Mohammad Saniee Abadeh,et al.  A parallel genetic local search algorithm for intrusion detection in computer networks , 2007, Eng. Appl. Artif. Intell..

[13]  A. El-Semary,et al.  Applying Data Mining of Fuzzy Association Rules to Network Intrusion Detection , 2006, 2006 IEEE Information Assurance Workshop.

[14]  Dong Xie,et al.  Fuzzy Association Rules Discovered on Effective Reduced Database Algorithm , 2005, The 14th IEEE International Conference on Fuzzy Systems, 2005. FUZZ '05..

[15]  Reda Alhajj,et al.  A clustering algorithm with genetically optimized membership functions for fuzzy association rules mining , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..

[16]  Sam Kwong,et al.  Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection , 2007, Pattern Recognition.

[17]  Andrew W. Moore,et al.  Traffic Classification Using a Statistical Approach , 2005, PAM.

[18]  Ming-Yang Su,et al.  A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach , 2009, Comput. Secur..

[19]  Julie A. Dickerson,et al.  Fuzzy network profiling for intrusion detection , 2000, PeachFuzz 2000. 19th International Conference of the North American Fuzzy Information Processing Society - NAFIPS (Cat. No.00TH8500).

[20]  Man Hon Wong,et al.  Mining fuzzy association rules in databases , 1998, SGMD.