Intrusion Detection Using Rough Sets based Parallel Genetic Algorithm Hybrid Model

Recently machine learning-based Intrusion Detection systems (IDs) have been subjected to extensive researches because they can detect both misuse and anomaly. Most of existing IDs use all features in the network packet to look for known intrusive patterns. Some of these features are irrelevant or redundant. Rough Set Classification (RSC), a modern learning algorithm, is used to rank features extracted for detecting intrusions and generate intrusion detection models. In this paper a new hybrid model RSC-PGA (Rough Set Classification Parallel Genetic Algorithm) is presented to address the problem of identifying important features in building an intrusion detection system, increase the convergence speed and decrease the training time of RSC. Tests are done on KDD-99 dataset used for The Third International Knowledge Discovery and Data Mining Tools Competition. Results showed that the proposed model gives better and robust representation of rules as it was able to select features resulting in great data reduction, time reduction and error reduction in detecting new attacks. Keywords— Intrusion detection, Parallel genetic algorithm, Rough set classification.

[1]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[2]  Riccardo Poli,et al.  Parallel genetic algorithm taxonomy , 1999, 1999 Third International Conference on Knowledge-Based Intelligent Information Engineering Systems. Proceedings (Cat. No.99TH8410).

[3]  Andrew H. Sung,et al.  The Feature Selection and Intrusion Detection Problems , 2004, ASIAN.

[4]  Lang Yu,et al.  Intrusion detection using rough set classification , 2004, Journal of Zhejiang University. Science.

[5]  M. A. Maarof,et al.  Feature Selection Using Rough Set in Intrusion Detection , 2006, TENCON 2006 - 2006 IEEE Region 10 Conference.

[6]  Malcolm I. Heywood,et al.  Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 , 2005, PST.

[7]  P.A. Crossley,et al.  Application of Genetic Algorithm and Rough Set Theory for Knowledge Extraction , 2007, 2007 IEEE Lausanne Power Tech.

[8]  Chang Wook Ahn,et al.  On the practical genetic algorithms , 2005, GECCO '05.

[9]  Francis Eng Hock Tay,et al.  A discretization method for rough sets theory , 2001, Intell. Data Anal..

[10]  Neveen I. Ghali,et al.  Feature Selection for Effective Anomaly-Based Intrusion Detection , 2009 .

[11]  Dominik Slezak,et al.  Parallel Island Model for Attribute Reduction , 2005, PReMI.

[12]  Philip K. Chan,et al.  An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.

[13]  Janusz Zalewski,et al.  Rough sets: Theoretical aspects of reasoning about data , 1996 .