Hybrid of rough set theory and Artificial Immune Recognition System as a solution to decrease false alarm rate in intrusion detection system

Denial of Service (DoS) attacks is one of the security threats for computer systems and applications. It usually make use of software bugs to crash or freeze a service or network resource or bandwidth limits by making use of a flood attack to saturate all bandwidth. Predicting a potential DOS attacks would be very helpful for an IT departments or managements to optimize the security of intrusion detection system (IDS). Nowadays, false alarm rates and accuracy become the main subject to be addressed in measuring the effectiveness of IDS. Thus, the purpose of this work is to search the classifier that is capable to reduce the false alarm rates and increase the accuracy of the detection system. This study applied Artificial Immune System (AIS) in IDS. However, this study has been improved by using integration of rough set theory (RST) with Artificial Immune Recognition System 1 (AIRS1) algorithm, (Rough-AIRS1) to categorize the DoS samples. RST is expected to be able to reduce the redundant features from huge amount of data that is capable to increase the performance of the classification. Furthermore, AIS is an incremental learning approach that will minimize duplications of cases in a knowledge based. It will be efficient in terms of memory storage and searching for similarities in Intrusion Detection (IDS) attacks patterns. This study use NSL-KDD 20% train dataset to test the classifiers. Then, the performances are compared with single AIRS1 and J48 algorithm. Results from these experiments show that Rough-AIRS1 has lower number of false alarm rate compared to single AIRS but a little bit higher than J48. However, accuracy for this hybrid technique is slightly lower compared to others.

[1]  Lang Yu,et al.  Intrusion detection using rough set classification , 2004, Journal of Zhejiang University. Science.

[2]  Fatin Norsyafawati Mohd Sabri,et al.  Identifying False Alarm Rates for Intrusion Detection System with Data Mining , 2011 .

[3]  Jonathan Timmis,et al.  A resource limited artificial immune system for data analysis , 2001, Knowl. Based Syst..

[4]  Aleksander Ohrn,et al.  ROSETTA -- A Rough Set Toolkit for Analysis of Data , 1997 .

[5]  Kumar Shrivastava Shailendra,et al.  Effective Anomaly based Intrusion Detection using Rough Set Theory and Support Vector Machine , 2011 .

[6]  Stephanie Forrest,et al.  Immunity by design: an artificial immune system , 1999 .

[7]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[8]  Jason Brownlee,et al.  Artificial immune recognition system (AIRS): a review and analysis , 2005 .

[9]  Wang Jun Research on Agent-based Intrusion Detection Technique , 2006 .

[10]  Alireza Osareh,et al.  Intrusion Detection in Computer Networks based on Machine Learning Algorithms , 2008 .

[11]  Wei Li,et al.  Using Genetic Algorithm for Network Intrusion Detection , 2004 .

[12]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[13]  S. O. Falaki,et al.  NETWORK INTRUSION DETECTION BASED ON ROUGH SET AND K-NEAREST NEIGHBOUR , 2008 .