A real-time network intrusion detection system based on incremental mining approach

The fuzzy association rule has been proven to be effective to present userspsila network behavior offline from a huge amount of collected packets. However, not only effectiveness, efficiency is important as well for Network Intrusion Detection Systems (NIDSs). None of those proposed NIDSs subject to fuzzy association rule can meet the real-time requirement because they all applied static mining approach. In the paper, we propose a real-time NIDS by incremental mining for fuzzy association rules. By consistently comparing the two rule sets, one mined from online packets and the other mined from training attack free packets, our system can make a decision per time unit, 2 seconds in the paper. Experiments have been done to demonstrate its excellent effectiveness and efficiency of the system.

[1]  Reda Alhajj,et al.  A clustering algorithm with genetically optimized membership functions for fuzzy association rules mining , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..

[2]  Zeng-Zhi Li,et al.  Algorithm of mining fuzzy association rules in network management , 2003, Proceedings of the 2003 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.03EX693).

[3]  Julie A. Dickerson,et al.  Fuzzy network profiling for intrusion detection , 2000, PeachFuzz 2000. 19th International Conference of the North American Fuzzy Information Processing Society - NAFIPS (Cat. No.00TH8500).

[4]  Reda Alhajj,et al.  Facilitating fuzzy association rules mining by using multi-objective genetic algorithms for automated clustering , 2003, Third IEEE International Conference on Data Mining.

[5]  Tomasz Imielinski,et al.  Mining association rules between sets of items in large databases , 1993, SIGMOD Conference.

[6]  Sheng-Cheng Yeh,et al.  Using Incremental Mining to Generate Fuzzy Rules for Real-Time Network Intrusion Detection Systems , 2008, 22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008).

[7]  Man Hon Wong,et al.  Mining fuzzy association rules in databases , 1998, SGMD.

[8]  S. Bridges INTRUSION DETECTION VIA FUZZY DATA MINING , 2000 .

[9]  A. El-Semary,et al.  Applying Data Mining of Fuzzy Association Rules to Network Intrusion Detection , 2006, 2006 IEEE Information Assurance Workshop.

[10]  Rayford B. Vaughn,et al.  An improved algorithm for fuzzy data mining for intrusion detection , 2002, 2002 Annual Meeting of the North American Fuzzy Information Processing Society Proceedings. NAFIPS-FLINT 2002 (Cat. No. 02TH8622).

[11]  Rayford B. Vaughn,et al.  Adaptive intrusion detection with data mining , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[12]  Jun Ma,et al.  A new algorithm for mining fuzzy association rules , 2004, Proceedings of 2004 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.04EX826).

[13]  Keith C. C. Chan,et al.  Mining fuzzy association rules in a bank-account database , 2003, IEEE Trans. Fuzzy Syst..

[14]  Dong Xie,et al.  Fuzzy Association Rules Discovered on Effective Reduced Database Algorithm , 2005, The 14th IEEE International Conference on Fuzzy Systems, 2005. FUZZ '05..