A Granular Intrusion Detection System Using Rough Cognitive Networks

Security in computer networks is an active research field since traditional approaches (e.g., access control, encryption, firewalls, etc.) are unable to completely protect networks from attacks and malwares. That is why Intrusion Detection Systems (IDS) have become an essential component of security infrastructure to detect these threats before they inflict widespread damage. Concisely, network intrusion detection is essentially a pattern recognition problem in which network traffic patterns are classified as either normal or abnormal. Several Computational Intelligence (CI) methods have been proposed to solve this challenging problem, including fuzzy sets, swarm intelligence, artificial neural networks and evolutionary computation. Despite the relative success of such methods, the complexity of the classification task associated with intrusion detection demands more effective models. On the other hand, there are scenarios where identifying abnormal patterns could be a challenge as the collected data is still permeated with uncertainty. In this chapter, we tackle the network intrusion detection problem from a classification angle by using a recently proposed granular model named Rough Cognitive Networks (RCN). An RCN is a fuzzy cognitive map that leans upon rough set theory to define its topological constructs. An optimization-based learning mechanism for RCNs is also introduced. The empirical evidence indicates that the RCN is a suitable approach for detecting abnormal traffic patterns in computer networks.

[1]  Fan Wu,et al.  Intrusion Detection Method Based on Wavelet Neural Network , 2009, 2009 Second International Workshop on Knowledge Discovery and Data Mining.

[2]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[3]  Kamel Faraoun,et al.  Genetic Programming Approach for Multi-Category Pattern Classification Applied to Network Intrusions Detection , 2006, Int. Arab J. Inf. Technol..

[4]  Julie A. Dickerson,et al.  Fuzzy network profiling for intrusion detection , 2000, PeachFuzz 2000. 19th International Conference of the North American Fuzzy Information Processing Society - NAFIPS (Cat. No.00TH8500).

[5]  Rayford B. Vaughn,et al.  Fuzzy cognitive maps for decision support in an intelligent intrusion detection system , 2001, Proceedings Joint 9th IFSA World Congress and 20th NAFIPS International Conference (Cat. No. 01TH8569).

[6]  Bart Kosko,et al.  Fuzzy Cognitive Maps , 1986, Int. J. Man Mach. Stud..

[7]  Hussein A. Abbass,et al.  Biologically-inspired Complex Adaptive Systems approaches to Network Intrusion Detection , 2007, Inf. Secur. Tech. Rep..

[8]  Guoyin Wang,et al.  Erratum to “Experimental Analyses of the Major Parameters Affecting the Intensity of Outbursts of Coal and Gas” , 2014, The Scientific World Journal.

[9]  M. Sadiq Ali Khan,et al.  Rule based Network Intrusion Detection using Genetic Algorithm , 2011 .

[10]  Pat Langley,et al.  Estimating Continuous Distributions in Bayesian Classifiers , 1995, UAI.

[11]  Witold Pedrycz,et al.  Three-way decisions based on decision-theoretic rough sets under linguistic assessment with the aid of group decision making , 2015, Appl. Soft Comput..

[12]  Vladik Kreinovich,et al.  Handbook of Granular Computing , 2008 .

[13]  Ajith Abraham,et al.  Rough Set Theory: A True Landmark in Data Analysis , 2009 .

[14]  James Cannady,et al.  Artificial Neural Networks for Misuse Detection , 1998 .

[15]  Noureddine Boudriga,et al.  Incident Response Probabilistic Cognitive Maps , 2008, 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications.

[16]  Feng Wang,et al.  A Survey of Artificial Immune System Based Intrusion Detection , 2014, TheScientificWorldJournal.

[17]  Andrzej Skowron,et al.  Toward Perception Based Computing: A Rough-Granular Perspective , 2006, WImBI.

[18]  Yixian Yang,et al.  A distance sum-based hybrid method for intrusion detection , 2013, Applied Intelligence.

[19]  Witold Pedrycz,et al.  Time series long-term forecasting model based on information granules and fuzzy clustering , 2015, Eng. Appl. Artif. Intell..

[20]  Andreas Kuehn Chapter 8 Extending Cybersecurity, Securing Private Internet Infrastructure: the US Einstein Program and its Implications for Internet Governance , 2014 .

[21]  Rayford B. Vaughn,et al.  Intrusion sensor data fusion in an intelligent intrusion detection system architecture , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[22]  Witold Pedrycz,et al.  Granular Computing: At the Junction of Rough Sets and Fuzzy Sets , 2008 .

[23]  Lei Li,et al.  A New Intrusion Detection System Based on Rough Set Theory and Fuzzy Support Vector Machine , 2011, 2011 3rd International Workshop on Intelligent Systems and Applications.

[24]  Hooman Tahayori,et al.  Artificial immune system based on interval type-2 fuzzy set paradigm , 2011, Appl. Soft Comput..

[25]  Zong Woo Geem,et al.  A New Heuristic Optimization Algorithm: Harmony Search , 2001, Simul..

[26]  Feng Yang,et al.  An Efficient Distributed Coordinated Intrusion Detection Algorithm , 2006, 2006 International Conference on Machine Learning and Cybernetics.

[27]  Mary Baker,et al.  Wearable Computing , 2014, IEEE Pervasive Computing.

[28]  Symeon Papavassiliou,et al.  Network intrusion and fault detection: a statistical anomaly approach , 2002, IEEE Commun. Mag..

[29]  Hussein A. Abbass,et al.  An adaptive genetic-based signature learning system for intrusion detection , 2009, Expert Syst. Appl..

[30]  Mahmoud Jazzar,et al.  Using Fuzzy Cognitive Maps to Reduce False Alerts in SOM-Based Intrusion Detection Sensors , 2008, 2008 Second Asia International Conference on Modelling & Simulation (AMS).

[31]  Witold Pedrycz,et al.  Building granular fuzzy decision support systems , 2014, Knowl. Based Syst..

[32]  Keith Kirkpatrick,et al.  Software-defined networking , 2013, CACM.

[33]  Gui Guo Liu Intrusion Detection Systems , 2014 .

[34]  Xiangji Huang,et al.  Mining network data for intrusion detection through combining SVMs with ant colony networks , 2014, Future Gener. Comput. Syst..

[35]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[36]  Manel Guerrero Zapata,et al.  A fuzzy anomaly detection system based on hybrid PSO-Kmeans algorithm in content-centric networks , 2015, Neurocomputing.

[37]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[38]  Clayton R. Pereira,et al.  A nature-inspired approach to speed up optimum-path forest clustering and its application to intrusion detection in computer networks , 2015, Inf. Sci..

[39]  Maghsoud Abbaspour,et al.  Adaptive Anomaly-Based Intrusion Detection System Using Fuzzy Controller , 2012, Int. J. Netw. Secur..

[40]  V. Rao Vemuri,et al.  NSOM: A Tool To Detect Denial Of Service Attacks Using Self-Organizing Maps , 2002 .

[41]  Yannis A. Dimitriadis,et al.  Anomaly Detection in Network Traffic Based on Statistical Inference and \alpha-Stable Modeling , 2011, IEEE Transactions on Dependable and Secure Computing.

[42]  Sanjay Ranka,et al.  Conditional Anomaly Detection , 2007, IEEE Transactions on Knowledge and Data Engineering.

[43]  P. Sivaranjanadevi,et al.  An Effective Intrusion System for Mobile Ad Hoc Networks using Rough Set Theory and Support Vector Machine , 2012, CloudCom 2012.

[44]  Chunlin Zhang,et al.  Comparison of BPL and RBF Network in Intrusion Detection System , 2003, RSFDGrC.

[45]  Rung Ching Chen,et al.  Using Rough Set and Support Vector Machine for Network Intrusion Detection System , 2009, 2009 First Asian Conference on Intelligent Information and Database Systems.

[46]  Siyang Zhang,et al.  A novel hybrid KPCA and SVM with GA model for intrusion detection , 2014, Appl. Soft Comput..

[47]  S. Srinoy,et al.  Anomaly-Based Intrusion Detection using Fuzzy Rough Clustering , 2006, 2006 International Conference on Hybrid Information Technology.

[48]  Ming Yu,et al.  A Nonparametric Adaptive Cusum Method And Its Application In Network Anomaly Detection , 2012 .

[49]  Wolfgang Banzhaf,et al.  The use of computational intelligence in intrusion detection systems: A review , 2010, Appl. Soft Comput..

[50]  Hui-Hua Yang,et al.  Ant colony optimization based network intrusion feature selection and detection , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[51]  Qiang Guo,et al.  Getting Obstacle Avoidance Trajectory of Mobile Beacon for Localization , 2010 .

[52]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[53]  Jerzy W. Grzymala-Busse,et al.  Rough Sets , 1995, Commun. ACM.

[54]  Chih-Jen Lin,et al.  LIBSVM: A library for support vector machines , 2011, TIST.

[55]  Xing Li,et al.  A dynamic artificial immune-based intrusion detection method using rough and fuzzy set , 2013 .

[56]  Hussein A. Abbass,et al.  Intrusion detection with evolutionary learning classifier systems , 2009, Natural Computing.

[57]  Jose L. Salmeron,et al.  Benchmarking main activation functions in fuzzy cognitive maps , 2009, Expert Syst. Appl..

[58]  David Aldous,et al.  The Continuum Random Tree III , 1991 .

[59]  A. Siraj,et al.  Multi-level alert clustering for intrusion detection sensor data , 2005, NAFIPS 2005 - 2005 Annual Meeting of the North American Fuzzy Information Processing Society.

[60]  Julie A. Dickerson,et al.  Fuzzy feature extraction and visualization for intrusion detection , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..

[61]  Kumar Shrivastava Shailendra,et al.  Effective Anomaly based Intrusion Detection using Rough Set Theory and Support Vector Machine , 2011 .

[62]  Alexander Hofmann,et al.  Rule extraction from neural networks for intrusion detection in computer networks , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[63]  Bruce W. Suter,et al.  The multilayer perceptron as an approximation to a Bayes optimal discriminant function , 1990, IEEE Trans. Neural Networks.

[64]  Rafael Bello,et al.  Rough sets in the Soft Computing environment , 2012, Inf. Sci..

[65]  Witold Pedrycz,et al.  Distributed proximity-based granular clustering: towards a development of global structural relationships in data , 2015, Soft Comput..

[66]  Abdolreza Mirzaei,et al.  Intrusion detection using fuzzy association rules , 2009, Appl. Soft Comput..

[67]  Bart Kosko,et al.  Hidden patterns in combined and adaptive knowledge networks , 1988, Int. J. Approx. Reason..

[68]  Seok-Beom Roh,et al.  A design of granular fuzzy classifier , 2014, Expert Syst. Appl..

[69]  Yin-Fu Huang,et al.  Self-adaptive harmony search algorithm for optimization , 2010, Expert Syst. Appl..

[70]  Bart Kosko,et al.  Fuzzy Engineering , 1996 .

[71]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[72]  Koen Vanhoof,et al.  Hybrid Model Based on Rough Sets Theory and Fuzzy Cognitive Maps for Decision-Making , 2014, RSEISP.

[73]  S. V. Raghavan,et al.  Intrusion detection through learning behavior model , 2001, Comput. Commun..

[74]  Charles Elkan,et al.  Results of the KDD'99 classifier learning , 2000, SKDD.

[75]  Yiyu Yao,et al.  Three-way decisions with probabilistic rough sets , 2010, Inf. Sci..

[76]  Hou Yong,et al.  Expert System Based Intrusion Detection System , 2010, 2010 3rd International Conference on Information Management, Innovation Management and Industrial Engineering.

[77]  Yiyu Yao,et al.  Three-Way Decision: An Interpretation of Rules in Rough Set Theory , 2009, RSKT.

[78]  M.Govindarajan Hybrid Intrusion Detection Using Ensemble of Classification Methods , 2014 .

[79]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[80]  Ron Kohavi,et al.  Scaling Up the Accuracy of Naive-Bayes Classifiers: A Decision-Tree Hybrid , 1996, KDD.