Network Intrusion Detection Based on Directed Acyclic Graph and Belief Rule Base

Intrusion detection is very important for network situation awareness. While a few methods have been proposed to detect network intrusion, they cannot directly and effectively utilize semi-quantitative information consisting of expert knowledge and quantitative data. Hence, this paper proposes a new detection model based on a directed acyclic graph (DAG) and a belief rule base (BRB). In the proposed model, called DAG-BRB, the DAG is employed to construct a multi-layered BRB model that can avoid explosion of combinations of rule number because of a large number of types of intrusion. To obtain the optimal parameters of the DAG-BRB model, an improved constraint covariance matrix adaption evolution strategy (CMA-ES) is developed that can effectively solve the constraint problem in the BRB. A case study was used to test the efficiency of the proposed DAG-BRB. The results showed that compared with other detection models, the DAG-BRB model has a higher detection rate and can be used in real networks.

[1]  Nikolaus Hansen,et al.  The CMA Evolution Strategy: A Comparing Review , 2006, Towards a New Evolutionary Computation.

[2]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[3]  Dong-Ling Xu,et al.  Evidential reasoning rule for evidence combination , 2013, Artif. Intell..

[4]  Hongbin Zha,et al.  Evidential calibration of binary SVM classifiers , 2016, Int. J. Approx. Reason..

[5]  Anup K. Ghosh,et al.  A Study in Using Neural Networks for Anomaly and Misuse Detection , 1999, USENIX Security Symposium.

[6]  Anne Auger,et al.  Benchmarking the (1+1)-CMA-ES on the BBOB-2009 function testbed , 2009, GECCO '09.

[7]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[8]  Chang-Hua Hu,et al.  A New Evidential Reasoning-Based Method for Online Safety Assessment of Complex Systems , 2018, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[9]  Chang-Hua Hu,et al.  Hidden Behavior Prediction of Complex Systems Under Testing Influence Based on Semiquantitative Information and Belief Rule Base , 2015, IEEE Transactions on Fuzzy Systems.

[10]  Jian-Bo Yang,et al.  Online Updating Belief-Rule-Base Using the RIMER Approach , 2011, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[11]  Jian-Bo Yang,et al.  Identification of uncertain nonlinear systems: Constructing belief rule-based models , 2015, Knowl. Based Syst..

[12]  Chang-Hua Hu,et al.  A New BRB-ER-Based Model for Assessing the Lives of Products Using Both Failure Data and Expert Knowledge , 2016, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[13]  Nello Cristianini,et al.  Large Margin DAGs for Multiclass Classification , 1999, NIPS.

[14]  Da-Xin Tian,et al.  ANNIDS: intrusion detection system based on artificial neural network , 2003, Proceedings of the 2003 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.03EX693).

[15]  Jian-Bo Yang,et al.  A bi-level belief rule based decision support system for diagnosis of lymph node metastasis in gastric cancer , 2013, Knowl. Based Syst..

[16]  Bernard Widrow,et al.  Neural networks: applications in industry, business and science , 1994, CACM.

[17]  Quan Pan,et al.  Credal classification rule for uncertain data based on belief functions , 2014, Pattern Recognit..

[18]  Zhiguo Zhou,et al.  A new safety assessment model for complex system based on the conditional generalized minimum variance and the belief rule base , 2017 .

[19]  Nikolaus Hansen,et al.  Evaluating the CMA Evolution Strategy on Multimodal Test Functions , 2004, PPSN.

[20]  Cecilio Angulo,et al.  1-v-1 Tri-Class SV Machine , 2003, ESANN.

[21]  Quan Pan,et al.  Hybrid Classification System for Uncertain Data , 2017, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[22]  P. N. Suganthan,et al.  Differential Evolution: A Survey of the State-of-the-Art , 2011, IEEE Transactions on Evolutionary Computation.

[23]  Xin Xu,et al.  An Adaptive Network Intrusion Detection Method Based on PCA and Support Vector Machines , 2005, ADMA.

[24]  Salvatore J. Stolfo,et al.  Data mining-based intrusion detectors: an overview of the columbia IDS project , 2001, SGMD.

[25]  Jean Dezert,et al.  Credal c-means clustering method based on belief functions , 2015, Knowl. Based Syst..

[26]  Jian-Bo Yang,et al.  Introduction to the ER Rule for Evidence Combination , 2011, IUKM.

[27]  J. Jinbao,et al.  A superlinearly and quadratically convergent SQP type feasible method for constrained optimization , 2000 .

[28]  Petros Koumoutsakos,et al.  Reducing the Time Complexity of the Derandomized Evolution Strategy with Covariance Matrix Adaptation (CMA-ES) , 2003, Evolutionary Computation.

[29]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.