A Rough-Fuzzy Hybrid Algorithm for Computer Intrusion Detection

In this paper, we propose an intrusion detection method that combines rough sets theory and fuzzy c-means for anomaly detection. The first step consists of attribute selection which is based on rough set theory for each of the 5 classes of intrusions in the Defense Advanced Research Projects Agency (DARPA) data is identified. The next phase is clustering by using fuzzy c-means; we are using rough sets for cleaning and to filtering out redundant, spurious information. Fuzzy c-means allow objects to belong to several clusters simultaneously, with different degrees of membership. Our method is an accurate model for handling complex attack patterns in large networks. We used data set from 1999 Knowledge Discovery and Data mining (KDD) intrusion detection contest. The main goal of this paper is to apply this method to increase the efficiency of a given intrusion detection model and to be able to reduce the data set by looking for overlapping categories and also to filter in the desired ones.

[1]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[2]  Dieter Hutter,et al.  Attribute Reduction for Effective Intrusion Detection , 2004, AWIC.

[3]  Andrew H. Sung,et al.  Feature Selection for Intrusion Detection with Neural Networks and Support Vector Machines , 2003 .

[4]  Qiang Shen,et al.  Rough set-aided keyword reduction for text categorization , 2001, Appl. Artif. Intell..

[5]  Songul Albayrak,et al.  FUZZY C-MEANS CLUSTERING ON MEDICAL DIAGNOSTIC SYSTEMS , 2003 .

[6]  Koral Ilgun,et al.  USTAT: a real-time intrusion detection system for UNIX , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[7]  Yuehui Chen,et al.  Cyber Security And The Evolution Of Intrusion Detection Systems , 2005 .

[8]  Gordon A. Manson,et al.  Evaluation of Intelligent Intrusion Detection Models , 2004, Int. J. Digit. EVid..

[9]  David A. Wagner,et al.  Mimicry attacks on host-based intrusion detection systems , 2002, CCS '02.

[10]  Qiang Shen,et al.  Fuzzy-rough data reduction with ant colony optimization , 2005, Fuzzy Sets Syst..

[11]  G. Chakraborty,et al.  A rough-GA hybrid algorithm for rule extraction from large data , 2004, 2004 IEEE International Conference onComputational Intelligence for Measurement Systems and Applications, 2004. CIMSA..

[12]  Boris Skoric,et al.  An Information-Theoretic Measure of Intrusion Detection Capability , 2005 .

[13]  Sheng-Hsun Hsu,et al.  Application of SVM and ANN for intrusion detection , 2005, Comput. Oper. Res..

[14]  Fabio Roli,et al.  Fusion of multiple classifiers for intrusion detection in computer networks , 2003, Pattern Recognit. Lett..

[15]  Qiang Wang,et al.  A clustering algorithm for intrusion detection , 2005, SPIE Defense + Commercial Sensing.

[16]  S. Srinoy,et al.  Integrating Genetic Algorithms and Fuzzy c-Means for Anomaly Detection , 2005, 2005 Annual IEEE India Conference - Indicon.

[17]  Huan Liu,et al.  Feature Selection for Classification , 1997, Intell. Data Anal..

[18]  James C. Bezdek,et al.  Pattern Recognition with Fuzzy Objective Function Algorithms , 1981, Advanced Applications in Pattern Recognition.

[19]  Klaus-Robert Müller,et al.  Visualization of anomaly detection using prediction sensitivity , 2005, Sicherheit.

[20]  Qiang Shen,et al.  Rough and Fuzzy Sets for Dimensionality Reduction , 2001 .

[21]  Vasant Honavar,et al.  Lightweight agents for intrusion detection , 2003, J. Syst. Softw..

[22]  Michael I. Jordan,et al.  Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint , 2001 .

[23]  Earl Cox,et al.  Fuzzy Modeling And Genetic Algorithms For Data Mining And Exploration , 2005 .

[24]  W. Peizhuang Pattern Recognition with Fuzzy Objective Function Algorithms (James C. Bezdek) , 1983 .