A rough set-based effective rule generation method for classification with an application in intrusion detection

In this paper, we use Rough Set Theory RST to address the important problem of generating decision rules for data mining. In particular, we propose a rough set-based approach to mine rules from inconsistent data. It computes the lower and upper approximations for each concept, and then builds concise classification rules for each concept satisfying required classification accuracy. Estimating lower and upper approximations substantially reduces the computational complexity of the algorithm. We use UCI ML Repository data sets to test and validate the approach. We also use our approach on network intrusion data sets captured using our local network from network flows. The results show that our approach produces effective and minimal rules and provides satisfactory accuracy.

[1]  Jim Alves-Foss,et al.  Autonomous rule creation for intrusion detection , 2011, 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[2]  Bhabesh Nath,et al.  Multi-objective rule mining using genetic algorithms , 2004, Inf. Sci..

[3]  Jiye Li,et al.  A Rough Set Based Model to Rank the Importance of Association Rules , 2005, RSFDGrC.

[4]  Das Amrita,et al.  Mining Association Rules between Sets of Items in Large Databases , 2013 .

[5]  Yijie Li,et al.  A New Heuristic Algorithm of Rules Generation Based on Rough Sets , 2008, 2008 International Seminar on Business and Information Management.

[6]  Dhruba Kumar Bhattacharyya,et al.  Anomaly Detection Analysis of Intrusion Data Using Supervised & Unsupervised Approach , 2010, J. Convergence Inf. Technol..

[7]  Ajith Abraham,et al.  Stock Market Modeling Using Genetic Programming Ensembles , 2006, Genetic Systems Programming.

[8]  Jürgen Quittek,et al.  Requirements for IP Flow Information Export (IPFIX) , 2004, RFC.

[9]  S. O. Falaki,et al.  NETWORK INTRUSION DETECTION BASED ON ROUGH SET AND K-NEAREST NEIGHBOUR , 2008 .

[10]  Morteza Amini,et al.  RT-UNNID: A practical solution to real-time network-based intrusion detection using unsupervised neural networks , 2006, Comput. Secur..

[11]  Jugal K. Kalita,et al.  Packet and Flow Based Network Intrusion Dataset , 2012, IC3.

[12]  R. Słowiński Intelligent Decision Support: Handbook of Applications and Advances of the Rough Sets Theory , 1992 .

[13]  P. Krishna Reddy,et al.  Mining Rare Association Rules in the Datasets with Widely Varying Items' Frequencies , 2010, DASFAA.

[14]  Rüdiger W. Brause,et al.  Rule generation and model selection used for medical diagnosis , 2002, J. Intell. Fuzzy Syst..

[15]  Jerzy W. Grzymala-Busse,et al.  Knowledge acquisition under uncertainty — a rough set approach , 1988, J. Intell. Robotic Syst..

[16]  Benoit Claise,et al.  Cisco Systems NetFlow Services Export Version 9 , 2004, RFC.

[17]  Jerzy W. Grzymala-Busse,et al.  A New Version of the Rule Induction System LERS , 1997, Fundam. Informaticae.

[18]  Ying Sai,et al.  A rough set approach to mining concise rules from inconsistent data , 2006, 2006 IEEE International Conference on Granular Computing.

[19]  Jugal K. Kalita,et al.  Surveying Port Scans and Their Detection Methodologies , 2011, Comput. J..

[20]  Jugal K. Kalita,et al.  A Survey of Outlier Detection Methods in Network Anomaly Identification , 2011, Comput. J..

[21]  R. Suganya,et al.  Data Mining Concepts and Techniques , 2010 .

[22]  K. Shadan,et al.  Available online: , 2012 .

[23]  Jerzy W. Grzymala-Busse,et al.  Rough Sets , 1995, Commun. ACM.

[24]  Roman Słowiński,et al.  Intelligent Decision Support , 1992, Theory and Decision Library.

[25]  J. Kalita,et al.  Outlier Identification using Symmetric Neighborhoods , 2012 .