Integrated Rule Mining Based on Fuzzy GNP and Probabilistic Classification for Intrusion Detection
Nannan Lu, Shingo Mabu, and Kotaro Hirasawa
Graduate School of Information, Production and Systems, Waseda University, 2-7 Hibikino, Wakamatsu-ku, Kitakyushu, Fukuoka 808-0135, Japan
With the increasing popularity of the Internet, network security has become a serious problem recently. How to detect intrusions effectively becomes an important component in network security. Therefore, a variety of algorithms have been devoted to this challenge. Genetic network programming is a newly developed evolutionary algorithm with directed graph gene structures, and it has been applied to data mining for intrusion detection systems providing good performances in intrusion detection. In this paper, an integrated rule mining algorithm based on fuzzy GNP and probabilistic classification is proposed. The integrated rule mining uses fuzzy class association rule mining algorithm to extract rules with different classes. Actually, it can deal with both discrete and continuous attributes in network connection data. Then, the classification is done probabilistically using different class rules. The integrated method showed excellent results by simulation experiments.
-  A. El-Semaray, J. Edmonds, J. Gonzalez-Pino, and M. Papa, “Applying data mining of fuzzy association rules to network intrusion detection,” In Proc. of the 2006 IEEEWorkshop on Information Assurance, West Point, NY, pp. 100-107, 2006.
-  W. Lee, S. J. Hershkop, P. K. Chan, E. Eskin, W. Fan, M. Miller, S. Hershkop, and J. Zhang, “Real time data mining-based intrusion detection,” In Proc. of the DISCEX II 2001, Anaheim, Vol.1, pp. 89-100, 2001.
-  D. Parikh and T. Chen, “Data fusion and cost minimization for intrusion detection,” IEEE Trans. on Information Forensics and Security, Vol.3, No.3, pp. 381-389, 2008.
-  L. Portnoy, E. Eskin, and S. Stolfo, “Intrusion detection with unlabeled data using clustering,” In Proc. of the ACM Workshop Data Mining Applied to Security, 2001.
-  N. B. Amor, S. Benferhat, and Z. Elouedi, “Naive Bayes vs. Decision trees in intrusion detection systems,” In Proc. of the ACM Symp, Applied Computing (SAC ’04), pp. 420-424, 2004.
-  Z. Pan, S. Chen, G. Hu, and D. Zhang, “Hybrid neural network and C4.5 for misuse detection,” In Proc. of the Second Int. Conf. on Machine Learning and Cybernetics, Vol.4, pp. 2463-2467, 2003.
-  D. S. Kim and J. S. Park, “Network-Based intrusion detection with support vector machines,” In Proc. of the Information Networking, Technologies for Enhanced Internet Services Int. Conf. (ICOIN ’03), pp. 747-756, 2003.
-  K. Shimada, K. Hirasawa, and J. Hu, “Genetic network programming with acquisition mechanism of association rules,” J. of Advanced Computational Intelligence and Intelligent Informatics, Vol.10, No.1, pp. 102-111, 2006.
-  K. Hirasawa, T. Eguchi, J. Zhou, L. Yu, J. Hu, and S. Markon, “A double-deck elevator group supervisory control system using genetic network programming,” IEEE Trans. on Systems, Man, and Cybernetics, Part C, Vol.38, No.4, pp. 535-550, 2008.
-  Y. Chen, S. Mabu, K. Shimada, and K. Hirasawa, “Real time updating genetic network programming for adapting to the change of stock prices,” IEEJ Trans. EIS, Vol.129, No.2, pp. 344-354, 2009.
-  T. Eguchi, K. Hirasawa, J. Hu, and N. Ota, “A study of evolutionary multiagent models based on symbiosis,” IEEE Trans. on Systems, Man and Cybernetics, Part B, Vol.36, No.1, pp. 179-193, 2006.
-  S. Mabu, K. Hirasawa, and J. Hu, “A graph-based evolutionary algorithm: genetic network programming (GNP) and its extension using reinforcement learning,” Evolutionary Computation, MIT press, Vol.15, No.3, pp. 369-398, 2007.
-  S. Mabu, C. Chen, N. Lu, K. Shimada, and K. Hirasawa, “An intrusion detection model based on fuzzy class association rule mining using genetic network programming,” IEEE Trans. on Systems, Man, and Cybernetics, Part C, Vol.41, No.1, pp. 130-139, 2011.
-  S. Mabu, W. J. Li, N. Lu, Y. Wang, and K. Hirasawa, “Classification based on a multi-dimensional probability distribution and its application to network intrusion detection,” IEEE World Congress on Computational Intelligence 2010, Barclerona, Spain, 2010.
-  K. Shimada, K. Hirasawa, and J. Hu, “Class association rule mining with chi-squared test using genetic network programming,” In Proc. of the IEEE SMC 2006, Taipei, pp. 5338-5344, 2006.
-  “KDDCUP 1999 data,”
-  Z. Yu, J. J. P. Tsai, and T. Weigert, “An automatically tuning intrusion detection system,” IEEE Trans. on System, Man, And Cybernetics, Part B, Vol.37, No.2, pp. 373-384, 2007.
-  C. Thomas and N. Balakrishnan, “Improvement in intrusion detection with advances in sensor fusion,” IEEE Trans. on Information Forensics and Security, Vol.4, No.3, pp. 542-551, 2009.
-  W. Lee and S. J. Stolfo, “Data mining approaches for intrusion detection,” In Proc. of the 1998 USENIX Security Symposium, 1998.
-  Y. Gong, S. Mabu, C. Chen, Y. Wang, and K. Hirasawa, “Intrusion detection system combining misuse detection and anomaly detection using genetic network programming,” In Proc. of the SICEICASE Int. Joint Conf., pp. 3463-3467, 2009.
-  Z. Bankovic, D. Stepanovic, S. Bojanic, and O. N. Taladriz, “Improving network security using genetic algorithm approach,” J. of Computers and Electrical Engineering, Vol.33, pp. 438-451, 2007.