Document Type : Research Article
Authors
Abstract
A hybrid approach for intrusion detection in computer networks is presented in this paper. The proposed approach combines an evolutionary-based fuzzy system with an Ant Colony Optimization procedure to generate high-quality fuzzy-classification rules. We applied our hybrid learning approach to network security and validated it using the DARPA KDD-Cup99 benchmark data set. The results indicate that in comparison to several traditional and new techniques, the proposed hybrid approach achieves better classification accuracies. The compared classification approaches are C4.5, Naïve Bayes, k-NN, SVM, Ripper, PNrule and MOGF-IDS. Moreover the improvement on classification accuracy has been obtained for most of the classes of the intrusion detection classification problem. In addition, the results indicate that the proposed hybrid system's total classification accuracy is 94.33% and its classification cost is 0.1675. Therefore, the resultant fuzzy classification rules can be used to produce a reliable intrusion detection system.
Keywords
[1] Giorgio Giacinto, Fabio Roli, and Luca Didaci. Fusion of Multiple Classifiers for Intrusion Detection in Computer Networks. Pattern Recognition Letters, 24(12):1795-1803, 2003. ISSN 0167-8655.
[2] Nong Ye, Qiang Chen, and C. M. Borror. EWMA Forecast of Normal System Activity for Computer Intrusion Detection. IEEE Transactions on Reliability, 53(4):557-566, 2004.
[3] Stefan Axelsson. Intrusion Detection Systems: A Survey and Taxonomy. Technical Report 99-15, Department of Computer Engineering, Chalmers University of Technology, Sweden, March 2000.
[4] Norbik Bashah Idris and Bharanidlran Shanmugam. Artificial Intelligence Techniques Applied to Intrusion Detection. Annual IEEE IN-DICON, pages 52-55, 2005.
[5] Sung-Bae Cho. Incorporating Soft Computing Techniques into a Probabilistic Intrusion Detection System. IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, 32(2):154-160, 2002.
[6] Jun-feng Tian, Yue Fu, Ying Xu, and Jian-ling Wang. Intrusion Detection Combining Multiple Decision Trees by Fuzzy logic. In Proceedings of the 6th International Conference on Parallel and Distributed Computing Applications and Technologies (PDCAT '05), pages 256-258, Washington, DC, USA, 2005. IEEE Computer Society.
[7] Sanghyun Cho and Sungdeok Cha. SAD: Web Session Anomaly Detection Based on Parameter Estimation. Computers & Security, 23(4):312-319, 2004.
[8] Hai-Hua Gao, Hui-Hua Yang, and Xing-YuWang. Ant Colony Optimization Based Network Intrusion Feature Selection and Detection. In Proceedings of the 4th International Conference on Machine Learning and Cybernetics, Guangzhou, China, 2005.
[9] Tansel özyer, Reda Alhajj, and Ken Barker. Intrusion Detection by Integrating Boosting Genetic Fuzzy Classifier and Data Mining Criteria for Rule Pre-Screening. Journal of Network and Computer Applications, 30(1):99-113, 2007.
[10] Mohmmad Saniee Abadeh, Jafar Habibi, and Caro Lucas. Intrusion Detection Using a Fuzzy Genetics-Based Learning Algorithm. Journal of Network and Computer Applications, 30(1):414-428, 2007.
[11] Stefan Axelsson. The Base-Rate Fallacy and the Difficulty of Intrusion Detection. ACM Transactions on Information and System Security (TISSEC), 3(3):186-205, 2000.
[12] Suseela T. Sarasamma, Qiuming A. Zhu, and Julie Huff. Hierarchical Kohonenen Net for Anomaly Detection in Network Security. IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics, 35(2):302-312, 2005.
[13] Yong Feng, Zhong-Fu Wu, Kai-Gui Wu, Zhong-Yang Xiong, and Ying Zhou. An Unsupervised Anomaly Intrusion Detection Algorithm Based on Swarm Intelligence. In Proceedings of the 4th International Conference on Machine Learning and Cybernetics, Guangzhou, China, 2005.
[14] Ahmed Awad E. Ahmed and Issa Traore. Anomaly Intrusion Detection Based on Biometrics. In Proceedings of the 2005 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, NY, USA.
[15] KDD-Cup Data Set. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
[16] Wenke Lee, Salvatore J. Stolfo, and Kui W. Mok. Mining Audit Data to Build Intrusion Detection Models. In Proceedings of the 4th International Conference on Knowledge Discovery and Data Mining, pages 66-72. AAAI Press, 1998.
[17] James Cannady. Artificial Neural Networks for Misuse Detection. In National Information Systems Security Conference, pages 368-81, 1998.
[18] Hervé Debar and Bernadette Dorizzi. An Application of a Recurrent Network to an Intrusion Detection System. In International Joint Conference on Neural Networks (IJCNN), volume 2, pages 478-483, Baltimore, MD, USA, 1992.
[19] Hervé Debar, Monique Becker, and Didier Siboni. A Neural Network Component for an Intrusion Detection System. In Proceedings of the 2nd IEEE Symposium on Security and Privacy (SP'92), pages 240-250, Washington, DC, USA, 1992. IEEE Computer Society.
[20] Srinivas Mukkamala and Andrew H. Sung. Feature Selection for Intrusion Detection Using Neural Networks and Support Vector Machines. Journal of the Transport Research Board, (1822):33-39, 2003.
[21] Martin Riedmiller and Heinrich Braun. A Direct Adaptive Method for Faster Backpropagation Learning: The RPROP Algorithm. In Proceedings of the 2nd IEEE International Conference on Neural Networks, pages 586-591, San Francisco, USA, 1993.
[22] Amit Kumar Choudhary and Akhilesh Swarup. Neural Network Approach for Intrusion Detection. In Proceedings of the 2nd ACM International Conference on Interaction Sciences (ICIS'09), pages 1297-1301, Seoul, South Korea, 2009.
[23] Jake Ryan, Meng jang Lin, and Risto Miikkulainen. Intrusion Detection with Neural Networks. In Advances in Neural Information Processing Systems, volume 10, pages 943-949. MIT Press, 1998.
[24] Susan M. Bridges and Rayford B. Vaughn. Fuzzy Data Mining and Genetic Algorithms Applied to Intrusion Detection. In Proceedings of the National Information Systems Security Conference (NISSC), pages 13-31, 2000.
[25] Steven A. Hofmeyr, Stephanie Forrest, and Anil Somayaji. Intrusion Detection using Sequences of System Calls. Journal of Computer Security, 6:151-180, 1998.
[26] Dipankar Dasgupta and Fabio González. An Immunity-Based Technique to Characterize Intrusions in Computer Networks. IEEE Transactions on Evolutionary Computation, 6(3):1081-1088, 2002.
[27] Paul K. Harmer, Paul D. Williams, Gregg H. Gunsch, and Gary B. Lamont. An Artificial Immune System Architecture for Computer Security Applications. IEEE Transactions on Evolutionary Computation, 6(3):252-280, 2002.
[28] Xiang-Rong Yang, Jun-Yi Shen, and Rui Wang. Artificial Immune Theory Based Network Intrusion Detection System and the Algorithms Design. In Proceedings of the 1st IEEE International Conference on Machine Learning and Cybernetics, volume 1, pages 73-77, 2002.
[29] Chi-Ho Tsang, Sam Kwong, and Hanli Wang. Anomaly Intrusion Detection Using Multi-Objective Genetic Fuzzy System and Agent-Based Evolutionary Computation Framework. In Proceedings of the 5th IEEE International Conference on Data Mining (ICDM '05), pages 789-792, Washington, DC, USA, 2005. IEEE Computer Society.
[30] Baoguo Xu and Apin Zhang. Application of support Vector Clustering Algorithm to Network Intrusion Detection. In International Conference on Neural Networks and Brain (ICNN&B '05), volume 2, pages 1036-1040, 2005.
[31] Sang Hyun Oh and Won Suk Lee. An Anomaly Intrusion Detection Method by Clustering Normal User Behavior. Computers & Security, 22(7): 596-612, 2003.
[32] Elizabeth Leon, Olfa Nasraoui, and Jonatan Gomez. Anomaly Detection based on Unsupervised Niche Clustering with Application to Network Intrusion Detection. In Proceedings of the 6th IEEE Congress on Evolutionary Computation (CEC2004), volume 1, pages 502-508, 2004.
[33] Yu Guan, Ali A. Ghorbani, and Nabil Belacel. Y-Means: A Clustering Method for Intrusion Detection. In Canadian Conference on Electrical and Computer Engineering, pages 1083-1086, 2003.
[34] Mohammad Saniee Abadeh, Jafar Habibi, and Emad Soroush. Induction of Fuzzy Classification Systems via Evolutionary ACO-Based Algorithms. International Journal of Simulation Systems, Science & Technology, 9(3):1-8, 2008.
[35] Hisao Ishibuchi, Ken Nozaki, and Hideo Tanaka. Distributed Representation of Fuzzy Rules and its Application to Pattern Classification. Fuzzy Sets and Systems, 52(1):21-32, 1992.
[36] Tomoharu Nakashima Hisao Ishibuchi. Improving the Performance of Fuzzy Classifier Systems for Pattern Classification Problems with Continuous Attributes. IEEE Transactions on Industrial Electronics, 46(6), 1999.
[37] Marco Dorigo. Optimization, Learning, and Natural Algorithms (In Italian). PhD thesis, Dipartimento di Elettronica, Politecnico di Milano, Milan, Italy, 1992.
[38] Marco Dorigo and Luca Maria Gambardella. Ant Colony System: A Cooperative Learning Approach to the Traveling Salesman Problem. IEEE Transactions on Evolutionary Computation, 1(1): 53-66, 1997.
[39] Marco Dorigo, Vittorio Maniezzo, and Alberto Colorni. The Ant System: Optimization by a Colony of Cooperating Agents. IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics, 26:29-41, 1996.
[40] D. Costa and A. Hertz. Ants Can Colour Graphs. Journal of the Operational Research Society, 48(3):295-305, 1997.
[41] Luca Maria Gambardella and Marco Dorigo. Ant Colonies for the Quadratic Assignment Problem. Journal of the Operational Research Society, 50 (2):167-176, 1999.
[42] Vittorio Maniezzo and Alberto Colorni. The Ant System Applied to the Quadratic Assignment Problem. IEEE Transactions on Knowledge and Data Engineering, 11(5):769-778, 1999.
[43] Bernd Bullnheimer, Richard F. Hartl, and Christine Strauss. An Improved Ant System Algorithm for the Vehicle Routing Problem. Annals of Operations Research, 89:319-328, 1999.
[44] Luca Maria Gambardella, Éric Taillard, and Giovanni Agazzi. MACS-VRPTW: A Multiple Ant Colony System for Vehicle Routing Problems with Time Windows. New Ideas in Optimization, 52(2):63-76, 1999.
[45] ChristineSolnon. Ants Can Solve Constraint Satisfaction Problems. IEEE Transactions on Evolutionary Computation, 6(4):347-357, 2002.
[46] Rafael S. Parpinelli, Heitor S. Lopes, and Alex A. Freitas. Data Mining with an Ant Colony Optimization Algorithm. IEEE Transactions on Evolutionary Computation, 6(4):321-332, 2002.
[47] Lincoln Laboratory MIT. http://www.ll.mit.edu.
[48] Charles Elkan. Results of the KDD'99 Classifier Learning. ACM SIGKDD Explorations Newsletter, 1(2):63-64, 2000.
[49] Ramesh Agarwal and Mahesh V. Joshi. PNrule: A New Framework for Learning Classifier Models in Data Mining (A Case-Study in Network Intrusion Detection). In Proceedings of the 1st SIAM Conference on Data Mining, Chicago, IL, USA, 2001.
)