Authors: Surat Srinoy, Werasak Kurutach, Witcha Chimphlee, Siriporn Chimphlee

Abstract:

One main drawback of intrusion detection system is the inability of detecting new attacks which do not have known signatures. In this paper we discuss an intrusion detection method that proposes independent component analysis (ICA) based feature selection heuristics and using rough fuzzy for clustering data. ICA is to separate these independent components (ICs) from the monitored variables. Rough set has to decrease the amount of data and get rid of redundancy and Fuzzy methods allow objects to belong to several clusters simultaneously, with different degrees of membership. Our approach allows us to recognize not only known attacks but also to detect activity that may be the result of a new, unknown attack. The experimental results on Knowledge Discovery and Data Mining- (KDDCup 1999) dataset.

Keywords: Network security, intrusion detection, rough set, ICA, anomaly detection, independent component analysis, rough fuzzy .

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1083793

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1905

References:

[1] D.S Bauer, M.E Koblentz,. NIDX- an expert system for real-time network intrusion detection, Proceedings of the Computer Networking Symposium, 1988. pp. 98-106.
[2] R. Bace and P. Mell, Intrusion Detection Systems, NIST Special Publication on Intrusion Detection System, 31 November 2001.
[3] A.Sundaram, An introduction to intrusion detection, Crossroads: The ACM student magazine, 2(4), April 1996.
[4] D. Denning, An intrusion-detection model, In IEEE computer society symposium on research in security and privacy, 1986, pp. 118-131.
[5] T.Lane, Machine Learning techniques for the computer Security, PhD thesis, Purdue University, 2000.
[6] W. Lee and S. Stolfo, Data mining approaches for intrusion detection, Proc. of the 7th USENIX security symposium, 1998.
[7] D.Dagupta and F. Gonzalez, An immunity-based technique to characterize intrusions in computer networks, IEEE Transactions on Evolutionary Computation, 6, June 2002, 28- 291,
[8] H. Jin, J. Sun, H. Chen, and Z. Han, A Fuzzy Data Mining Based Intrusion Detection System, Proc. of 10thInternational Workshop on future Trends in Distributed Computing Systems (FTDCS04) IEEE Computer Society, Suzhou, China, May 26-28, 2004, 191-197.
[9] J. Twycross , Immune Systems, Danger Theory and Intrusion Detection, presented at the AISB 2004 Symposium on Immune System and Cognition, Leeds, U.K., March 2004.
[10] R.T. Alves, M.R.B.S. Delgado, H.S. Lopes, A.A. Freitas,An artificial immune system for fuzzy-rule induction in data mining, Lecture Notes in Computer Science, Berlin: Springer-Verlag, 3242, 2004, 1011-1020.
[11] Q. Shen and A. , Chouchoulas. Rough set-based dimensionality reduction for supervised and unsupervised learning. International Journal of APPLIED MATHEMATICS AND COMPUTER SCIENCE, 11 (3), 2001, 583-601,
[12] J. Katzberg and W. Ziarko, Variable precision extension of rough sets, In W. Ziarko (ed.) Fundamenta Informaticae, Special Issue on Rough Sets, 27, (2-3), 1996,155-168.
[13] D. Sarjon and Mohd Noor Md Sap, Association Rules Using Rough Set and Association Rule Methods, Proc.of 7th Pacific Rim International Conference on Artificial Intelligence (PRICAI-02),Tokyo, Japan, August 18-22, 2002, 238-243.
[14] J. Bezkek, Pattern Recognition with Fuzzy Objective Function Algorithms, Plenum Press, USA, 1981.
[15] KDD data set, 1999; http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
[16] P. Laskov, K. Rieck, C. Schäfer, K.R. Müller, "Visualization of anomaly detection using prediction sensitivity", Proc.of Sicherheit, April 2005, 197- 208.
[17] W. Chimphlee, Abdul Hanan Abdullah, Mohd Noor Md Sap, S. Chimphlee, and S. Srinoy, Unsupervised Clustering methods for Identifying Rare Events in Anomaly Detection, 6th Internation Enformatika Conference (IEC2005), October 26-28, 2005, Budapest, Hungary.
[18] A. Lazarevic, A. Ozgur, L. Ertoz, J. Srivastava, and V. Kumar, A comparative study of anomaly detection schemes in network intrusion detection. In SIAM International Conference on Data Mining, 2003.
[19] T. Wakaki, H. Itakura, and M.Tamura, Rough Set-Aided Feature Selection for Automatic Web-Page Classification, Proc. of the IEEE/WIC/ACM International Conference on Web Intelligence (WI-04).
[20] S. Chebrolu, A. Abraham, J. P. Thomas, Feature deduction and ensemble design of intrusion detection systems, Computer & Security (2004).