GNP-Based Fuzzy Class-Association Rule Mining in IDS

Abstract:

As the Internet services spread all over the world,

many kinds of security threats are increasing. Therefore,

existing Intrusion Detection Systems (IDS) facing very

serious issue for the Internet users for their day to day online

transactions, like Internet banking, online shopping, foreign

exchange and trading stocks. Genetic Algorithm is used to

identify various attacks on different type of connections. This

algorithm takes into consideration of different features in

network connections such as protocol type, duration, service,

to generate a classification rule set. Each rule set identifies a

specific type of attacks. A novel fuzzy class-association rule

mining method based on Genetic Network Programming

(GNP) is used for detecting such network intrusions. By

combining fuzzy set theory with GNP, the proposed method

can deal with KDDCup99 mixed dataset that contains both

discrete and continuous attributes. This method focuses on

building distribution of normal and intrusion accesses based

on fuzzy GNP. In an application of intrusion detection the

training dataset contains both normal connections and

several kinds of intrusion connections. GNP examines all the

tuples of the connections in the dataset to pick up the rules to

be stored in two independent rule pools; normal pool and

intrusion pool. Fitness function is defined, higher fitness of a

rule results in high Detection Rate (DR) and low Positive

False Rate (PFR), which means probability of intrusion is

high in the connection. By using this data can be classified

into normal class, intrusion class.

Keywords: Genetic Network