Improving intrusion detection by the automated generation of detection rules
journal contribution
posted on 2016-03-24, 14:22authored byAbdulrazaq Almutairi, David J. Parish
Rule Based Detection Systems have been successful in preventing attacks on network resources, but suffer a problem in that they are not adaptable in cases where new attacks are made i.e. they need human intervention for investigating new attacks. This paper proposes the creation of a predictive intrusion detection model that is based on usage of classification techniques such as decision tree, Naïve Bayes, neural network, and fuzzy logic to generate new rules. The proposed model in this paper consists of two stages. The first stage uses either a Decision tree (J48 based on C4.5) or Naïve Bayes classifier based on the results obtained in experiments while the second stage is based on a hybrid module that uses both a neural network (MLP) and fuzzy logic. Training and evaluation phases used randomly selected connections in a subset of the KDD’99 intrusion detection data set. A selected set of features has been extracted from those connections using a subset evaluation algorithm. This paper shows how the proposed system has been trained detailing parameters that affect the training process; it also details results obtained in the evaluation process including detection and false positive rates.
History
School
Mechanical, Electrical and Manufacturing Engineering
Published in
nternational Journal of Intelligent Computing Research (IJICR),
Volume
Volume 5,
Issue
Issues 3/4,
Citation
ALMUTAIRI, A.Z. and PARISH, D.J., 2014. Improving intrusion detection by the automated generation of detection rules. International Journal of Intelligent Computing Research, 5 (4), pp. 481-488.
This work is made available according to the conditions of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) licence. Full details of this licence are available at: https://creativecommons.org/licenses/by-nc-nd/4.0/