File(s) under permanent embargo

Reason: This item is currently closed access.

Improving intrusion detection by the automated generation of detection rules

journal contribution
posted on 24.03.2016, 14:22 authored by Abdulrazaq Almutairi, David J. Parish
Rule Based Detection Systems have been successful in preventing attacks on network resources, but suffer a problem in that they are not adaptable in cases where new attacks are made i.e. they need human intervention for investigating new attacks. This paper proposes the creation of a predictive intrusion detection model that is based on usage of classification techniques such as decision tree, Naïve Bayes, neural network, and fuzzy logic to generate new rules. The proposed model in this paper consists of two stages. The first stage uses either a Decision tree (J48 based on C4.5) or Naïve Bayes classifier based on the results obtained in experiments while the second stage is based on a hybrid module that uses both a neural network (MLP) and fuzzy logic. Training and evaluation phases used randomly selected connections in a subset of the KDD’99 intrusion detection data set. A selected set of features has been extracted from those connections using a subset evaluation algorithm. This paper shows how the proposed system has been trained detailing parameters that affect the training process; it also details results obtained in the evaluation process including detection and false positive rates.

History

School

  • Mechanical, Electrical and Manufacturing Engineering

Published in

nternational Journal of Intelligent Computing Research (IJICR),

Volume

Volume 5,

Issue

Issues 3/4,

Citation

ALMUTAIRI, A.Z. and PARISH, D.J., 2014. Improving intrusion detection by the automated generation of detection rules. International Journal of Intelligent Computing Research, 5 (4), pp. 481-488.

Publisher

© Infonomics Society

Version

VoR (Version of Record)

Publisher statement

This work is made available according to the conditions of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) licence. Full details of this licence are available at: https://creativecommons.org/licenses/by-nc-nd/4.0/

Acceptance date

12/03/2015

Publication date

2014

Notes

This paper is closed access.

ISSN

2042-4655

Language

en