File(s) under permanent embargo

Reason: This item is currently closed access.

Improving intrusion detection by the automated generation of detection rules

journal contribution
posted on 24.03.2016, 14:22 by Abdulrazaq Almutairi, David J. Parish
Rule Based Detection Systems have been successful in preventing attacks on network resources, but suffer a problem in that they are not adaptable in cases where new attacks are made i.e. they need human intervention for investigating new attacks. This paper proposes the creation of a predictive intrusion detection model that is based on usage of classification techniques such as decision tree, Naïve Bayes, neural network, and fuzzy logic to generate new rules. The proposed model in this paper consists of two stages. The first stage uses either a Decision tree (J48 based on C4.5) or Naïve Bayes classifier based on the results obtained in experiments while the second stage is based on a hybrid module that uses both a neural network (MLP) and fuzzy logic. Training and evaluation phases used randomly selected connections in a subset of the KDD’99 intrusion detection data set. A selected set of features has been extracted from those connections using a subset evaluation algorithm. This paper shows how the proposed system has been trained detailing parameters that affect the training process; it also details results obtained in the evaluation process including detection and false positive rates.



  • Mechanical, Electrical and Manufacturing Engineering

Published in

nternational Journal of Intelligent Computing Research (IJICR),


Volume 5,


Issues 3/4,


ALMUTAIRI, A.Z. and PARISH, D.J., 2014. Improving intrusion detection by the automated generation of detection rules. International Journal of Intelligent Computing Research, 5 (4), pp. 481-488.


© Infonomics Society


VoR (Version of Record)

Publisher statement

This work is made available according to the conditions of the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) licence. Full details of this licence are available at:

Acceptance date


Publication date



This paper is closed access.





Usage metrics