Soft Computing

, Volume 23, Issue 4, pp 1321–1336 | Cite as

A multi-objective evolutionary fuzzy system to obtain a broad and accurate set of solutions in intrusion detection systems

  • Salma Elhag
  • Alberto FernándezEmail author
  • Abdulrahman Altalhi
  • Saleh Alshomrani
  • Francisco Herrera
Methodologies and Application


Intrusion detection systems are devoted to monitor a network with aims at finding and avoiding anomalous events. In particular, we focus on misuse detection systems, which are trained to identify several known types of attacks. These can be unauthorized accesses, or denial of service attacks, among others. Whenever it scans a trace of a suspicious event, it is programmed to trigger an alert and/or to block this dangerous access to the system. Depending on the security policies of the network, the administrator may seek different requirements that will have a strong dependency on the behavior of the intrusion detection system. For a given application, the cost of raising false alarms could be higher than carrying out a preventive access lock. In other scenarios, there could be a necessity of correctly identifying the exact type of cyber attack to proceed in a given way. In this paper, we propose a multi-objective evolutionary fuzzy system for the development of a system that can be trained using different metrics. By increasing the search space during the optimization of the model, more accurate solutions are expected to be obtained. Additionally, this scheme allows the final user to decide, among a broad set of solutions, which one is better suited for the current network characteristics. Our experimental results, using the well-known KDDCup’99 problem, supports the quality of this novel approach in contrast to the state-of-the-art for evolutionary fuzzy systems in intrusion detection, as well as the C4.5 decision tree.


Intrusion detection systems Computational intelligence Evolutionary fuzzy systems Multi-objective evolutionary algorithms Misuse detection 



This paper was funded by King Abdulaziz University, under Grant HiCi. The authors therefore, acknowledge technical and financial support of KAU.

Compliance with ethical standards

Conflict of interest


Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.


  1. Alcala R, Alcalá-Fdez J, Herrera F (2007) A proposal for the genetic lateral tuning of linguistic fuzzy systems and its interaction with rule selection. IEEE Trans Fuzzy Syst 15(4):616–635CrossRefzbMATHGoogle Scholar
  2. Alcalá-Fdez J, Alcalá R, Herrera F (2011) A fuzzy association rule-based classification model for high-dimensional problems with genetic rule selection and lateral tuning. IEEE Trans Fuzzy Syst 19(5):857–872CrossRefGoogle Scholar
  3. Alok AK, Saha S, Ekbal A (2016) Multi-objective semi-supervised clustering for automatic pixel classification from remote sensing imagery. Soft Comput 20(12):4733–4751CrossRefGoogle Scholar
  4. Benferhat S, Boudjelida A, Tabia K, Drias H (2013) An intrusion detection and alert correlation approach based on revising probabilistic classifiers using expert knowledge. Appl Intell 38(4):520–540CrossRefGoogle Scholar
  5. Bostani H, Sheikhan M (2017) Hybrid of binary gravitational search algorithm and mutual information for feature selection in intrusion detection systems. Soft Comput 21(9):2307–2324CrossRefGoogle Scholar
  6. Branke J, Deb K, Dierolf H, Osswald M (2004) Finding knees in multi-objective optimization. In: Yao X, Burke EK, Lozano JA, Smith J, Guervós JJM, Bullinaria JA, Rowe JE, Tiño P, Kabán A, Schwefel HP (eds) PPSN, Lecture Notes in Computer Science, vol 3242. Springer, New York, pp 722–731Google Scholar
  7. Casillas J, Cordón O, del Jesús MJ, Herrera F (2005) Genetic tuning of fuzzy rule deep structures preserving interpretability and its interaction with fuzzy rule set reduction. IEEE Trans Fuzzy Syst 13(1):13–29CrossRefGoogle Scholar
  8. Chebrolu S, Abraham A, Thomas JP (2005) Feature deduction and ensemble design of intrusion detection systems. Comput Secur 24(4):295–307CrossRefGoogle Scholar
  9. Chung YY, Wahid N (2012) A hybrid network intrusion detection system using simplified swarm optimization (SSO). Appl Soft Comput 12(9):3014–3022CrossRefGoogle Scholar
  10. Coello-Coello CA, Lamont G, van Veldhuizen D (2007) Evolutionary algorithms for solving multi-objective problems, genetic and evolutionary computation, 2nd edn. Springer, BerlinzbMATHGoogle Scholar
  11. Cordón O, del Jesus MJ, Herrera F (1999) A proposal on reasoning methods in fuzzy rule-based classification systems. Int J Approx Reason 20(1):21–45CrossRefGoogle Scholar
  12. Deb K, Pratap A, Agarwal S, Meyarivan T (2002) A fast and elitist multiobjective genetic algorithm: NSGA-II. IEEE Trans Evol Comput 6(2):182–197CrossRefGoogle Scholar
  13. Debar H, Dacier M, Wespi A (1999) Towards a taxonomy of intrusion-detection systems. Comput Netw 31(8):805–822CrossRefGoogle Scholar
  14. Eiben AE, Smith JE (2003) Introduction to evolutionary computation. Springer, BerlinCrossRefzbMATHGoogle Scholar
  15. Elhag S, Fernández A, Bawakid A, Alshomrani S, Herrera F (2015) On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on intrusion detection systems. Expert Syst Appl 42(1):193–202CrossRefGoogle Scholar
  16. Fernández A, Calderón M, Barrenechea E, Bustince H, Herrera F (2010) Solving multi-class problems with linguistic fuzzy rule based classification systems based on pairwise learning and preference relations. Fuzzy Sets Syst 161(23):3064–3080MathSciNetCrossRefzbMATHGoogle Scholar
  17. Fernández A, del Jesus MJ, Herrera F (2010) On the 2-tuples based genetic tuning performance for fuzzy rule based classification systems in imbalanced data-sets. Inf Sci 180(8):1268–1291MathSciNetCrossRefGoogle Scholar
  18. Fernandez A, del Rio S, Lopez V, Bawakid A, del Jesus MJ, Benitez JM, Herrera F (2014) Big data with cloud computing: an insight on the computing environment, mapreduce and programming frameworks. Wiley Interdisc Rev Data Min Knowl Discov 4(5):380–409CrossRefGoogle Scholar
  19. Fernandez A, Lopez V, del Jesus MJ, Herrera F (2015) Revisiting evolutionary fuzzy systems: taxonomy, applications, new trends and challenges. Knowl Based Syst 80:109–121CrossRefGoogle Scholar
  20. Gacto M, Alcalá R, Herrera F (2011) Interpretability of linguistic fuzzy rule-based systems: an overview of interpretability measures. Inf Sci 181(20):4340–4360CrossRefGoogle Scholar
  21. Galar M, Fernández A, Barrenechea E, Bustince H, Herrera F (2011) An overview of ensemble methods for binary classifiers in multi-class problems: experimental study on one-vs-one and one-vs-all schemes. Pattern Recogn 44(8):1761–1776CrossRefGoogle Scholar
  22. Goroohi Sardou I, Ameli MT (2016) A fuzzy-based non-dominated sorting genetic algorithm-II for joint energy and reserves market clearing. Soft Comput 20(3):1161–1177CrossRefGoogle Scholar
  23. Guo C, Zhou Y, Ping Y, Zhang Z, Liu G, Yang Y (2014) A distance sum-based hybrid method for intrusion detection. Appl Intell 40(1):178–188Google Scholar
  24. Herrera F, Martínez L (2000) A 2-tuple fuzzy linguistic representation model for computing with words. IEEE Trans Fuzzy Syst 8(6):746–752CrossRefGoogle Scholar
  25. Ishibuchi H, Yamamoto T (2005) Rule weight specification in fuzzy rule-based classification systems. IEEE Trans Fuzzy Syst 13:428–435CrossRefGoogle Scholar
  26. Ishibuchi H, Nakashima T, Nii M (2004) Classification and modeling with linguistic information granules: advanced approaches to linguistic data mining. Springer, BerlinzbMATHGoogle Scholar
  27. Kavsek B, Lavrac N (2006) Apriori-sd: Adapting association rule learning to subgroup discovery. Appl Artif Intell 20(7):543–583CrossRefGoogle Scholar
  28. Khor KC, Ting CY, Phon-Amnuaisuk S (2012) A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection. Appl Intell 36(2):320–329CrossRefGoogle Scholar
  29. Kudlacik P, Porwik P, Wesołowski T (2016) Fuzzy approach for intrusion detection based on user’s commands. Soft Comput 20(7):2705–2719CrossRefGoogle Scholar
  30. Lee W, Stolfo S (2000) A framework for constructing features and models for intrusion detection systems. ACM Trans Inf Syst Secur 3(4):227–261CrossRefGoogle Scholar
  31. Mitchell R, Chen I (2015) Behavior rule specification-based intrusion detection for safety critical medical cyber physical systems. IEEE Trans Dependable Secure Comput 12(1):16–30CrossRefGoogle Scholar
  32. Mohammadi Shanghooshabad A, Saniee Abadeh M (2016) Sifter: an approach for robust fuzzy rule set discovery. Soft Comput 20(8):3303–3319CrossRefGoogle Scholar
  33. Pan S, Morris T, Adhikari U (2015) Developing a hybrid intrusion detection system using data mining for power systems. IEEE Trans Smart Grid 6(6):3104–3113CrossRefGoogle Scholar
  34. Patcha A, Park JM (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput Netw 51(12):3448–3470Google Scholar
  35. Perona I, Gurrutxaga I, Arbelaitz O, Martín JI, Muguerza J, Pérez JM (2008) Service-independent payload analysis to improve intrusion detection in network traffic. In: Proceedings of the 7th Australasian Data Mining Conference (AusDM08), pp 171–178Google Scholar
  36. Quinlan J (1993) C4.5: programs for machine learning. Morgan Kauffman, San MateoGoogle Scholar
  37. Tavallaee M, Bagheri E, Lu W, Ghorbani A (2009) A detailed analysis of the KDD cup 99 data set. In: Second IEEE symposium on computational intelligence for security and defense applications (CISDA09), pp 53–58Google Scholar
  38. Vasilomanolakis E, Karuppayah S, Muhlhauser M (2015) Taxonomy and survey of collaborative intrusion detection. ACM Comput Surv 47(4):55:1–55:33CrossRefGoogle Scholar
  39. Wu SX, Banzhaf W (2010) The use of computational intelligence in intrusion detection systems: a review. Appl Soft Comput 10(1):1–35CrossRefGoogle Scholar
  40. Zhang C, Zhang S (2002) Association rule mining, models and algorithms, Lecture Notes in Computer Science, vol 2307. Springer, BerlinGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany 2017

Authors and Affiliations

  1. 1.Faculty of Computing and Information TechnologyUniversity of JeddahJeddahSaudi Arabia
  2. 2.Department of Computer Science and Artificial IntelligenceUniversity of GranadaGranadaSpain
  3. 3.Faculty of Computing and Information TechnologyKing Abdulaziz UniversityJeddahSaudi Arabia

Personalised recommendations