A multi-objective evolutionary fuzzy system to obtain a broad and accurate set of solutions in intrusion detection systems
Intrusion detection systems are devoted to monitor a network with aims at finding and avoiding anomalous events. In particular, we focus on misuse detection systems, which are trained to identify several known types of attacks. These can be unauthorized accesses, or denial of service attacks, among others. Whenever it scans a trace of a suspicious event, it is programmed to trigger an alert and/or to block this dangerous access to the system. Depending on the security policies of the network, the administrator may seek different requirements that will have a strong dependency on the behavior of the intrusion detection system. For a given application, the cost of raising false alarms could be higher than carrying out a preventive access lock. In other scenarios, there could be a necessity of correctly identifying the exact type of cyber attack to proceed in a given way. In this paper, we propose a multi-objective evolutionary fuzzy system for the development of a system that can be trained using different metrics. By increasing the search space during the optimization of the model, more accurate solutions are expected to be obtained. Additionally, this scheme allows the final user to decide, among a broad set of solutions, which one is better suited for the current network characteristics. Our experimental results, using the well-known KDDCup’99 problem, supports the quality of this novel approach in contrast to the state-of-the-art for evolutionary fuzzy systems in intrusion detection, as well as the C4.5 decision tree.
KeywordsIntrusion detection systems Computational intelligence Evolutionary fuzzy systems Multi-objective evolutionary algorithms Misuse detection
This paper was funded by King Abdulaziz University, under Grant HiCi. The authors therefore, acknowledge technical and financial support of KAU.
Compliance with ethical standards
Conflict of interest
This article does not contain any studies with human participants or animals performed by any of the authors.
- Branke J, Deb K, Dierolf H, Osswald M (2004) Finding knees in multi-objective optimization. In: Yao X, Burke EK, Lozano JA, Smith J, Guervós JJM, Bullinaria JA, Rowe JE, Tiño P, Kabán A, Schwefel HP (eds) PPSN, Lecture Notes in Computer Science, vol 3242. Springer, New York, pp 722–731Google Scholar
- Guo C, Zhou Y, Ping Y, Zhang Z, Liu G, Yang Y (2014) A distance sum-based hybrid method for intrusion detection. Appl Intell 40(1):178–188Google Scholar
- Patcha A, Park JM (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput Netw 51(12):3448–3470Google Scholar
- Perona I, Gurrutxaga I, Arbelaitz O, Martín JI, Muguerza J, Pérez JM (2008) Service-independent payload analysis to improve intrusion detection in network traffic. In: Proceedings of the 7th Australasian Data Mining Conference (AusDM08), pp 171–178Google Scholar
- Quinlan J (1993) C4.5: programs for machine learning. Morgan Kauffman, San MateoGoogle Scholar
- Tavallaee M, Bagheri E, Lu W, Ghorbani A (2009) A detailed analysis of the KDD cup 99 data set. In: Second IEEE symposium on computational intelligence for security and defense applications (CISDA09), pp 53–58Google Scholar
- Zhang C, Zhang S (2002) Association rule mining, models and algorithms, Lecture Notes in Computer Science, vol 2307. Springer, BerlinGoogle Scholar