Abstract
With the rapid developments of network technology, devices connected to the network in a variety of fields have increased, and then, network security has become more important. Rule-based classification for intrusion detection is useful, because it is not only easily understood by humans, but also accurate for the classification of new patterns. Genetic network programming (GNP) is one of the rule-mining techniques as well as the evolutionary-optimization techniques. It can extract rules efficiently even from an enormous database, but still needs more accuracy and stability for practical use. This paper describes a classification system with random forests, employing weighted majority vote in the classification to enhance its performance. For the performance evaluation, NSL-KDD (Network Security Laboratory-Knowledge Discovery and Data Mining) data set is used and the proposed method is compared with the conventional methods, including other machine-learning techniques (Random forests, SVM, J4.8) in terms of the accuracy and false positive rate.
Similar content being viewed by others
References
Lee W, Stolfo SJ (1998) Data mining approaches for intrusion detection. In: Proc. of the 1998 USENIX Security Symp
Bishop CM (2006) Pattern recognition and machine learning. Springer, New York
Quinlan RJ (1993) C4.5: programs for machine learning. Morgan Kaufmann Publishers Inc, Burlington
Katagiri H, Hirasawa K, Hu J, Murata J (2001) Network structure oriented evolutionary model—genetic network programming. In: Proc. of genetic and evolutionary computation conference, pp 219–226
Holland JH (1975) Adaptation in natural and artificial systems. University of Michigan Press, Ann Arbor
Koza JR (1992) Genetic programming: on the programming of computers by means of natural selection. MIT Press, Cambridge
Shimada K, Hirasawa K, Hu J (2006) Genetic network programming with acquisition mechanisms of association rules. J Adv Comput Intell Intell Inform 10(1):102–111
Mabu S, Chen C, Lu N, Shimada K, Hirasawa K (2010) An intrusion detection model based on fuzzy class association rule mining using genetic network programming. IEEE Trans Syst Man Cybern Part C Appl Rev 41(1):130–139
Shimada K, Wang R, Hirasawa K, Furuzuki T (2006) Medical association rule mining using genetic network programming. IEEJ Trans EIS 126(7):849–856
Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD CUP 99 data set. In: IEEE symposium on computational intelligence for security and defense applications, CISDA, Cisda, pp 1–6
Zhang C, Zhang S (2002) Association rule mining: models and algorithm. Springer, Berlin
Agrawal R, Srikant R (1994) Fast algorithms for mining association rules. In: Proc. of the 20th VLDB Conf., Santiago, Chile, pp 487–499
Breiman L (2001) Random forests. Mach Learn 45(1):5–32
Zhang J, Zulkernine M, Haque A (2008) Random-forests-based network intrusion detection systems. IEEE Trans Syst Man Cybern Part C Appl Rev 38(5):649–659
KDDCup1999 Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 22 Dec 2015
Waikato environment for knowledge analysis (Weka), open source project for machine learning. http://www.cs.waikato.ac.nz/ml/weka/. Accessed 22 Dec 2015
Author information
Authors and Affiliations
Corresponding author
About this article
Cite this article
Mabu, S., Gotoh, S., Obayashi, M. et al. A random-forests-based classifier using class association rules and its application to an intrusion detection system. Artif Life Robotics 21, 371–377 (2016). https://doi.org/10.1007/s10015-016-0281-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10015-016-0281-x