Skip to main content

Intrusion detection using rough set classification

Journal of Zhejiang University-SCIENCE A volume 5pages 1076–1086 (2004)Cite this article

Abstract

Recently machine learning-based intrusion detection approaches have been subjected to extensive researches because they can detect both misuse and anomaly. In this paper, rough set classification (RSC), a modern learning algorithm, is used to rank the features extracted for detecting intrusions and generate intrusion detection models. Feature ranking is a very critical step when building the model. RSC performs feature ranking before generating rules, and converts the feature ranking to minimal hitting set problem addressed by using genetic algorithm (GA). This is done in classical approaches using Support Vector Machine (SVM) by executing many iterations, each of which removes one useless feature. Compared with those methods, our method can avoid many iterations. In addition, a hybrid genetic algorithm is proposed to increase the convergence speed and decrease the training time of RSC. The models generated by RSC take the form of “IF-THEN” rules, which have the advantage of explication. Tests and comparison of RSC with SVM on DARPA benchmark data showed that for Probe and DoS attacks both RSC and SVM yielded highly accurate results (greater than 99% accuracy on testing set).

This is a preview of subscription content, access via your institution.

Access options

Buy single article

Instant access to the full article PDF.

43,34 €

Price includes VAT (Finland)
Tax calculation will be finalised during checkout.

References

  • Aleksander, Ø., 1999. Discernibility and Rough Sets in Medicine: Tools and Applications. PhD Dissertation, http://www.idi.ntnu.no/≈aleks/thesis.

  • Allen, J., Christie, A., Fithen, W., McHugh, J. Pickel, J., Stoner, E., 2000. State of the Practice of Intrusion Detection. Technical Report, http://www.sei.cmu.edu/pub/.

  • Anders, T.B., 1997. Rough Enough— A System Supporting the Rough Sets Approach. Sixth Scandinavian Conference on Artificial Intelligence SCAI’97.

  • Bazan, J.G., Skowron, A., Synak, P., 1994. Dynamic Reducts as A Tool for Extracting Laws from Decision Tables. Proceedings of ISMIS’94. Lecture Notes in Artificial Intelligence 869. Springer-Verlag, Berlin, p. 346–355.

    Google Scholar 

  • Chang, C., Lin, J., 2003. LIBSVM, A Library for Support Vector Machines. http://www.csie.ntu.edu.tw/≈cjlin/libsvm/.

  • Goldberg, D.E., 1989. Genetic Algorithms in Search, Optimization, and Machine Learning. Addison-Wesley, Reading, M.A..

    MATH  Google Scholar 

  • James, C., 1998. The Application of Artificial Neural Networks to Misuse Detection: Initial Results. RAID98, Louvain-la-Neuve, Belgium, p. 14–16.

  • KDD, 1999. http:/kdd.ics.uci.edu/databases/kddcup99/task.html.

  • Pawlak, Z., 1982. Rough sets. International Journal of Computer and Information Sciences, 11:341–356.

    MathSciNet  Article  MATH  Google Scholar 

  • Srinivas, M., Sung, A. 2002. Feature Ranking and Selection for Intrusion Detection. Proceedings of the International Conference on Information and Knowledge Engineering.

  • Wang, G.Y., eds. 2001. Rough Set Theory and Knowledge Acquistion. Xi’an Jiaotong University Press, Xi’an (in Chinese).

    Google Scholar 

  • Wang, J., Tao, Q., 2003. Rough Set Theory and Statistical learning Theory. In: Lu, R.Z., ed., Knowledge Science and Computing Science. Tsinghua University Press, Beijing, p. 49 (in Chinese).

    Google Scholar 

  • Wenke, L., 1999. A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems. PhD dissertation, http://www.cc.gatech.edu/≈wenke/.

  • Wroblewski, J., 1995. Finding Minimal Reducts Using Genetic Algorithms. Proc. of the second Annual Join Conference on Information Sciences. Wrightsville Beachm, NC, p. 186–189.

Download references

Author information

Affiliations

  1. Department of Computer Science and Engineering, Shanghai Jiaotong University, 200030, Shanghai, China

    Zhang Lian-hua, Zhang Guan-hua & Bai Ying-cai

  2. An Zong Information Technology Inc., 200042, Shanghai, China

    Zhang Lian-hua

  3. Department of Computing, Hong Kong Polytechnic University, Hong Kong, China

    Zhang Jie

Authors
  1. Zhang Lian-hua
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhang Guan-hua
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lang Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhang Jie
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Bai Ying-cai
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhang Lian-hua.

Additional information

Project (No. 2001AA40437.2) partially supported by the Hi-Tech Research and Development Program (863) of China

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Zhang, Lh., Zhang, Gh., Yu, L. et al. Intrusion detection using rough set classification. J. Zheijang Univ.-Sci. 5, 1076–1086 (2004). https://doi.org/10.1631/jzus.2004.1076

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1631/jzus.2004.1076

Key words

  • Intrusion detection
  • Rough set classification
  • Support vector machine
  • Genetic algorithm

Document code

  • A

CLC number

  • TP393