Intrusion Detection Based on Clustering Organizational Co-Evolutionary Classification

  • Fang Liu
  • Yun Tian
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4223)


Organizational Co-Evolutionary Classification (OCEC) is a novel classification algorithm, based on co-evolutionary computation. Differing from Genetic Algorithm, OCEC can work without encoding datasets because introducing “organization” concept. To deal with mass data in intrusion detection effectively, we develop a new algorithm, Clustering Organizational Co-Evolutionary Classification (COCEC) by introducing the clustering method to OCEC. COCEC divides initial data into many sections, and each section is considered as an organization, thus COCEC allows more data to obtain evolutionary learning, so the rule set worked out by COCEC contains fewer rules. In addition to improvement of the initial state in OCEC, some improvements have also been done in the choice strategy of the operators and the rule matching method The experiment results show that COCEC is more accurate and more effective than OCEC and OCEFC (Organizational Co-Evolutionary Fuzzy Classification) with the KDD CUP 99 database, and it greatly reduces the number of rules and testing time.


Training Data Intrusion Detection Attribute Significance Attack Type Learning Classifier System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Denning, D.E.: An Intrusion-Detection Model. In: Proceedings of the 1986 IEEE Symposium on Security and Privacy (1996)Google Scholar
  2. 2.
    Mill, J., Inoue, A.: Support vector classifiers and network intrusion detection. In: Fuzzy Systems. Proceedings. 2004 IEEE International Conference, vol. 1, pp. 407–410 (2004)Google Scholar
  3. 3.
    Shah, H., Undercoffer, J., Joshi, A.: Fuzzy clustering for intrusion detection. In: Fuzzy Systems. FUZZ 2003. The 12th IEEE International Conference, vol. 2, pp. 1274–1278 (2003)Google Scholar
  4. 4.
    Licheng, J., Lei, W.: A novel genetic algorithm based on immune. IEEE Trans. on System, Man, and Cybernetics—Part A 30, 552–561 (2000)CrossRefGoogle Scholar
  5. 5.
    Fang, L., Bo, Q., Rongsheng, C.: Intrusion Detection Based on Immune Clonal Selection Algorithms. In: Webb, G.I., Yu, X. (eds.) AI 2004. LNCS (LNAI), vol. 3339, pp. 1226–1232. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Fang, L., Leping, L.: Unsupervised Anomaly Detection Based n an Evolutionary Artificial Immune Network. In: Rothlauf, F., Branke, J., Cagnoni, S., Corne, D.W., Drechsler, R., Jin, Y., Machado, P., Marchiori, E., Romero, J., Smith, G.D., Squillero, G. (eds.) EvoWorkshops 2005. LNCS, vol. 3449, pp. 166–174. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Wilcox, J.R.: Organizational learning within a learning classifier system. IlliGAL Report No.95003 (1995)Google Scholar
  8. 8.
    Licheng, J., Jing, L., Weica, Z.: An organizational coevolutionary algorithm for classification. IEEE Trans. Evol. Comput. 10, 67–80 (2006)CrossRefGoogle Scholar
  9. 9.
    Fang, L., Zhen-Guo, C.: Intrusion Detection Based on Organizational CoEvolutionary Fuzzy Classifiers. In: The Proceedings of International Conference on Intelligent Information Processing, IIP 2004 (2004)Google Scholar
  10. 10.
  11. 11.
    Qi, B.Z.: Patter recognization (in Chinese). Tsinghua University press, Beijing (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Fang Liu
    • 1
  • Yun Tian
    • 1
  1. 1.School of Computer Science and EngineeringXidian UniversityXi’anChina

Personalised recommendations