Skip to main content
SpringerLink
Log in

Frequent Positive and Negative Itemsets Approach for Network Intrusion Detection

  • Conference paper
Soft Computing Applications and Intelligent Systems (M-CAIT 2013)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 378))

Included in the following conference series:

  • 858 Accesses

Abstract

Recently there has been much interest in applying data mining to computer network intrusion detection. Accurate network traffic model is important for network stipulation. Significant knowledge is crucial for better accuracy in network traffic model. This paper presents the use of a Frequent Positive and Negative (FPN) itemset approach for network traffic intrusion detection. FPN approach generates strong positive and negative rules, in which produce important knowledge for building accurate network traffic model. Usually, frequent itemsets are generated based on the frequency of the presence of a particular item or itemset before generating the relevant rules. However, in FPN approach, for negative association rules, frequent absent itemsets is introduced. FPN approach has successfully enhanced the accuracy of the network traffic model by identifying volume anomaly. The experiments performed on network traffic data at the Universiti Kebangsaan Malaysia. We also report experimental results over other algorithms such as Rough Set and Naive Bayes. The results demonstrate that the performance of the FPN approach is comparable with the results of other algorithms. Indeed, the FPN approach obtains better results compared to other algorithms, indicating that the FPN approach is a promising approach to solving intrusion detection problems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ke, F.Y., Yan, F., Lin, Z.J.: Research of Outlier Mining Based Adaptive Intrusion Detection Techniques. In: Knowledge Discovery and Data Mining, pp. 552–555. IEEE (2010)

    Google Scholar 

  2. Gomez, J., Dasgupta, D.: Evolving fuzzy classifiers for intrusion detection. In: Proceedings of the 2002 IEEE Workshop on Information Assurance, vol. 6, pp. 321–323. IEEE Computer Press, New York (2002)

    Google Scholar 

  3. Tajbakhsh, A., Rahmati, M., Mirzaei, A.: Intrusion detection using fuzzy association rules. Applied Soft Computing, 462–469 (2009)

    Google Scholar 

  4. Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Bayesian event classification for intrusion detection. In: Proceedings of the 19th Annual Computer Security Applications Conference, pp. 14–23. IEEE (2003)

    Google Scholar 

  5. Puttini, R.S., Marrakchi, Z., Mé, L.: A Bayesian classification model for real-time intrusion detection. AIP Conference Proceedings, vol. 659. p. 150 (2003)

    Google Scholar 

  6. Fugate, M., James, R.G.: Computer intrusion detection with classification and anomaly detection, using SVMs. International Journal of Pattern Recognition and Artificial Intelligence 17, 441–458 (2003)

    Article  Google Scholar 

  7. Li, X., Zhang, Y.: Local area network anomaly detection using association rules mining. In: 5th International Conference on Wireless Communications, Networking and Mobile Computing, WiCom 2009, pp. 1–5. IEEE (2009)

    Google Scholar 

  8. Xuren, W., Famei, H.: Improving Intrusion Detection Performance Using Rough Set Theory and Association Rule Mining. In: International Conference on Hybrid Information Technology, ICHIT 2006 (2006)

    Google Scholar 

  9. Zhang, L., Zhang, G., Yu, L., Zhang, J., Bai, Y.: Intrusion detection using rough set classification. Journal of Zhejiang University-Science A 5, 1076–1086 (2004)

    Article  Google Scholar 

  10. Liu, B., Hsu, W., Ma, Y.: Integrating classification and association rule mining. In: Knowledge Discovery and Data Mining, pp. 80–86 (1998)

    Google Scholar 

  11. Yin, J., Han, X.: CPAR: Classification based on predictive association rules. SIAM Society for Industrial & Applied, p. 331 (2003)

    Google Scholar 

  12. Li, W., Han, J., Pei, J.: CMAR: Accurate and efficient classification based on multiple class-association rules. In: ICDM, pp. 369–376 (2001)

    Google Scholar 

  13. Thabtah, F., Cowling, P., Peng, Y.: MCAR: multi-class classification based on association rule. In: Computer Systems and Applications, p. 33. IEEE (2005)

    Google Scholar 

  14. Antonie, M.L., Zaïane, O.R.: An associative classifier based on positive and negative rules. In: ACM SIGMOD, pp. 64–69. ACM (2004)

    Google Scholar 

  15. Kundu, G., Islam, M.M., Munir, S., Bari, M.F.: ACN: An Associative Classifier with Negative Rules. Science and Engineering, 369–375 (2008)

    Google Scholar 

  16. Li, J., Jones, J.: Using multiple and negative target rules to make classifiers more understandable. Knowledge-Based Systems 19, 438–444 (2006)

    Article  Google Scholar 

  17. Zhao, Y., Zhang, H., Wu, S., Pei, J., Cao, L., Zhang, C., Bohlscheid, H.: Debt Detection in Social Security by Sequence Classification Using Both Positive and Negative Patterns. In: Buntine, W., Grobelnik, M., Mladenić, D., Shawe-Taylor, J. (eds.) ECML PKDD 2009, Part II. LNCS(LNAI), vol. 5782, pp. 648–663. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  18. Kamaruddin, S.S., Hamdan, A.R., Abu Bakar, A., Mat Nor, F.: Conceptual Graph Interchange Format for Mining Financial Statements. In: Wen, P., Li, Y., Polkowski, L., Yao, Y., Tsumoto, S., Wang, G. (eds.) RSKT 2009. LNCS, vol. 5589, pp. 579–586. Springer, Heidelberg (2009)

    Google Scholar 

  19. Zhang, Y., Jiao, J.R.: An associative classification-based recommendation system for personalization in B2C e-commerce applications. Expert Systems with Applications 33, 357–367 (2007)

    Article  MathSciNet  Google Scholar 

  20. Fugate, M., Gattiker, J.R.: Anomaly detection enhanced classification in computer intrusion detection. In: Lee, S.-W., Verri, A. (eds.) SVM 2002. LNCS, vol. 2388, pp. 186–197. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  21. Lee, W., Stolfo, S.J., Mok, K.W.: A data mining framework for building intrusion detection models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, pp. 120–132. IEEE (1999)

    Google Scholar 

  22. Chen, G., Liu, H., Yu, L., Wei, Q., Zhang, X.: A new approach to classification based on association rule mining. Decision Support Systems 42, 674–689 (2006)

    Article  Google Scholar 

  23. Agrawal, R., Imielinski, T., Swami, A.: Mining association rules between sets of items in large databases. ACM SIGMOD Record 22, 207–216 (1993)

    Article  Google Scholar 

  24. Agarwal, R.C., Aggarwal, C.C., Prasad, V.V.V.: A tree projection algorithm for generation of frequent item sets. Journal of Parallel and Distributed Computing 61, 350–371 (2001)

    Article  MATH  Google Scholar 

  25. Brin, S., Motwani, R., Silverstein, C.: Beyond market baskets: Generalizing association rules to correlations. ACM SIGMOD Record 26, 265–276 (1997)

    Article  Google Scholar 

  26. Hussain, F., Liu, H., Suzuki, E., Lu, H.: Exception rule mining with a relative interestingness measure. In: Terano, T., Liu, H., Chen, A.L.P. (eds.) PAKDD 2000. LNCS(LNAI), vol. 1805, pp. 86–97. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  27. Bakar, A., Othman, Z.A., Muda, E.A.E., Hamdan, A.R.: The Time Series Network Traffic Anomaly Detection Using Rough Set Theory. In: Malaysian Joint Conference Artificial on Intelligent (2012)

    Google Scholar 

  28. Cornelis, C., Yan, P., Zhang, X., Chen, G.: Mining positive and negative association rules from large databases. In: IEEE Cybernetics and Intelligent, pp. 1–6 (2006)

    Google Scholar 

  29. Cohen, J., Cohen, P., West, S.G., Aiken, L.S.: Applied multiple regression/correlation analysis for the behavioral sciences. NJ Eribaum, Hillsdale (1983)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center for Artificial Intelligence Technology, Faculty of Technology and Information Science, Universiti Kebangsaan Malaysia, Bangi, Selangor, Malaysia

    Anis Suhailis Abdul Kadir, Azuraliza Abu Bakar & Abdul Razak Hamdan

Authors
  1. Anis Suhailis Abdul Kadir
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Azuraliza Abu Bakar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Abdul Razak Hamdan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Information Science & Technology, University Kebangsaan Malaysia, Bangi, Selangor, Malaysia

    Shahrul Azman Noah

  2. Center for Artificial Intelligence Technology (CAIT), Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia, 43600 UKM, Bangi, Selangor D. E, Malaysia

    Azizi Abdullah

  3. Universiti Kebangsaan Malaysia, 43600, Bangi, Selangor Darul Ehsan, Malaysia

    Haslina Arshad , Zulaiha Ali Othman  & Zalinda Othman ,  & 

  4. School of Computer Science, FTSM, Universiti Kebangsaan Malaysia, 43600, Bangi, Selangor Darul Ehsan, Malaysia

    Azuraliza Abu Bakar

  5. Pattern Recognition Research Group, CAIT, Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia, 43600, Bangi, Selangor, Malaysia

    Shahnorbanun Sahran

  6. Faculty of Information Science & IT, National University of Malaysia, 43600, Bangi, Selangor, Malaysia

    Nazlia Omar

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Abdul Kadir, A.S., Abu Bakar, A., Hamdan, A.R. (2013). Frequent Positive and Negative Itemsets Approach for Network Intrusion Detection. In: Noah, S.A., et al. Soft Computing Applications and Intelligent Systems. M-CAIT 2013. Communications in Computer and Information Science, vol 378. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40567-9_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-40567-9_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-40566-2

  • Online ISBN: 978-3-642-40567-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation