Skip to main content
SpringerLink
Log in

Gravitational search algorithm–optimized neural misuse detector with selected features by fuzzy grids–based association rules mining

  • Original Article
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

Feature selection is one of the most important techniques for data preprocessing in classification problems. In this paper, fuzzy grids–based association rules mining, as an effective data mining technique, is used for feature selection in misuse detection application in computer networks. The main idea of this algorithm is to find the relationships between items in large datasets so that it detects correlations between inputs of the system and then eliminates the redundant inputs. To classify the attacks, a fuzzy ARTMAP neural network is employed whose training parameters are optimized by gravitational search algorithm. The performance of the proposed system is compared with some other machine learning methods in the same application. Experimental results show that the proposed system, when choosing optimum “feature subset size-adjustment” parameter, performs better in terms of detection rate, false alarm rate, and cost per example in classification problems. In addition, employing the reduced-size feature set results in more than 8.4 percent reduction in computational complexity.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Zainal A, Maarof MA, Shamsuddin SM (2007) Feature selection using rough-DPSO in anomaly intrusion detection. Lect Notes Comput Sci 4705:512–524, Part I

    Google Scholar 

  2. Xie J, Wu J, Qian Q (2009) Feature selection algorithm based on association rules mining method. In: The proceedings of the IEEE/ACIS international conference on computer and information science, pp 357–362

  3. Jain V, Benyoucef L, Deshmukh SG (2008) A new approach for evaluating agility in supply chains using fuzzy association rules mining. Eng Appl Artif Intell 21:367–385

    Article  Google Scholar 

  4. Jeong Ko S, Hyun Lee J (2001) Feature selection using association word mining for classification. Lect Notes Comput Sci 2113:211–220

    Article  Google Scholar 

  5. Karabatak M, Ince MC (2009) An expert system for detection of breast cancer based on association rules and neural network. Exp Syst Appl 36:3465–3469

    Article  Google Scholar 

  6. Karabatak M, Ince MC (2009) A new feature selection method based on association rules for diagnosis of erythemato-squamous diseases. Exp Syst Appl 36:12500–12505

    Article  Google Scholar 

  7. Xiaonan Wu S, Banzhaf W (2010) The use of computational intelligence in intrusion detection systems: a review. Appl Soft Comput 10:1–35

    Google Scholar 

  8. Liu X, Fang C, Xiao D (2011) Intrusion diagnosis and prediction with expert system. Secur Commun Netw 4:1483–1494

    Article  Google Scholar 

  9. Damopoulos D, Menesidou SA, Kambourakis G, Papadaki M, Clarke N, Gritzalis S (2012) Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers. Secu Commun Netw 5:3–14

    Article  Google Scholar 

  10. Tajbakhsh A, Rahmati M, Mirzaei A (2009) Intrusion detection using fuzzy association rules. Appl Soft Comput 9:462–469

    Article  Google Scholar 

  11. Rashedi E, Nezamabadi-pour H, Saryazdi S (2009) GSA: a gravitational search algorithm. Inf Sci 179:2232–2248

    Article  MATH  Google Scholar 

  12. Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177:3799–3821

    Article  Google Scholar 

  13. Chen Y, Abraham A, Yang B (2007) Hybrid flexible neural-tree-based intrusion detection systems. Int J Intell Syst 22:337–352

    Article  MATH  Google Scholar 

  14. Ye N, Emran SM, Chen Q, Vilbert S (2002) Multivariate statistical analysis of audit trials for host-based intrusion detection. IEEE Trans Comput 51:810–820

    Article  Google Scholar 

  15. Garcia-Teodoro P, Diaz-Verdejo J, Macia-Fernandez G, Vazquez E (2009) Anomaly-base network intrusion detection: techniques, systems and challenges. Comput Secur 28:18–28

    Article  Google Scholar 

  16. Kruegel C, Mutz D, Robertson W, Valeur F (2003) Bayesian event classification for intrusion detection. In: The proceedings of the annual computer security applications conference, pp 14–23

  17. Mahoney MV, Chan PK (2002) Learning nonstationary models of normal network traffic for detecting novel attacks. In: The proceedings of the ACM SIGKDD international conference on knowledge discovery and data mining, pp 376–385

  18. Hoglund AJ, Hatonen K, Sorvari AS (2000) A computer host-based user anomaly detection system using the self-organizing map. In: The proceedings of the international joint conference on neural networks, vol 5, pp 411–416

  19. Cheng E, Jin H, Han Z, Sun J (2005) Network-based anomaly detection using an Elman network. Lect Notes Comput Sci 3619:471–480

    Article  Google Scholar 

  20. Liao Y, Vemuri VR, Pasos A (2007) Adaptive anomaly detection with evolving connectionist systems. J Netw Comput Appl 30:60–80 (Special Issue on Network and Information Security: A Computational Intelligence Approach)

    Google Scholar 

  21. Beghdad R (2007) Training all the KDD data set to classify and detect attacks. Neural Netw World 17:81–91

    Google Scholar 

  22. Bridges SM, Vaughn RB (2000) Intrusion detection via fuzzy data mining. In: The proceedings of the annual Canadian information technology security symposium, pp 111–121

  23. Gomez J, Dasgupta D (2002) Evolving fuzzy classifiers for intrusion detection. In: The proceedings of the IEEE workshop on information assurance, pp 68–75

  24. Song D, Heywood MI, Zincir-Heywood AN (2005) Training genetic programming on half a million patterns: an example from anomaly detection. IEEE Trans Evol Comput 9:225–239

    Article  Google Scholar 

  25. Kim J, Bentley P, Aickelin U, Greensmith J, Tedesco G, Twycross J (2007) Immune system approaches to intrusion detection—a review. Nat Comput 6:413–466

    Article  MathSciNet  MATH  Google Scholar 

  26. Han SJ, Cho SB (2006) Evolutionary neural networks for anomaly detection based on the behavior of a program. IEEE Trans Syst Man Cybernet-Part B 36:559–570

    Google Scholar 

  27. Liao Y, Vemuri VR (2002) Use of K-nearest neighbor classifier for intrusion detection. Comput Secur 21:439–448

    Article  Google Scholar 

  28. Novikov D, Yampolskiy RV, Reznik L (2006) Artificial intelligence approaches for intrusion detection. In: The proceedings of the IEEE international conference on systems, applications and technology, pp 1–8

  29. Joshi MV, Agrawal RC, Kumar V (2001) Mining needless in a haystack: classifying rare classes via two-phase rule induction. In: The proceedings of the ACM SIGMOD conference on management of data, pp 91–102

  30. Golovko V, Vaitsekhovich L (2006) Neural network techniques for intrusion detection. In: The proceedings of the international conference on neural networks and artificial intelligence, pp 65–69

  31. Herrero A, Corchado E, Gastaldo P, Picasso F, Zunino R (2007) Auto-association neural techniques for intrusion detection systems. In: The proceedings of the IEEE international symposium on industrial electronics, pp 1905–1910

  32. Beghdad R (2008) Critical study of neural networks in detecting intrusions. Comput Secur 27:168–175

    Article  Google Scholar 

  33. Sheikhan M, Jadidi Z, Beheshti M (2010) Effects of feature reduction on the performance of attack recognition by static and dynamic neural networks. World Appl Sci J 8:302–308

    Google Scholar 

  34. Sheikhan M, Jadidi Z, Farrokhi A (2012) Intrusion detection using reduced-size RNN based on feature grouping. Neural Comput Appl 21:1185–1190

    Article  Google Scholar 

  35. Lei JZ, Ghorbani AA (2012) Improved competitive learning neural networks for network intrusion and fraud detection. Neurocomputing 75:135–145

    Article  Google Scholar 

  36. Dickerson JE, Juslin J, Koukousoula J, Dickerson JA (2001) Fuzzy intrusion detection. In: The proceedings of the IFSA world congress and 20th NAFIPS international conference, vol 3, pp 1506–1510

  37. Lin Y, Chen K, Liao X (2004) A genetic clustering method for intrusion detection. Patt Recogn 37:924–927

    Google Scholar 

  38. Pfahringer B (2000) Winning the KDD 99 classification cup: bagged boosting. J SIGKDD Explor 1:65–66

    Article  Google Scholar 

  39. Pereira CR, Nakamura RYM, Costa KAP, Papa JP (2012) An optimum-path forest framework for intrusion detection in computer networks. Eng Appl Artif Intell 25:1226–1234

    Article  Google Scholar 

  40. Shah K, Dave N, Chavon S, Mukherjee S, Abraham A, Sanyal S (2004) Adaptive neuro-fuzzy intrusion detection system. In: The proceedings of the IEEE international conference on information technology: coding and computing, vol 1, pp 70–74

  41. Abadeh MS, Habibi J, Lucas C (2005) Intrusion detection using a fuzzy genetic-based learning algorithm. J Netw Comput Appl 30:414–428

    Article  Google Scholar 

  42. Xu Q, Pei W, Yang L, Zhao Q (2006) An intrusion detection approach based on understandable neural network trees. Int J Comput Sci Netw Secur 6:229–234

    Google Scholar 

  43. Sheikhan M, Jadidi Z (2009) Misuse detection using hybrid of association rule mining and connectionist modeling. World Appl Sci J 7 (Special Issue of Computer & IT):31–37

  44. Sheikhan M, Gharavian D (2009) Combination of Elman neural network and classification-based predictive association rules to improve computer networks’ security. World Appl Sci J 7 (Special Issue of Computer & IT):80–86

  45. Li W, Wang JL, Tian ZH, Lu TB, Young C (2009) Building lightweight intrusion detection system using wrapper-based feature selection mechanisms. Comput Secur 28:466–475

    Article  Google Scholar 

  46. Meharouech S, Bouhoula A, Abbes T (2011) Trusted intrusion detection architecture for high-speed networks based on traffic classification, load balancing and high availability mechanism. Secur Commun Netw 4:384–394

    Article  Google Scholar 

  47. Chen Y, Li Y, Cheng X-Q, Guo L (2006) Survey and taxonomy of feature selection algorithms in intrusion detection system. Lect Notes Comput Sci 4318:153–167

    Article  MathSciNet  Google Scholar 

  48. Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method. Exp Syst Appl 39:424–430

    Article  Google Scholar 

  49. Chebrolu S, Abraham A, Thomas JP (2005) Feature deduction and ensemble design of intrusion detection system. Comput Secur 24:295–307

    Article  Google Scholar 

  50. Amiri F, Rezaei Yousefi MM, Lucas C, Shakery A, Yazdani N (2011) Mutual information based feature selection for intrusion detection systems. J Netw Comput Appl 34:1184–1199

    Article  Google Scholar 

  51. Kumar G, Kumar K (2012) An information theoretic approach for feature selection. Secur Commun Netw 5:178–185

    Article  Google Scholar 

  52. Chen Y, Abraham A, Yang J (2006) Feature selection and classification using hybrid flexible neural tree. Neurocomputing 70:305–313

    Article  Google Scholar 

  53. Gao H-H, Yang H-H, Wang X-Y (2005) Principal component neural networks based intrusion feature extraction and detection using SVM. Lect Notes Comput Sci 3611:21–27

    Article  Google Scholar 

  54. Sivatha Sindhu SS, Geetha S, Kannan A (2012) Decision tree based light weight intrusion detection using a wrapper approach. Exp Syst Appl 39:129–141

    Article  Google Scholar 

  55. Lin S-W, Ying K-C, Lee C-Y, Lee Z-J (2012) An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection. Appl Soft Comput 12:3285–3290

    Article  Google Scholar 

  56. Chung YY, Wahid N (2012) A hybrid network intrusion detection system using simplified swarm optimization (SSO). Appl Soft Comput 12:3014–3022

    Article  Google Scholar 

  57. Sun X, Liu Y, Li J, Zhu J, Chen H, Liu X (2012) Feature evaluation and selection with cooperative game theory. Patt Recogn 45:2992–3002

    Article  Google Scholar 

  58. RoyChowdhury P, Shukla KK (2003) Incorporating fuzzy concepts along with dynamic tunneling for fast and robust training of multilayer perceptrons. Neurocomputing 50:319–340

    Article  MATH  Google Scholar 

  59. Montana DJ, Davis L (1989) Training feedforward neural networks using genetic algorithms. Mach Learn 1:762–767

    Google Scholar 

  60. Zhao Q, Higuchi T (1996) Efficient learning of NN-MLP based on individual evolutionary algorithm. Neurocomputing 13:201–215

    Article  Google Scholar 

  61. Sexton RS, Dorsey RE (2000) Reliable classification using neural network: a genetic algorithm and back propagation computation. Decis Supp Syst 30:11–22

    Article  Google Scholar 

  62. Castellani M, Rowlands H (2009) Evolutionary artificial neural network design and training for wood veneer classification. Eng Appl Artif Intell 22:732–741

    Article  Google Scholar 

  63. Marwala T (2007) Bayesian training of neural networks using genetic programming. Patt Recogn Lett 28:1452–1458

    Article  Google Scholar 

  64. Amato S, Apolloni B, Caporali G, Madesani U, Zanaboni A (1991) Simulated annealing approach in backpropagation. Neurocomputing 3:207–220

    Article  Google Scholar 

  65. Pasti R, De Castro LN (2007) The influence of diversity in an immune-based algorithm to train MLP networks. In: The proceedings of the international conference on artificial immune systems, pp 71–82

  66. Marcio C, Teresa BL (2006) An analysis of PSO hybrid algorithms for feed-forward neural networks training. In: The proceedings of the ninth Brazilian symposium on neural networks, pp 2–7

  67. Ince T, Kiranyaz S, Pulkkinen J, Gabbouj M (2010) Evaluation of global and local training techniques over feed-forward neural network architecture spaces for computer-aided medical diagnosis. Exp Syst Appl 37:8450–8461

    Article  Google Scholar 

  68. Pian Z, Li S, Zhang H, Zhang N (2012) The application of the PSO based BP network in short-term load forecasting. Phys Procedia 24:626–632

    Article  Google Scholar 

  69. Yu J, Wang S, Xi L (2008) Evolving artificial neural networks using an improved PSO and DPSO. Neurocomputing 71:1054–1060

    Article  Google Scholar 

  70. Cavuslu MA, Karakuzu C, Karakaya F (2012) Neural identification of dynamic systems on FPGA with improved PSO learning. Appl Soft Comput 12:2707–2718

    Article  Google Scholar 

  71. Shen W, Guo X, Wu C, Wu D (2011) Forecasting stock indices using radial basis function neural networks optimized by artificial swarm algorithm. Knowledge-Based Syst 24:378–385

    Article  Google Scholar 

  72. Kulluk S, Ozbakir L, Baykasoglu A (2012) Training neural networks with harmony search algorithms for classification problems. Eng Appl Artif Intell 25:11–19

    Article  Google Scholar 

  73. Mirjalili SA, Mohd Hashim SZ, Moradian Sardroudi H (2012) Training feedforward neural networks using hybrid particle swarm optimization and gravitational search algorithm. Appl Math Comput 218:11125–11137

    Article  MathSciNet  Google Scholar 

  74. Wang D, Lu W-Z (2006) Forecasting of ozone level in time series using MLP model with a novel hybrid training algorithm. Atmos Environ 40:913–924

    Article  Google Scholar 

  75. Zhang JR, Zhang J, Lok TM, Lyu MR (2007) A hybrid particle swarm optimization-back propagation algorithm for feedforward neural network training. Appl Math Comput 185:1026–1037

    Article  MATH  Google Scholar 

  76. Leung SYS, Tang Y, Wong WK (2012) A hybrid particle swarm optimization and its application in neural networks. Exp Syst Appl 39:395–405

    Article  Google Scholar 

  77. Bahrololoum A, Nezamabadi-pour H, Bahrololoum H, Saeed M (2012) A prototype classifier based on gravitational search algorithm. Appl Soft Comput 12:819–825

    Article  Google Scholar 

  78. Carpenter GA, Grossberg S, Markuzon N, Reynold JH, Rosen DB (1992) Fuzzy ARTMAP: a neural network for incremental supervised learning of analog multidimensional maps. IEEE Trans Neural Netw 3:689–713

    Article  Google Scholar 

  79. Agrawal R, Imielinski T, Swami A (1993) Mining association rules between sets of items in large databases. In: The proceedings of the ACM SIGMOD international conference on management of data, pp 207–216

  80. Sricant R, Agrawal R (1996) Mining quantitative association rules in large relational tables. In: The proceedings of the ACM SIGMOD international conference on management of data, pp 1–12

  81. Zadeh LA (1965) Fuzzy sets. Proc Inf Control 8:338–353

    Article  MathSciNet  MATH  Google Scholar 

  82. Delgado M, Marín N, Sánchez D, Vila MA (2003) Fuzzy association rules: general model and applications. IEEE Trans Fuzzy Syst 11:214–225

    Article  Google Scholar 

  83. Chen C-L, Tseng FSC, Liang T (2010) Mining fuzzy frequent itemsets for hierarchical document clustering. Inf Process Manag 46:193–211

    Article  Google Scholar 

  84. Ho GTS, Ip WH, Wu CH, Tse YK (2012) Using a fuzzy association rule mining approach to identify the financial data association. Exp Syst Appl 39:9054–9063

    Article  Google Scholar 

  85. Mangalampalli A, Pudi V (2009) Fuzzy association rule mining algorithm for fast and efficient performance on very large datasets. In: The proceedings of the IEEE international conference on fuzzy systems, pp 1163–1168

  86. Au W-H, Chan KCC (2003) Mining fuzzy association rules in a bank-account database. IEEE Trans Fuzzy Syst 11:238–248

    Article  Google Scholar 

  87. Stolfo SJ (1999) KDD-99 Dataset. Available on http://www.kdd.ics.uci.edu/databases/kddcup99/kddcup99.html kddcup99.html

  88. Ruan D, Kerre EE (1993) Fuzzy implication operators and generalized fuzzy method of cases. Fuzzy Sets Syst 54:23–38

    Article  MathSciNet  MATH  Google Scholar 

  89. Farzanyar Z, Kangavari M, Hashemi S (2006) Effect of similar behaving attributes in mining of fuzzy association rules in the large databases. Lect Notes Comput Sci 3980:1100–1109

    Article  Google Scholar 

  90. Hu YC, Chen RS, Tzeng GH (2003) Discovering fuzzy association rules using fuzzy partition methods. Knowledge-Based Syst 16:137–147

    Article  Google Scholar 

  91. Bezdek JC, Ehrlich R, Full W (1984) FCM: the fuzzy C-means clustering algorithm. Comput Geosci 10:191–203

    Article  Google Scholar 

  92. Agrawal R, Joshi MV (2000) PNrule: a new framework for learning classifier models in data mining (a case-study in network intrusion detection). IBM Research Division, Report No. RC-21719

  93. Levin I (2000) KDD classifier learning contest: LLSoft’s results overview. J SIGKDD Explor 1:67–75

    Article  Google Scholar 

  94. Nadjarian Toosi A, Kahani M (2007) A novel soft computing model using adaptive neuro-fuzzy inference system for intrusion detection. In: The proceedings of the IEEE international conference on networking, sensing and control, pp 834–839

  95. Han SJ, Cho SB (2003) Detecting intrusion with rule-based integration of multiple models. J Comput Secur 22:613–623

    Article  Google Scholar 

  96. Wang X, Liu X, Pedrycz W, Zhu X, Hu G (2012) Mining axiomatic fuzzy set association rules for classification problems. Europ J Oper Res 218:202–210

    Article  MathSciNet  MATH  Google Scholar 

  97. Mężyk E, Unold O (2011) Mining fuzzy rules using an artificial immune system with fuzzy partition learning. Appl Soft Comput 11:1965–1974

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electrical Engineering, Faculty of Engineering, Islamic Azad University, South Tehran Branch, P.O. Box: 11365-4435, Tehran, Iran

    Mansour Sheikhan

  2. Department of Computer Engineering, Islamic Azad University, South Tehran Branch, Tehran, Iran

    Maryam Sharifi Rad

Authors
  1. Mansour Sheikhan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maryam Sharifi Rad
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mansour Sheikhan.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Sheikhan, M., Sharifi Rad, M. Gravitational search algorithm–optimized neural misuse detector with selected features by fuzzy grids–based association rules mining. Neural Comput & Applic 23, 2451–2463 (2013). https://doi.org/10.1007/s00521-012-1204-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-012-1204-y

Keywords

Search

Navigation