Abstract
Feature selection is one of the most important techniques for data preprocessing in classification problems. In this paper, fuzzy grids–based association rules mining, as an effective data mining technique, is used for feature selection in misuse detection application in computer networks. The main idea of this algorithm is to find the relationships between items in large datasets so that it detects correlations between inputs of the system and then eliminates the redundant inputs. To classify the attacks, a fuzzy ARTMAP neural network is employed whose training parameters are optimized by gravitational search algorithm. The performance of the proposed system is compared with some other machine learning methods in the same application. Experimental results show that the proposed system, when choosing optimum “feature subset size-adjustment” parameter, performs better in terms of detection rate, false alarm rate, and cost per example in classification problems. In addition, employing the reduced-size feature set results in more than 8.4 percent reduction in computational complexity.
Similar content being viewed by others
References
Zainal A, Maarof MA, Shamsuddin SM (2007) Feature selection using rough-DPSO in anomaly intrusion detection. Lect Notes Comput Sci 4705:512–524, Part I
Xie J, Wu J, Qian Q (2009) Feature selection algorithm based on association rules mining method. In: The proceedings of the IEEE/ACIS international conference on computer and information science, pp 357–362
Jain V, Benyoucef L, Deshmukh SG (2008) A new approach for evaluating agility in supply chains using fuzzy association rules mining. Eng Appl Artif Intell 21:367–385
Jeong Ko S, Hyun Lee J (2001) Feature selection using association word mining for classification. Lect Notes Comput Sci 2113:211–220
Karabatak M, Ince MC (2009) An expert system for detection of breast cancer based on association rules and neural network. Exp Syst Appl 36:3465–3469
Karabatak M, Ince MC (2009) A new feature selection method based on association rules for diagnosis of erythemato-squamous diseases. Exp Syst Appl 36:12500–12505
Xiaonan Wu S, Banzhaf W (2010) The use of computational intelligence in intrusion detection systems: a review. Appl Soft Comput 10:1–35
Liu X, Fang C, Xiao D (2011) Intrusion diagnosis and prediction with expert system. Secur Commun Netw 4:1483–1494
Damopoulos D, Menesidou SA, Kambourakis G, Papadaki M, Clarke N, Gritzalis S (2012) Evaluation of anomaly-based IDS for mobile devices using machine learning classifiers. Secu Commun Netw 5:3–14
Tajbakhsh A, Rahmati M, Mirzaei A (2009) Intrusion detection using fuzzy association rules. Appl Soft Comput 9:462–469
Rashedi E, Nezamabadi-pour H, Saryazdi S (2009) GSA: a gravitational search algorithm. Inf Sci 179:2232–2248
Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177:3799–3821
Chen Y, Abraham A, Yang B (2007) Hybrid flexible neural-tree-based intrusion detection systems. Int J Intell Syst 22:337–352
Ye N, Emran SM, Chen Q, Vilbert S (2002) Multivariate statistical analysis of audit trials for host-based intrusion detection. IEEE Trans Comput 51:810–820
Garcia-Teodoro P, Diaz-Verdejo J, Macia-Fernandez G, Vazquez E (2009) Anomaly-base network intrusion detection: techniques, systems and challenges. Comput Secur 28:18–28
Kruegel C, Mutz D, Robertson W, Valeur F (2003) Bayesian event classification for intrusion detection. In: The proceedings of the annual computer security applications conference, pp 14–23
Mahoney MV, Chan PK (2002) Learning nonstationary models of normal network traffic for detecting novel attacks. In: The proceedings of the ACM SIGKDD international conference on knowledge discovery and data mining, pp 376–385
Hoglund AJ, Hatonen K, Sorvari AS (2000) A computer host-based user anomaly detection system using the self-organizing map. In: The proceedings of the international joint conference on neural networks, vol 5, pp 411–416
Cheng E, Jin H, Han Z, Sun J (2005) Network-based anomaly detection using an Elman network. Lect Notes Comput Sci 3619:471–480
Liao Y, Vemuri VR, Pasos A (2007) Adaptive anomaly detection with evolving connectionist systems. J Netw Comput Appl 30:60–80 (Special Issue on Network and Information Security: A Computational Intelligence Approach)
Beghdad R (2007) Training all the KDD data set to classify and detect attacks. Neural Netw World 17:81–91
Bridges SM, Vaughn RB (2000) Intrusion detection via fuzzy data mining. In: The proceedings of the annual Canadian information technology security symposium, pp 111–121
Gomez J, Dasgupta D (2002) Evolving fuzzy classifiers for intrusion detection. In: The proceedings of the IEEE workshop on information assurance, pp 68–75
Song D, Heywood MI, Zincir-Heywood AN (2005) Training genetic programming on half a million patterns: an example from anomaly detection. IEEE Trans Evol Comput 9:225–239
Kim J, Bentley P, Aickelin U, Greensmith J, Tedesco G, Twycross J (2007) Immune system approaches to intrusion detection—a review. Nat Comput 6:413–466
Han SJ, Cho SB (2006) Evolutionary neural networks for anomaly detection based on the behavior of a program. IEEE Trans Syst Man Cybernet-Part B 36:559–570
Liao Y, Vemuri VR (2002) Use of K-nearest neighbor classifier for intrusion detection. Comput Secur 21:439–448
Novikov D, Yampolskiy RV, Reznik L (2006) Artificial intelligence approaches for intrusion detection. In: The proceedings of the IEEE international conference on systems, applications and technology, pp 1–8
Joshi MV, Agrawal RC, Kumar V (2001) Mining needless in a haystack: classifying rare classes via two-phase rule induction. In: The proceedings of the ACM SIGMOD conference on management of data, pp 91–102
Golovko V, Vaitsekhovich L (2006) Neural network techniques for intrusion detection. In: The proceedings of the international conference on neural networks and artificial intelligence, pp 65–69
Herrero A, Corchado E, Gastaldo P, Picasso F, Zunino R (2007) Auto-association neural techniques for intrusion detection systems. In: The proceedings of the IEEE international symposium on industrial electronics, pp 1905–1910
Beghdad R (2008) Critical study of neural networks in detecting intrusions. Comput Secur 27:168–175
Sheikhan M, Jadidi Z, Beheshti M (2010) Effects of feature reduction on the performance of attack recognition by static and dynamic neural networks. World Appl Sci J 8:302–308
Sheikhan M, Jadidi Z, Farrokhi A (2012) Intrusion detection using reduced-size RNN based on feature grouping. Neural Comput Appl 21:1185–1190
Lei JZ, Ghorbani AA (2012) Improved competitive learning neural networks for network intrusion and fraud detection. Neurocomputing 75:135–145
Dickerson JE, Juslin J, Koukousoula J, Dickerson JA (2001) Fuzzy intrusion detection. In: The proceedings of the IFSA world congress and 20th NAFIPS international conference, vol 3, pp 1506–1510
Lin Y, Chen K, Liao X (2004) A genetic clustering method for intrusion detection. Patt Recogn 37:924–927
Pfahringer B (2000) Winning the KDD 99 classification cup: bagged boosting. J SIGKDD Explor 1:65–66
Pereira CR, Nakamura RYM, Costa KAP, Papa JP (2012) An optimum-path forest framework for intrusion detection in computer networks. Eng Appl Artif Intell 25:1226–1234
Shah K, Dave N, Chavon S, Mukherjee S, Abraham A, Sanyal S (2004) Adaptive neuro-fuzzy intrusion detection system. In: The proceedings of the IEEE international conference on information technology: coding and computing, vol 1, pp 70–74
Abadeh MS, Habibi J, Lucas C (2005) Intrusion detection using a fuzzy genetic-based learning algorithm. J Netw Comput Appl 30:414–428
Xu Q, Pei W, Yang L, Zhao Q (2006) An intrusion detection approach based on understandable neural network trees. Int J Comput Sci Netw Secur 6:229–234
Sheikhan M, Jadidi Z (2009) Misuse detection using hybrid of association rule mining and connectionist modeling. World Appl Sci J 7 (Special Issue of Computer & IT):31–37
Sheikhan M, Gharavian D (2009) Combination of Elman neural network and classification-based predictive association rules to improve computer networks’ security. World Appl Sci J 7 (Special Issue of Computer & IT):80–86
Li W, Wang JL, Tian ZH, Lu TB, Young C (2009) Building lightweight intrusion detection system using wrapper-based feature selection mechanisms. Comput Secur 28:466–475
Meharouech S, Bouhoula A, Abbes T (2011) Trusted intrusion detection architecture for high-speed networks based on traffic classification, load balancing and high availability mechanism. Secur Commun Netw 4:384–394
Chen Y, Li Y, Cheng X-Q, Guo L (2006) Survey and taxonomy of feature selection algorithms in intrusion detection system. Lect Notes Comput Sci 4318:153–167
Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method. Exp Syst Appl 39:424–430
Chebrolu S, Abraham A, Thomas JP (2005) Feature deduction and ensemble design of intrusion detection system. Comput Secur 24:295–307
Amiri F, Rezaei Yousefi MM, Lucas C, Shakery A, Yazdani N (2011) Mutual information based feature selection for intrusion detection systems. J Netw Comput Appl 34:1184–1199
Kumar G, Kumar K (2012) An information theoretic approach for feature selection. Secur Commun Netw 5:178–185
Chen Y, Abraham A, Yang J (2006) Feature selection and classification using hybrid flexible neural tree. Neurocomputing 70:305–313
Gao H-H, Yang H-H, Wang X-Y (2005) Principal component neural networks based intrusion feature extraction and detection using SVM. Lect Notes Comput Sci 3611:21–27
Sivatha Sindhu SS, Geetha S, Kannan A (2012) Decision tree based light weight intrusion detection using a wrapper approach. Exp Syst Appl 39:129–141
Lin S-W, Ying K-C, Lee C-Y, Lee Z-J (2012) An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection. Appl Soft Comput 12:3285–3290
Chung YY, Wahid N (2012) A hybrid network intrusion detection system using simplified swarm optimization (SSO). Appl Soft Comput 12:3014–3022
Sun X, Liu Y, Li J, Zhu J, Chen H, Liu X (2012) Feature evaluation and selection with cooperative game theory. Patt Recogn 45:2992–3002
RoyChowdhury P, Shukla KK (2003) Incorporating fuzzy concepts along with dynamic tunneling for fast and robust training of multilayer perceptrons. Neurocomputing 50:319–340
Montana DJ, Davis L (1989) Training feedforward neural networks using genetic algorithms. Mach Learn 1:762–767
Zhao Q, Higuchi T (1996) Efficient learning of NN-MLP based on individual evolutionary algorithm. Neurocomputing 13:201–215
Sexton RS, Dorsey RE (2000) Reliable classification using neural network: a genetic algorithm and back propagation computation. Decis Supp Syst 30:11–22
Castellani M, Rowlands H (2009) Evolutionary artificial neural network design and training for wood veneer classification. Eng Appl Artif Intell 22:732–741
Marwala T (2007) Bayesian training of neural networks using genetic programming. Patt Recogn Lett 28:1452–1458
Amato S, Apolloni B, Caporali G, Madesani U, Zanaboni A (1991) Simulated annealing approach in backpropagation. Neurocomputing 3:207–220
Pasti R, De Castro LN (2007) The influence of diversity in an immune-based algorithm to train MLP networks. In: The proceedings of the international conference on artificial immune systems, pp 71–82
Marcio C, Teresa BL (2006) An analysis of PSO hybrid algorithms for feed-forward neural networks training. In: The proceedings of the ninth Brazilian symposium on neural networks, pp 2–7
Ince T, Kiranyaz S, Pulkkinen J, Gabbouj M (2010) Evaluation of global and local training techniques over feed-forward neural network architecture spaces for computer-aided medical diagnosis. Exp Syst Appl 37:8450–8461
Pian Z, Li S, Zhang H, Zhang N (2012) The application of the PSO based BP network in short-term load forecasting. Phys Procedia 24:626–632
Yu J, Wang S, Xi L (2008) Evolving artificial neural networks using an improved PSO and DPSO. Neurocomputing 71:1054–1060
Cavuslu MA, Karakuzu C, Karakaya F (2012) Neural identification of dynamic systems on FPGA with improved PSO learning. Appl Soft Comput 12:2707–2718
Shen W, Guo X, Wu C, Wu D (2011) Forecasting stock indices using radial basis function neural networks optimized by artificial swarm algorithm. Knowledge-Based Syst 24:378–385
Kulluk S, Ozbakir L, Baykasoglu A (2012) Training neural networks with harmony search algorithms for classification problems. Eng Appl Artif Intell 25:11–19
Mirjalili SA, Mohd Hashim SZ, Moradian Sardroudi H (2012) Training feedforward neural networks using hybrid particle swarm optimization and gravitational search algorithm. Appl Math Comput 218:11125–11137
Wang D, Lu W-Z (2006) Forecasting of ozone level in time series using MLP model with a novel hybrid training algorithm. Atmos Environ 40:913–924
Zhang JR, Zhang J, Lok TM, Lyu MR (2007) A hybrid particle swarm optimization-back propagation algorithm for feedforward neural network training. Appl Math Comput 185:1026–1037
Leung SYS, Tang Y, Wong WK (2012) A hybrid particle swarm optimization and its application in neural networks. Exp Syst Appl 39:395–405
Bahrololoum A, Nezamabadi-pour H, Bahrololoum H, Saeed M (2012) A prototype classifier based on gravitational search algorithm. Appl Soft Comput 12:819–825
Carpenter GA, Grossberg S, Markuzon N, Reynold JH, Rosen DB (1992) Fuzzy ARTMAP: a neural network for incremental supervised learning of analog multidimensional maps. IEEE Trans Neural Netw 3:689–713
Agrawal R, Imielinski T, Swami A (1993) Mining association rules between sets of items in large databases. In: The proceedings of the ACM SIGMOD international conference on management of data, pp 207–216
Sricant R, Agrawal R (1996) Mining quantitative association rules in large relational tables. In: The proceedings of the ACM SIGMOD international conference on management of data, pp 1–12
Zadeh LA (1965) Fuzzy sets. Proc Inf Control 8:338–353
Delgado M, Marín N, Sánchez D, Vila MA (2003) Fuzzy association rules: general model and applications. IEEE Trans Fuzzy Syst 11:214–225
Chen C-L, Tseng FSC, Liang T (2010) Mining fuzzy frequent itemsets for hierarchical document clustering. Inf Process Manag 46:193–211
Ho GTS, Ip WH, Wu CH, Tse YK (2012) Using a fuzzy association rule mining approach to identify the financial data association. Exp Syst Appl 39:9054–9063
Mangalampalli A, Pudi V (2009) Fuzzy association rule mining algorithm for fast and efficient performance on very large datasets. In: The proceedings of the IEEE international conference on fuzzy systems, pp 1163–1168
Au W-H, Chan KCC (2003) Mining fuzzy association rules in a bank-account database. IEEE Trans Fuzzy Syst 11:238–248
Stolfo SJ (1999) KDD-99 Dataset. Available on http://www.kdd.ics.uci.edu/databases/kddcup99/kddcup99.html kddcup99.html
Ruan D, Kerre EE (1993) Fuzzy implication operators and generalized fuzzy method of cases. Fuzzy Sets Syst 54:23–38
Farzanyar Z, Kangavari M, Hashemi S (2006) Effect of similar behaving attributes in mining of fuzzy association rules in the large databases. Lect Notes Comput Sci 3980:1100–1109
Hu YC, Chen RS, Tzeng GH (2003) Discovering fuzzy association rules using fuzzy partition methods. Knowledge-Based Syst 16:137–147
Bezdek JC, Ehrlich R, Full W (1984) FCM: the fuzzy C-means clustering algorithm. Comput Geosci 10:191–203
Agrawal R, Joshi MV (2000) PNrule: a new framework for learning classifier models in data mining (a case-study in network intrusion detection). IBM Research Division, Report No. RC-21719
Levin I (2000) KDD classifier learning contest: LLSoft’s results overview. J SIGKDD Explor 1:67–75
Nadjarian Toosi A, Kahani M (2007) A novel soft computing model using adaptive neuro-fuzzy inference system for intrusion detection. In: The proceedings of the IEEE international conference on networking, sensing and control, pp 834–839
Han SJ, Cho SB (2003) Detecting intrusion with rule-based integration of multiple models. J Comput Secur 22:613–623
Wang X, Liu X, Pedrycz W, Zhu X, Hu G (2012) Mining axiomatic fuzzy set association rules for classification problems. Europ J Oper Res 218:202–210
Mężyk E, Unold O (2011) Mining fuzzy rules using an artificial immune system with fuzzy partition learning. Appl Soft Comput 11:1965–1974
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Sheikhan, M., Sharifi Rad, M. Gravitational search algorithm–optimized neural misuse detector with selected features by fuzzy grids–based association rules mining. Neural Comput & Applic 23, 2451–2463 (2013). https://doi.org/10.1007/s00521-012-1204-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00521-012-1204-y