Feature Clustering for Anomaly Detection Using Improved Fuzzy Membership Function

Abstract

Earlier research focus towards anomaly detection has been towards using classifiers such as kNN, SVM and using existing distance measures to perform classification. Traditionally IDSs (Intrusion detection systems) have been developed by applying machine learning techniques and adopted single learning mechanism. This is later extended by developing Intrusion Detection Systems by adopting multiple learning mechanisms. Such systems have addressed better detection rates compared to single learning Intrusion Detection Systems. Dimensionality is one more serious concern which affects the performance of classification algorithms. Approaches such as "Feature selection" have been studied and adopted which selects a subset features from the feature set. However, the feature extraction approach for dimensionality reduction has proved to be better compared to feature selection and achieved better classification and detection rates. In this research, we address "Feature extraction" using "Evolutionary feature clustering" by proposing a "Novel fuzzy membership function" which addresses Dimensionality Reduction (DR). The idea is to transform the initial connection representation so that its equivalent representation has reduced noise affect and achieves better classification or detection rates. Experimental results on KDD datasets with 19 and 41 attributes, prove that the proposed approach has improved detection rates for R2L and U2R attack classes when compared to CANN, CLAPP, and SVM approaches. CANN approach recorded lower detection rates w.r.t U2R and R2L attacks. This failure is addressed in our earlier studies through proposing, CLAPP which proved comparatively better accuracy rates to CANN. The fuzzy membership function proposed in this paper, recorded better classification and detection rates in experiments conducted