Intrusion detection using rough set classification.

Journal of Zhejiang University. Science Pub Date : 2004-09-01 DOI:10.1631/jzus.2004.1076

Lian-hua Zhang, Guan-hua Zhang, Jie Zhang, Ying-cai Bai

{"title":"Intrusion detection using rough set classification.","authors":"Lian-hua Zhang, Guan-hua Zhang, Jie Zhang, Ying-cai Bai","doi":"10.1631/jzus.2004.1076","DOIUrl":null,"url":null,"abstract":"<p><p>Recently machine learning-based intrusion detection approaches have been subjected to extensive researches because they can detect both misuse and anomaly. In this paper, rough set classification (RSC), a modern learning algorithm, is used to rank the features extracted for detecting intrusions and generate intrusion detection models. Feature ranking is a very critical step when building the model. RSC performs feature ranking before generating rules, and converts the feature ranking to minimal hitting set problem addressed by using genetic algorithm (GA). This is done in classical approaches using Support Vector Machine (SVM) by executing many iterations, each of which removes one useless feature. Compared with those methods, our method can avoid many iterations. In addition, a hybrid genetic algorithm is proposed to increase the convergence speed and decrease the training time of RSC. The models generated by RSC take the form of \"IF-THEN\" rules, which have the advantage of explication. Tests and comparison of RSC with SVM on DARPA benchmark data showed that for Probe and DoS attacks both RSC and SVM yielded highly accurate results (greater than 99% accuracy on testing set).</p>","PeriodicalId":85042,"journal":{"name":"Journal of Zhejiang University. Science","volume":"5 9","pages":"1076-86"},"PeriodicalIF":0.0000,"publicationDate":"2004-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1631/jzus.2004.1076","citationCount":"52","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Zhejiang University. Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1631/jzus.2004.1076","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 52

Abstract

Recently machine learning-based intrusion detection approaches have been subjected to extensive researches because they can detect both misuse and anomaly. In this paper, rough set classification (RSC), a modern learning algorithm, is used to rank the features extracted for detecting intrusions and generate intrusion detection models. Feature ranking is a very critical step when building the model. RSC performs feature ranking before generating rules, and converts the feature ranking to minimal hitting set problem addressed by using genetic algorithm (GA). This is done in classical approaches using Support Vector Machine (SVM) by executing many iterations, each of which removes one useless feature. Compared with those methods, our method can avoid many iterations. In addition, a hybrid genetic algorithm is proposed to increase the convergence speed and decrease the training time of RSC. The models generated by RSC take the form of "IF-THEN" rules, which have the advantage of explication. Tests and comparison of RSC with SVM on DARPA benchmark data showed that for Probe and DoS attacks both RSC and SVM yielded highly accurate results (greater than 99% accuracy on testing set).

查看原文本刊更多论文

基于粗糙集分类的入侵检测。

近年来，基于机器学习的入侵检测方法因其既能检测误用又能检测异常而受到广泛的研究。本文采用粗糙集分类(RSC)这一现代学习算法，对提取的入侵检测特征进行排序，生成入侵检测模型。特征排序是构建模型时非常关键的一步。RSC在生成规则之前进行特征排序，并将特征排序问题转化为最小命中集问题，利用遗传算法求解。这是在使用支持向量机(SVM)的经典方法中通过执行多次迭代来完成的，每次迭代都会删除一个无用的特征。与这些方法相比，我们的方法可以避免多次迭代。此外，还提出了一种混合遗传算法，提高了RSC的收敛速度，减少了RSC的训练时间。RSC生成的模型采用“IF-THEN”规则的形式，具有解释性强的优点。RSC和SVM在DARPA基准数据上的测试和比较表明，对于Probe攻击和DoS攻击，RSC和SVM的结果准确率都很高(在测试集上准确率大于99%)。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Zhejiang University. Science

自引率

0.00%

发文量