As the network based technologies become
omnipresent, demands to secure networks/systems against threat
increase. One of the effective ways to achieve higher security is
through the use of intrusion detection systems (IDS), which are a
software tool to detect anomalous in the computer or network. In this
paper, an IDS has been developed using an improved machine
learning based algorithm, Locally Linear Neuro Fuzzy Model
(LLNF) for classification whereas this model is originally used for
system identification. A key technical challenge in IDS and LLNF
learning is the curse of high dimensionality. Therefore a feature
selection phase is proposed which is applicable to any IDS. While
investigating the use of three feature selection algorithms, in this
model, it is shown that adding feature selection phase reduces
computational complexity of our model. Feature selection algorithms
require the use of a feature goodness measure. The use of both a
linear and a non-linear measure - linear correlation coefficient and
mutual information- is investigated respectively
[1] S. Chebrolu, A. Abraham, P. Thomas, "Feature deduction and ensemble
design of intrusion detection systems, " Computers & Security, vol .24,
issue 4, (2005) pp.295-307.
[2] Y. Chena, A. Abrahama, B. Yanga, "Feature selection and classification
using flexible neural tree," Journal of Neurocomputing 70 (2006) 305-
313
[3] S. B. Cho, "Incorporating soft computing techniques into a probabilistic
intrusion detection system," IEEE Transactions on Systems, MAN, and
Cybernetics part C: Applications and Reviews, vol. 32, pp. 154-160,
May 2002.
[4] Battiti, R.: "Using Mutual Information for Selecting Features in
Supervised Neural Net Learning," IEEE Transactions on Neural
Networks. 5 (1994), p. 537-550
[5] T.F. Lunt, A. Tamaru, F. Gilham, R. Jagannathm, C. Jalali,P.G.
Neumann, H.S. Javitz, A. Valdes, T.D. Garvey, "A Real-time Intrusion
Detection Expert System (IDES)," Computer Science Laboratory, SRI
International, Menlo Park, CA, USA, Final Technical Report, February
1992.
[6] L. Erto¨ z, E. Eilertson, A. Lazarevic, P.-N. Tan, V. Kumar, J.
Srivastava, P. Dokas, "The MINDS - Minnesota intrusion detection
system, in: Next Generation Data Mining," MIT Press, Boston, 2004.
[7] A. Lazarevic, L. Ertoz,, V. Kumar, A. Ozgur and J. Srivastava, "A
comparative study of anomaly detection schemes in network intrusion
detection, " in Proc. of Third SIAM Conference on Data Mining (May
2003).
[8] H. Debar, M. Becker and D. Siboni, "A neural network component for
an intrusion detection system, " in Proc. of IEEE Computer Society
Symposium on Research in Security and Privacy (Oakland, CA, May
1992) 240-250.
[9] M. Ramadas, S.O.B. Tjaden, "Detecting anomalous network traffic with
self-organizing maps, " in Proc. the 6th International Symposium on
Recent Advances in Intrusion Detection, Pittsburgh, PA, USA, 2003, pp.
36-54.
[10] M. Saniee Abadeh, J. Habibi, C. Lucas, "Intrusion detection using a
fuzzy genetics-based learning algorithm, " Journal of Network and
Computer Applications, Volume 30, Issue 1, January 2007, Pages 414-
428
[11] W.W. Cohen, "Fast effective rule induction," in Proc. of the 12th
International Conference on Machine Learning, Tahoe City, CA, 1995,
pp. 115-123.
[12] S. Mukkamalaa, A.H. Sunga, A. Abrahamb, "Intrusion detection using
an ensemble of intelligent paradigms," Journal of Network and
Computer Applications 28 (2005) 167-182.
[13] Z. Zhang, and H. Shen, "Application of online-training SVMs for realtime
intrusion detection with different considerations," Computer
Communications, vol. 28, issue 12, pp. 1428-1442, 2005.
[14] J.E. Dickerson, J.A. Dickerson, Fuzzy network profiling for intrusion
detection, in: Proc. 19th International Conference of the North
American Fuzzy Information Processing Society (NAFIPS), Atlanta, GA,
2000, pp. 301-306.
[15] A. Sung, S. Mukkamala, Identifying important features for intrusion
detection using support vector machines and neural networks, " In:
Proc. International Symposium on Applications and the Internet (SAINT
2003); 2003. p. 209e17.
[16] M. Rezaei Yousefi, M. Mirmomeni, A. Vahabie, C. Lucas, C: "Near
Optimal Feature Selection Using Mutual Information for Classification
Problems," In Proc. the International Joint Conference on Knowledge
Management for Composite Materials (kcmc2007),
[17] F.Amiri, M. Rezaei Yousefi, C. Lucas, N.Yazdani, R.Rahmani,
"Improved Feature Selection for Intrusion Detection System",
unpublished.
[18] O.Nelles, NonLiner System Identification from classical Approches to
Neural Networks and Fuzzy Models. New York, Springer-Verlag 2001,
ch 13.
[19] http://www.esat.kuleuven.ac.be/sista/lssvmlab/
http://kdd.ics.uci.edu//databases/kddcup99/kddcup99. html
[20] S. Mukkamala, A. Sung, and A. Abraham, "Intrusion detection using
ensemble of soft computing and hard computing paradigms, " Journal of
Network and Computer Applications, Elsevier Science, vol. 28, issue 2,
pp. 167-182, 2005
[1] S. Chebrolu, A. Abraham, P. Thomas, "Feature deduction and ensemble
design of intrusion detection systems, " Computers & Security, vol .24,
issue 4, (2005) pp.295-307.
[2] Y. Chena, A. Abrahama, B. Yanga, "Feature selection and classification
using flexible neural tree," Journal of Neurocomputing 70 (2006) 305-
313
[3] S. B. Cho, "Incorporating soft computing techniques into a probabilistic
intrusion detection system," IEEE Transactions on Systems, MAN, and
Cybernetics part C: Applications and Reviews, vol. 32, pp. 154-160,
May 2002.
[4] Battiti, R.: "Using Mutual Information for Selecting Features in
Supervised Neural Net Learning," IEEE Transactions on Neural
Networks. 5 (1994), p. 537-550
[5] T.F. Lunt, A. Tamaru, F. Gilham, R. Jagannathm, C. Jalali,P.G.
Neumann, H.S. Javitz, A. Valdes, T.D. Garvey, "A Real-time Intrusion
Detection Expert System (IDES)," Computer Science Laboratory, SRI
International, Menlo Park, CA, USA, Final Technical Report, February
1992.
[6] L. Erto¨ z, E. Eilertson, A. Lazarevic, P.-N. Tan, V. Kumar, J.
Srivastava, P. Dokas, "The MINDS - Minnesota intrusion detection
system, in: Next Generation Data Mining," MIT Press, Boston, 2004.
[7] A. Lazarevic, L. Ertoz,, V. Kumar, A. Ozgur and J. Srivastava, "A
comparative study of anomaly detection schemes in network intrusion
detection, " in Proc. of Third SIAM Conference on Data Mining (May
2003).
[8] H. Debar, M. Becker and D. Siboni, "A neural network component for
an intrusion detection system, " in Proc. of IEEE Computer Society
Symposium on Research in Security and Privacy (Oakland, CA, May
1992) 240-250.
[9] M. Ramadas, S.O.B. Tjaden, "Detecting anomalous network traffic with
self-organizing maps, " in Proc. the 6th International Symposium on
Recent Advances in Intrusion Detection, Pittsburgh, PA, USA, 2003, pp.
36-54.
[10] M. Saniee Abadeh, J. Habibi, C. Lucas, "Intrusion detection using a
fuzzy genetics-based learning algorithm, " Journal of Network and
Computer Applications, Volume 30, Issue 1, January 2007, Pages 414-
428
[11] W.W. Cohen, "Fast effective rule induction," in Proc. of the 12th
International Conference on Machine Learning, Tahoe City, CA, 1995,
pp. 115-123.
[12] S. Mukkamalaa, A.H. Sunga, A. Abrahamb, "Intrusion detection using
an ensemble of intelligent paradigms," Journal of Network and
Computer Applications 28 (2005) 167-182.
[13] Z. Zhang, and H. Shen, "Application of online-training SVMs for realtime
intrusion detection with different considerations," Computer
Communications, vol. 28, issue 12, pp. 1428-1442, 2005.
[14] J.E. Dickerson, J.A. Dickerson, Fuzzy network profiling for intrusion
detection, in: Proc. 19th International Conference of the North
American Fuzzy Information Processing Society (NAFIPS), Atlanta, GA,
2000, pp. 301-306.
[15] A. Sung, S. Mukkamala, Identifying important features for intrusion
detection using support vector machines and neural networks, " In:
Proc. International Symposium on Applications and the Internet (SAINT
2003); 2003. p. 209e17.
[16] M. Rezaei Yousefi, M. Mirmomeni, A. Vahabie, C. Lucas, C: "Near
Optimal Feature Selection Using Mutual Information for Classification
Problems," In Proc. the International Joint Conference on Knowledge
Management for Composite Materials (kcmc2007),
[17] F.Amiri, M. Rezaei Yousefi, C. Lucas, N.Yazdani, R.Rahmani,
"Improved Feature Selection for Intrusion Detection System",
unpublished.
[18] O.Nelles, NonLiner System Identification from classical Approches to
Neural Networks and Fuzzy Models. New York, Springer-Verlag 2001,
ch 13.
[19] http://www.esat.kuleuven.ac.be/sista/lssvmlab/
http://kdd.ics.uci.edu//databases/kddcup99/kddcup99. html
[20] S. Mukkamala, A. Sung, and A. Abraham, "Intrusion detection using
ensemble of soft computing and hard computing paradigms, " Journal of
Network and Computer Applications, Elsevier Science, vol. 28, issue 2,
pp. 167-182, 2005
@article{"International Journal of Information, Control and Computer Sciences:60040", author = "Fatemeh Amiri and Caro Lucas and Nasser Yazdani", title = "Anomaly Detection using Neuro Fuzzy system", abstract = "As the network based technologies become
omnipresent, demands to secure networks/systems against threat
increase. One of the effective ways to achieve higher security is
through the use of intrusion detection systems (IDS), which are a
software tool to detect anomalous in the computer or network. In this
paper, an IDS has been developed using an improved machine
learning based algorithm, Locally Linear Neuro Fuzzy Model
(LLNF) for classification whereas this model is originally used for
system identification. A key technical challenge in IDS and LLNF
learning is the curse of high dimensionality. Therefore a feature
selection phase is proposed which is applicable to any IDS. While
investigating the use of three feature selection algorithms, in this
model, it is shown that adding feature selection phase reduces
computational complexity of our model. Feature selection algorithms
require the use of a feature goodness measure. The use of both a
linear and a non-linear measure - linear correlation coefficient and
mutual information- is investigated respectively", keywords = "anomaly Detection, feature selection, Locally Linear
Neuro Fuzzy (LLNF), Mutual Information (MI), liner correlation
coefficient.", volume = "3", number = "1", pages = "129-8", }
