One main drawback of intrusion detection system is the
inability of detecting new attacks which do not have known
signatures. In this paper we discuss an intrusion detection method
that proposes independent component analysis (ICA) based feature
selection heuristics and using rough fuzzy for clustering data. ICA is
to separate these independent components (ICs) from the monitored
variables. Rough set has to decrease the amount of data and get rid of
redundancy and Fuzzy methods allow objects to belong to several
clusters simultaneously, with different degrees of membership. Our
approach allows us to recognize not only known attacks but also to
detect activity that may be the result of a new, unknown attack. The
experimental results on Knowledge Discovery and Data Mining-
(KDDCup 1999) dataset.
[1] D.S Bauer, M.E Koblentz,. NIDX- an expert system for real-time
network intrusion detection, Proceedings of the Computer Networking
Symposium, 1988. pp. 98-106.
[2] R. Bace and P. Mell, Intrusion Detection Systems, NIST Special
Publication on Intrusion Detection System, 31 November 2001.
[3] A.Sundaram, An introduction to intrusion detection, Crossroads: The
ACM student magazine, 2(4), April 1996.
[4] D. Denning, An intrusion-detection model, In IEEE computer society
symposium on research in security and privacy, 1986, pp. 118-131.
[5] T.Lane, Machine Learning techniques for the computer Security, PhD
thesis, Purdue University, 2000.
[6] W. Lee and S. Stolfo, Data mining approaches for intrusion detection,
Proc. of the 7th USENIX security symposium, 1998.
[7] D.Dagupta and F. Gonzalez, An immunity-based technique to
characterize intrusions in computer networks, IEEE Transactions on
Evolutionary Computation, 6, June 2002, 28- 291,
[8] H. Jin, J. Sun, H. Chen, and Z. Han, A Fuzzy Data Mining Based
Intrusion Detection System, Proc. of 10thInternational Workshop on
future Trends in Distributed Computing Systems (FTDCS04) IEEE
Computer Society, Suzhou, China, May 26-28, 2004, 191-197.
[9] J. Twycross , Immune Systems, Danger Theory and Intrusion Detection,
presented at the AISB 2004 Symposium on Immune System and
Cognition, Leeds, U.K., March 2004.
[10] R.T. Alves, M.R.B.S. Delgado, H.S. Lopes, A.A. Freitas,An artificial
immune system for fuzzy-rule induction in data mining, Lecture Notes in
Computer Science, Berlin: Springer-Verlag, 3242, 2004, 1011-1020.
[11] Q. Shen and A. , Chouchoulas. Rough set-based dimensionality
reduction for supervised and unsupervised learning. International
Journal of APPLIED MATHEMATICS AND COMPUTER SCIENCE,
11 (3), 2001, 583-601,
[12] J. Katzberg and W. Ziarko, Variable precision extension of rough sets,
In W. Ziarko (ed.) Fundamenta Informaticae, Special Issue on Rough
Sets, 27, (2-3), 1996,155-168.
[13] D. Sarjon and Mohd Noor Md Sap, Association Rules Using Rough Set
and Association Rule Methods, Proc.of 7th Pacific Rim International
Conference on Artificial Intelligence (PRICAI-02),Tokyo, Japan, August
18-22, 2002, 238-243.
[14] J. Bezkek, Pattern Recognition with Fuzzy Objective Function
Algorithms, Plenum Press, USA, 1981.
[15] KDD data set, 1999;
http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
[16] P. Laskov, K. Rieck, C. Schäfer, K.R. Müller, "Visualization of anomaly
detection using prediction sensitivity", Proc.of Sicherheit, April 2005,
197- 208.
[17] W. Chimphlee, Abdul Hanan Abdullah, Mohd Noor Md Sap, S.
Chimphlee, and S. Srinoy, Unsupervised Clustering methods for
Identifying Rare Events in Anomaly Detection, 6th Internation
Enformatika Conference (IEC2005), October 26-28, 2005, Budapest,
Hungary.
[18] A. Lazarevic, A. Ozgur, L. Ertoz, J. Srivastava, and V. Kumar, A
comparative study of anomaly detection schemes in network intrusion
detection. In SIAM International Conference on Data Mining, 2003.
[19] T. Wakaki, H. Itakura, and M.Tamura, Rough Set-Aided Feature
Selection for Automatic Web-Page Classification, Proc. of the
IEEE/WIC/ACM International Conference on Web Intelligence (WI-04).
[20] S. Chebrolu, A. Abraham, J. P. Thomas, Feature deduction and ensemble
design of intrusion detection systems, Computer & Security (2004).
[1] D.S Bauer, M.E Koblentz,. NIDX- an expert system for real-time
network intrusion detection, Proceedings of the Computer Networking
Symposium, 1988. pp. 98-106.
[2] R. Bace and P. Mell, Intrusion Detection Systems, NIST Special
Publication on Intrusion Detection System, 31 November 2001.
[3] A.Sundaram, An introduction to intrusion detection, Crossroads: The
ACM student magazine, 2(4), April 1996.
[4] D. Denning, An intrusion-detection model, In IEEE computer society
symposium on research in security and privacy, 1986, pp. 118-131.
[5] T.Lane, Machine Learning techniques for the computer Security, PhD
thesis, Purdue University, 2000.
[6] W. Lee and S. Stolfo, Data mining approaches for intrusion detection,
Proc. of the 7th USENIX security symposium, 1998.
[7] D.Dagupta and F. Gonzalez, An immunity-based technique to
characterize intrusions in computer networks, IEEE Transactions on
Evolutionary Computation, 6, June 2002, 28- 291,
[8] H. Jin, J. Sun, H. Chen, and Z. Han, A Fuzzy Data Mining Based
Intrusion Detection System, Proc. of 10thInternational Workshop on
future Trends in Distributed Computing Systems (FTDCS04) IEEE
Computer Society, Suzhou, China, May 26-28, 2004, 191-197.
[9] J. Twycross , Immune Systems, Danger Theory and Intrusion Detection,
presented at the AISB 2004 Symposium on Immune System and
Cognition, Leeds, U.K., March 2004.
[10] R.T. Alves, M.R.B.S. Delgado, H.S. Lopes, A.A. Freitas,An artificial
immune system for fuzzy-rule induction in data mining, Lecture Notes in
Computer Science, Berlin: Springer-Verlag, 3242, 2004, 1011-1020.
[11] Q. Shen and A. , Chouchoulas. Rough set-based dimensionality
reduction for supervised and unsupervised learning. International
Journal of APPLIED MATHEMATICS AND COMPUTER SCIENCE,
11 (3), 2001, 583-601,
[12] J. Katzberg and W. Ziarko, Variable precision extension of rough sets,
In W. Ziarko (ed.) Fundamenta Informaticae, Special Issue on Rough
Sets, 27, (2-3), 1996,155-168.
[13] D. Sarjon and Mohd Noor Md Sap, Association Rules Using Rough Set
and Association Rule Methods, Proc.of 7th Pacific Rim International
Conference on Artificial Intelligence (PRICAI-02),Tokyo, Japan, August
18-22, 2002, 238-243.
[14] J. Bezkek, Pattern Recognition with Fuzzy Objective Function
Algorithms, Plenum Press, USA, 1981.
[15] KDD data set, 1999;
http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
[16] P. Laskov, K. Rieck, C. Schäfer, K.R. Müller, "Visualization of anomaly
detection using prediction sensitivity", Proc.of Sicherheit, April 2005,
197- 208.
[17] W. Chimphlee, Abdul Hanan Abdullah, Mohd Noor Md Sap, S.
Chimphlee, and S. Srinoy, Unsupervised Clustering methods for
Identifying Rare Events in Anomaly Detection, 6th Internation
Enformatika Conference (IEC2005), October 26-28, 2005, Budapest,
Hungary.
[18] A. Lazarevic, A. Ozgur, L. Ertoz, J. Srivastava, and V. Kumar, A
comparative study of anomaly detection schemes in network intrusion
detection. In SIAM International Conference on Data Mining, 2003.
[19] T. Wakaki, H. Itakura, and M.Tamura, Rough Set-Aided Feature
Selection for Automatic Web-Page Classification, Proc. of the
IEEE/WIC/ACM International Conference on Web Intelligence (WI-04).
[20] S. Chebrolu, A. Abraham, J. P. Thomas, Feature deduction and ensemble
design of intrusion detection systems, Computer & Security (2004).
@article{"International Journal of Information, Control and Computer Sciences:63878", author = "Surat Srinoy and Werasak Kurutach and Witcha Chimphlee and Siriporn Chimphlee", title = "Network Anomaly Detection using Soft Computing", abstract = "One main drawback of intrusion detection system is the
inability of detecting new attacks which do not have known
signatures. In this paper we discuss an intrusion detection method
that proposes independent component analysis (ICA) based feature
selection heuristics and using rough fuzzy for clustering data. ICA is
to separate these independent components (ICs) from the monitored
variables. Rough set has to decrease the amount of data and get rid of
redundancy and Fuzzy methods allow objects to belong to several
clusters simultaneously, with different degrees of membership. Our
approach allows us to recognize not only known attacks but also to
detect activity that may be the result of a new, unknown attack. The
experimental results on Knowledge Discovery and Data Mining-
(KDDCup 1999) dataset.", keywords = "Network security, intrusion detection, rough set,
ICA, anomaly detection, independent component analysis, rough
fuzzy .", volume = "1", number = "9", pages = "2876-5", }
