Journal ArticleDOI
An Intrusion-Detection Model Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming
Shingo Mabu,Ci Chen,Nannan Lu,Kaoru Shimada,Kotaro Hirasawa +4 more
- Vol. 41, Iss: 1, pp 130-139
Reads0
Chats0
TLDR
A novel fuzzy class-association-rule mining method based on genetic network programming (GNP) for detecting network intrusions and can be flexibly applied to both misuse and anomaly detection in network-intrusion-detection problems.Abstract:
As the Internet services spread all over the world, many kinds and a large number of security threats are increasing. Therefore, intrusion detection systems, which can effectively detect intrusion accesses, have attracted attention. This paper describes a novel fuzzy class-association-rule mining method based on genetic network programming (GNP) for detecting network intrusions. GNP is an evolutionary optimization technique, which uses directed graph structures instead of strings in genetic algorithm or trees in genetic programming, which leads to enhancing the representation ability with compact programs derived from the reusability of nodes in a graph structure. By combining fuzzy set theory with GNP, the proposed method can deal with the mixed database that contains both discrete and continuous attributes and also extract many important class-association rules that contribute to enhancing detection ability. Therefore, the proposed method can be flexibly applied to both misuse and anomaly detection in network-intrusion-detection problems. Experimental results with KDD99Cup and DARPA98 databases from MIT Lincoln Laboratory show that the proposed method provides competitively high detection rates compared with other machine-learning techniques and GNP with crisp data mining.read more
Citations
More filters
Journal ArticleDOI
Network Anomaly Detection: Methods, Systems and Tools
TL;DR: This paper provides a structured and comprehensive overview of various facets of network anomaly detection so that a researcher can become quickly familiar with every aspect of network anomalies detection.
Journal ArticleDOI
DDoS Attack Detection and Mitigation Using SDN: Methods, Practices, and Solutions
TL;DR: An in-depth survey and discussion of existing SDN-based DDoS attack detection and mitigation mechanisms, and they are classified with respect to the detection techniques and how this framework can be utilized to secure applications built for smart cities.
Journal ArticleDOI
Intrusion detection systems for IoT-based smart environments: a survey
TL;DR: A comprehensive survey of the latest IDSs designed for the IoT model, with a focus on the corresponding methods, features, and mechanisms, and deep insight into the IoT architecture, emerging security vulnerabilities, and their relation to the layers of the IoT Architecture is provided.
Journal ArticleDOI
Machine Learning Techniques for Anomaly Detection: An Overview
TL;DR: This paper presents an overview of research directions for applying supervised and unsupervised methods for managing the problem of anomaly detection, and covers the major theoretical issues.
Journal ArticleDOI
A Survey of Distance and Similarity Measures Used Within Network Intrusion Anomaly Detection
TL;DR: An overview of the use of similarity and distance measures within NIAD research is presented and a theoretical background in distance measures is provided and a discussion of various types of distance measures and their uses are discussed.
References
More filters
Book
Genetic Programming: On the Programming of Computers by Means of Natural Selection
TL;DR: This book discusses the evolution of architecture, primitive functions, terminals, sufficiency, and closure, and the role of representation and the lens effect in genetic programming.
Proceedings Article
Fast algorithms for mining association rules
TL;DR: Two new algorithms for solving thii problem that are fundamentally different from the known algorithms are presented and empirical evaluation shows that these algorithms outperform theknown algorithms by factors ranging from three for small problems to more than an order of magnitude for large problems.
Journal ArticleDOI
An Intrusion-Detection Model
TL;DR: A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.
Proceedings ArticleDOI
A sense of self for Unix processes
TL;DR: A method for anomaly detection is introduced in which "normal" is defined by short-range correlations in a process' system calls, and initial experiments suggest that the definition is stable during normal behaviour for standard UNIX programs.
Journal ArticleDOI
Genetic Programming II: Automatic Discovery of Reusable Programs.
TL;DR: This book presents evidence that it is possible to interpret GP with ADFs as performing either a top-down process of problem decomposition or a bottom-up process of representational change to exploit identified regularities.