Abstract
An intrusion detection system is proposed which is capable of detecting penetration, break-ins and other security breaches in near real time. The system has been developed using Logical Analysis of Data (LAD) where the attack is detected by monitoring the network traffic. LAD generates positive and negative patterns from historical observations to classify the unknown observations. It uses the concepts of partially defined Boolean functions and its extensions to extract patterns for classification. The Information Gain ratio technique is used to produce the support set of features. The performance of the proposed technique has an advantage over other techniques as it can detect anomalous behavior in near real time. WEKA tool has been used to build the classifiers and their performance is compared with the proposed model. Detection of abnormal behaviour is significantly achieved by the proposed implementation than the LAD-WEKA.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ahmed, M., Mahmood, A.N., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016). https://doi.org/10.1016/j.jnca.2015.11.016
Alexe, G., Alexe, S., Bonates, T.O., Kogan, A.: Logical analysis of data-the vision of Peter L. Hammer. Ann. Math. Artif. Intell. 49(1–4), 265–312 (2007). https://doi.org/10.1007/s10472-007-9065-2
Almomani, O.: A feature selection model for network intrusion detection system based on PSO, GWO, FFA and GA algorithms. Symmetry 12(6), 1046 (2020). https://doi.org/10.3390/sym12061046
Almuallim, H., Dietterich, T.G.: Learning Boolean concepts in the presence of many irrelevant features. Artif. Intell. 69(1–2), 279–305 (1994). https://doi.org/10.1016/0004-3702(94)90084-1
Alzahrani, A.O., Alenazi, M.J.F.: Designing a network intrusion detection system based on machine learning for software defined networks. Future Internet 13(5) (2021). https://doi.org/10.3390/fi13050111
Amaizu, G.C., Nwakanma, C.I., Lee, J.M., Kim, D.S.: Investigating network intrusion detection datasets using machine learning. In: 2020 International Conference on Information and Communication Technology Convergence (ICTC), pp. 1325–1328 (2020). https://doi.org/10.1109/ICTC49870.2020.9289329
Ashwini Pathak, S.P.: Study on decision tree and KNN algorithm for intrusion detection system. Int. J. Eng. Res. Technol. (IJERT) 9, 376–381 (2020). https://doi.org/10.17577/IJERTV9IS050303
Boros, E., Hammer, P.L., Ibaraki, T., Kogan, A., Mayoraz, E., Muchnik, I.: An implementation of logical analysis of data. IEEE Trans. Knowl. Data Eng. 12(2), 292–306 (2000). https://doi.org/10.1109/69.842268
Choudhury, S., Bhowal, A.: Comparative analysis of machine learning algorithms along with classifiers for network intrusion detection. In: 2015 International Conference on Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM), pp. 89–95 (2015). https://doi.org/10.1109/ICSTM.2015.7225395
Crama, Y., Hammer, P.L., Ibaraki, T.: Cause-effect relationships and partially defined Boolean functions. Ann. Oper. Res. 16(1), 299–325 (1988). https://doi.org/10.1007/BF02283750
Das, T.K., Adepu, S., Zhou, J.: Anomaly detection in industrial control systems using logical analysis of data. Comput. Secur. 96, 101935 (2020). https://doi.org/10.1016/j.cose.2020.101935
Das, T.K., Gangopadhyay, S., Zhou, J.: SSIDS: semi-supervised intrusion detection system by extending the logical analysis of data. CoRR arXiv:2007.10608 (2020)
Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 2, 222–232 (1987). https://doi.org/10.1109/TSE.1987.232894
Depren, O., Topallar, M., Anarim, E., Ciliz, M.K.: An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Syst. Appl. 29(4), 713–722 (2005). https://doi.org/10.1016/j.eswa.2005.05.002
Dua, M., et al.: Attribute selection and ensemble classifier based novel approach to intrusion detection system. Procedia Comput. Sci. 167, 2191–2199 (2020). https://doi.org/10.1016/j.procs.2020.03.271
Hammer, P.L.: Partially defined Boolean functions and cause-effect relationships. In: Proceedings of the International Conference on Multi-attribute Decision Making via OR-Based Expert Systems. University of Passau (1986)
Hammer, P.L., Bonates, T.O.: Logical analysis of data - an overview: from combinatorial optimization to medical applications. Ann. Oper. Res. 148(1), 203–225 (2006). https://doi.org/10.1007/s10479-006-0075-y
Khammassi, C., Krichen, S.: A GA-LR wrapper approach for feature selection in network intrusion detection. Comput. Secur. 70, 255–277 (2017). https://doi.org/10.1016/j.cose.2017.06.005
Li, L., Yu, Y., Bai, S., Hou, Y., Chen, X.: An effective two-step intrusion detection approach based on binary classification and \(k\)-nn. IEEE Access 6, 12060–12073 (2018). https://doi.org/10.1109/ACCESS.2017.2787719
Mishra, P., Varadharajan, V., Tupakula, U., Pilli, E.S.: A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Commun. Surv. Tutor. 21(1), 686–728 (2019). https://doi.org/10.1109/COMST.2018.2847722
Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1–6 (2015). https://doi.org/10.1109/MilCIS.2015.7348942
Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. Glob. Perspect. 25(1–3), 18–31 (2016). https://doi.org/10.1080/19393555.2015.1125974
Moustafa, N., Slay, J., Creech, G.: Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Trans. Big Data 5(4), 481–494 (2019). https://doi.org/10.1109/TBDATA.2017.2715166
Shilpashree, S.: Decision tree: a machine learning for intrusion detection. Int. J. Innov. Technol. Explor. Eng. 8, 5 (2019). https://doi.org/10.35940/ijitee.F1234.0486S419
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Chauhan, S., Gangopadhyay, S. (2022). Design of Intrusion Detection System Based on Logical Analysis of Data (LAD) Using Information Gain Ratio. In: Dolev, S., Katz, J., Meisels, A. (eds) Cyber Security, Cryptology, and Machine Learning. CSCML 2022. Lecture Notes in Computer Science, vol 13301. Springer, Cham. https://doi.org/10.1007/978-3-031-07689-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-031-07689-3_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-07688-6
Online ISBN: 978-3-031-07689-3
eBook Packages: Computer ScienceComputer Science (R0)