Abstract
Security in computer networks is an active research field since traditional approaches (e.g., access control, encryption, firewalls, etc.) are unable to completely protect networks from attacks and malwares. That is why Intrusion Detection Systems (IDS) have become an essential component of security infrastructure to detect these threats before they inflict widespread damage. Concisely, network intrusion detection is essentially a pattern recognition problem in which network traffic patterns are classified as either normal or abnormal. Several Computational Intelligence (CI) methods have been proposed to solve this challenging problem, including fuzzy sets, swarm intelligence, artificial neural networks and evolutionary computation. Despite the relative success of such methods, the complexity of the classification task associated with intrusion detection demands more effective models. On the other hand, there are scenarios where identifying abnormal patterns could be a challenge as the collected data is still permeated with uncertainty. In this chapter, we tackle the network intrusion detection problem from a classification angle by using a recently proposed granular model named Rough Cognitive Networks (RCN). An RCN is a fuzzy cognitive map that leans upon rough set theory to define its topological constructs. An optimization-based learning mechanism for RCNs is also introduced. The empirical evidence indicates that the RCN is a suitable approach for detecting abnormal traffic patterns in computer networks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abraham, A., Falcon, R., Bello, R.: Rough Set Theory: A True Landmark in Data Analysis. Springer, Heidelberg (2009)
Adetunmbi, A.O., Falaki, S.O., Adewale, O.S., Alese, B.K.: Network intrusion detection based on rough set and k-nearest neighbour. I. J. Comput. ICT Res. 2(1), 60–66 (2008)
Aldous, D.: The continuum random tree. I. Ann. Prob. 1–28 (1991)
Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)
Balajinath, B., Raghavan, S.: Intrusion detection through learning behavior model. Comput. Commun. 24(12), 1202–1212 (2001)
Bello, R., Falcon, R., Pedrycz, W., Kacprzyk, J.: Granular Computing: At The Junction of Rough Sets and Fuzzy Sets. Springer, Heidelberg (2008)
Bello, R., Verdegay, J.L.: Rough sets in the soft computing environment. Inf. Sci. 212, 1–14 (2012)
Bhuyan, M.H., Bhattacharyya, D., Kalita, J.K.: Network anomaly detection: methods, systems and tools. IEEE Commun. Surv. Tutorials 16(1), 303–336 (2014)
Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)
Bueno, S., Salmeron, J.L.: Benchmarking main activation functions in fuzzy cognitive maps. Expert Syst. Appl. 36(3), 5221–5229 (2009)
Cannady, J.: Artificial neural networks for misuse detection. In: National Information Systems Security Conference, pp. 368–81 (1998)
Chang, C.C., Lin, C.J.: Libsvm: a library for support vector machines. ACM Trans. Intell. Syst. Technol. (TIST) 2(3), 27 (2011)
Chen, R.C., Cheng, K.F., Chen, Y.H., Hsieh, C.F.: Using rough set and support vector machine for network intrusion detection system. In: First Asian Conference on Intelligent Information and Database Systems, 2009. ACIIDS 2009, pp. 465–470. IEEE (2009)
Chimphlee, W., Abdullah, A.H., Noor Md Sap, M., Srinoy, S., Chimphlee, S.: Anomaly-based intrusion detection using fuzzy rough clustering. In: International Conference on Hybrid Information Technology, 2006. ICHIT’06, vol. 1, pp. 329–334. IEEE (2006)
Costa, K.A., Pereira, L.A., Nakamura, R.Y., Pereira, C.R., Papa, J.P., FalcĂ£o, A.X.: A nature-inspired approach to speed up optimum-path forest clustering and its application to intrusion detection in computer networks. Inf. Sci. 294, 95–108 (2015)
Dickerson, J.E., Dickerson, J.A.: Fuzzy network profiling for intrusion detection. In: 19th International Conference of the North American Fuzzy Information Processing Society, 2000. NAFIPS, pp. 301–306. IEEE (2000)
Elkan, C.: Results of the KDD’99 classifier learning. ACM SIGKDD Explor. Newsl. 1(2), 63–64 (2000)
Faraoun, K., Boukelif, A.: Genetic programming approach for multi-category pattern classification applied to network intrusions detection. Int. J. Comput. Intell. Appl. 6(01), 77–99 (2006)
Feng, W., Zhang, Q., Hu, G., Huang, J.X.: Mining network data for intrusion detection through combining svms with ant colony networks. Future Gener. Comput. Syst. 37, 127–140 (2014)
Gao, H.H., Yang, H.H., Wang, X.Y.: Ant colony optimization based network intrusion feature selection and detection. In: Proceedings of 2005 International Conference on Machine Learning and Cybernetics, 2005, vol. 6, pp. 3871–3875. IEEE (2005)
Geramiraz, F., Memaripour, A.S., Abbaspour, M.: Adaptive anomaly-based intrusion detection system using fuzzy controller. Int. J. Netw. Secur. 14(6), 352–361 (2012)
Govindarajan, M.: Hybrid intrusion detection using ensemble of classification methods. Int. J. Comput. Netw. Inf. Secur. 2, 45–53 (2014)
Guo, C., Zhou, Y., Ping, Y., Zhang, Z., Liu, G., Yang, Y.: A distance sum-based hybrid method for intrusion detection. Appl. Intell. 40(1), 178–188 (2014)
Hofmann, A., Schmitz, C., Sick, B.: Rule extraction from neural networks for intrusion detection in computer networks. In: IEEE International Conference on Systems, Man and Cybernetics, 2003, vol. 2, pp. 1259–1265. IEEE (2003)
Hong, J., Baker, M.: Wearable computing. IEEE Pervasive Comput. 13(2), 7–9 (2014)
Jankowski, A., Skowron, A.: Toward perception based computing: A rough-granular perspective. In: Zhong, N., Liu, J., Yao, Y., Wu, J., Lu, S., Li, K. (eds.) Web Intelligence Meets Brain Informatics. Lecture Notes in Computer Science, vol. 4845, pp. 122–142. Springer, Heidelberg (2007)
Jazzar, M., Bin Jantan, A.: Using fuzzy cognitive maps to reduce false alerts in SOM-based intrusion detection sensors. In: Second Asia International Conference on Modeling Simulation, 2008. AICMS 08, pp. 1054–1060 (2008)
John, G.H., Langley, P.: Estimating continuous distributions in Bayesian classifiers. In: Proceedings of the Eleventh conference on Uncertainty in artificial intelligence, pp. 338–345. Morgan Kaufmann Publishers Inc. (1995)
Karami, A., Guerrero-Zapata, M.: A fuzzy anomaly detection system based on hybrid pso-kmeans algorithm in content-centric networks. Neurocomputing 149, 1253–1269 (2015)
KDD Cup 1999: KDD’99 dataset (2007). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Khan, M.S.A.: Rule based network intrusion detection using genetic algorithm. Int. J. Comput. Appl. 18(8), 26–29 (2011)
Kirkpatrick, K.: Software-defined networking. Commun. ACM 56(9), 16–19 (2013)
Kohavi, R.: Scaling up the accuracy of Naive-Bayes classifiers: a decision-tree hybrid. In: KDD, pp. 202–207 (1996)
Kosko, B.: Fuzzy cognitive maps. Int. J. Man Mach. Stud. 24(1), 65–75 (1986)
Kosko, B.: Hidden patterns in combined and adaptive knowledge networks. Int. J. Approximate Reasoning 2(4), 377–393 (1988)
Kosko, B.: Fuzzy Engineering (1996)
Krichene, J., Boudriga, N.: Incident response probabilistic cognitive maps. In: International Symposium on Parallel and Distributed Processing with Applications, 2008. ISPA ’08, pp. 689–694 (2008)
Kuang, F., Xu, W., Zhang, S.: A novel hybrid KPCA and SVM with GA model for intrusion detection. Appl. Soft Comput. 18, 178–184 (2014)
Kuehn, A.: Extending Cybersecurity, Securing Private Internet Infrastructure: the US Einstein Program and its Implications for Internet Governance. Springer (2014)
Labib, K., Vemuri, V.R.: NSOM: A tool to detect denial of service attacks using self-organizing maps. Department of Applied Science University of California, Davis, California, USA, Technical Report (2002)
Li, L., Zhao, K.: A new intrusion detection system based on rough set theory and fuzzy support vector machine. In: 2011 3rd International Workshop on Intelligent Systems and Applications (ISA), pp. 1–5 (2011)
Liang, D., Pedrycz, W., Liu, D., Hu, P.: Three-way decisions based on decision-theoretic rough sets under linguistic assessment with the aid of group decision making. Appl. Soft Comput. 29, 256–269 (2015)
Liu, G.G.: Intrusion detection systems. In: Applied Mechanics and Materials, vol. 596, pp. 852–855. Trans Tech Publications (2014)
Loganathan, G.: A new heuristic optimization algorithm: harmony search. Simulation 76(2), 60–68 (2001)
Manikopoulos, C., Papavassiliou, S.: Network intrusion and fault detection: a statistical anomaly approach. IEE Commun. Mag. 40(10), 76–82 (2002)
McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln laboratory. ACM Trans. Inf. Syst. Secur. 3(4), 262–294 (2000)
Mell, P., Grance, T.: The NIST definition of cloud computing (2011)
NĂ¡poles, G., Grau, I., Vanhoof, K., Bello, R.: Hybrid model based on rough sets theory and fuzzy cognitive maps for decision-making. In: Kryszkiewicz, M., Cornelis, C., Ciucci, D., Medina-Moreno, J., Motoda, H., Ras, Z. (eds.) RSEISP 2014 (2014)
Pawlak, Z.: Rough sets. Int. J. Comput. Inf. Sci. 11(5), 341–356 (1982)
Pedrycz, W., Al-Hmouz, R., Morfeq, A., Balamash, A.S.: Building granular fuzzy decision support systems. Knowl.-Based Syst. 58, 3–10 (2014)
Pedrycz, W., Al-Hmouz, R., Morfeq, A., Balamash, A.S.: Distributed proximity-based granular clustering: towards a development of global structural relationships in data. Soft Comput. 1–17 (2014)
Pedrycz, W., Skowron, A., Kreinovich, V.: Handbook of Granular Computing. Wiley (2008)
Poongothai, T., Duraiswamy, K.: Effective cross layer intrusion detection in mobile ad hoc networks using rough set theory and support vector machines. Asian J. Inf. Technol. 12(8), 242–249 (2013)
Quinlan, J.R.: C4.5: Programs for Machine Learning (2014)
Roh, S.B., Pedrycz, W., Ahn, T.C.: A design of granular fuzzy classifier. Expert Syst. Appl. 41(15), 6786–6795 (2014)
Ruck, D.W., Rogers, S.K., Kabrisky, M., Oxley, M.E., Suter, B.W.: The multilayer perceptron as an approximation to a Bayes optimal discriminant function. IEEE Trans. Neural Netw. 1(4), 296–298 (1990)
Shafi, K., Abbass, H.A.: Biologically-inspired complex adaptive systems approaches to network intrusion detection. Inf. Secur. Tech. Rep. 12(4), 209–217 (2007)
Shafi, K., Abbass, H.A.: An adaptive genetic-based signature learning system for intrusion detection. Expert Syst. Appl. 36(10), 12036–12043 (2009)
Shafi, K., Kovacs, T., Abbass, H.A., Zhu, W.: Intrusion detection with evolutionary learning classifier systems. Nat. Comput. 8(1), 3–27 (2009)
Shrivastava, S.K., Jain, P.: Effective anomaly based intrusion detection using rough set theory and support vector machine. Int. J. Comput. Appl. 18(3), 35–41 (2011)
Simmross-Wattenberg, F., Asensio-Pérez, J.I., Casaseca-de-la H.P., Martin-Fernandez, M., Dimitriadis, I.A., Alberola-Lopez, C.: Anomaly detection in network traffic based on statistical inference and alpha-stable modeling. IEEE Trans. Dependable Secure Comput. 8(4), 494–509 (2011)
Siraj, A., Vaughn, R.: Multi-level alert clustering for intrusion detection sensor data. In: Annual Meeting of the North American Fuzzy Information Processing Society, 2005. NAFIPS 2005, pp. 748–753 (2005)
Siraj, A., Bridges, S.M., Vaughn, R.B.: Fuzzy cognitive maps for decision support in an intelligent intrusion detection system. In: Joint 9th IFSA World Congress and 20th NAFIPS International Conference, 2001, vol. 4, pp. 2165–2170. IEEE (2001)
Siraj, A., Vaughn, R.B., Bridges, S.M.: Intrusion sensor data fusion in an intelligent intrusion detection system architecture. In: Proceedings of the 37th Annual Hawaii International Conference on System Sciences, 2004, pp. 1–10. IEEE (2004)
Sivaranjanadevi, P., Geetanjali, M., Balaganesh, S., Poongothai, T.: An effective intrusion system for mobile ad hoc networks using rough set theory and support vector machine. IJCA Proc. E Governance Cloud Comput. Serv. 2, 1–7 (2012)
Song, X., Wu, M., Jermaine, C., Ranka, S.: Conditional anomaly detection. IEEE Trans. Knowl. Data Eng. 19(5), 631–645 (2007)
Sun, J., Yang, H., Tian, J., Wu, F.: Intrusion detection method based on wavelet neural network. In: Second International Workshop on Knowledge Discovery and Data Mining, 2009. WKDD 2009, pp. 851–854. IEEE (2009)
Tajbakhsh, A., Rahmati, M., Mirzaei, A.: Intrusion detection using fuzzy association rules. Appl. Soft Comput. 9(2), 462–469 (2009)
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications 2009 (2009)
Visconti, A., Tahayori, H.: Artificial immune system based on interval type-2 fuzzy set paradigm. Appl. Soft Comput. 11(6), 4055–4063 (2011)
Wang, C.M., Huang, Y.F.: Self-adaptive harmony search algorithm for optimization. Expert Syst. Appl. 37(4), 2826–2837 (2010)
Wang, W., Pedrycz, W., Liu, X.: Time series long-term forecasting model based on information granules and fuzzy clustering. Eng. Appl. Artif. Intell. 41, 17–24 (2015)
Wu, S.X., Banzhaf, W.: The use of computational intelligence in intrusion detection systems: a review. Appl. Soft Comput. 10(1), 1–35 (2010)
Xin, J., Dickerson, J., Dickerson, J.A.: Fuzzy feature extraction and visualization for intrusion detection. In: The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ’03, vol. 2, pp. 1249–1254. IEEE (2003)
Yang, H., Li, T., Hu, X., Wang, F., Zou, Y.: A survey of artificial immune system based intrusion detection. Sci. World J. 2014 (2014)
Yao, Y.: Three-way decision: An interpretation of rules in rough set theory. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 5589 LNAI, 642–649 (2009)
Yao, Y.: Three-way decisions with probabilistic rough sets. Inf. Sci. 180(3), 341–353 (2010)
Yong, H., Feng, Z.X.: Expert system based intrusion detection system. In: 2010 International Conference on Information Management, Innovation Management and Industrial Engineering (ICIII), vol. 4, pp. 404–407. IEEE (2010)
Yu, M.: A nonparametric adaptive cusum method and its application in network anomaly detection. Int. J. Advancements Comput. Technol. 4(1), 280–288 (2012)
Zaghdoud, M., Al-Kahtani, M.S.: Contextual fuzzy cognitive map for intrusion response system. Int. J. Comput. Inf. Technol. 2(3), 471–478 (2013)
Zhang, C., Jiang, J., Kamel, M.: Comparison of BPL and RBF network in intrusion detection system. In: Rough Sets, Fuzzy Sets, Data Mining, and Granular Computing, pp. 466–470. Springer (2003)
Zhang, L., Bai, Z., Luo, S., Cui, G., Li, X.: A dynamic artificial immune-based intrusion detection method using rough and fuzzy set. In: 2013 International Conference on Information and Network Security (ICINS 2013), pp. 1–7 (2013)
Zhong, C., Yang, F., Zhang, L., Li, Z.: An efficient distributed coordinated intrusion detection algorithm. In: 2005 International Conference on Machine Learning and Cybernetics, pp. 2679–2685 (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this chapter
Cite this chapter
NĂ¡poles, G., Grau, I., Falcon, R., Bello, R., Vanhoof, K. (2016). A Granular Intrusion Detection System Using Rough Cognitive Networks. In: Abielmona, R., Falcon, R., Zincir-Heywood, N., Abbass, H. (eds) Recent Advances in Computational Intelligence in Defense and Security. Studies in Computational Intelligence, vol 621. Springer, Cham. https://doi.org/10.1007/978-3-319-26450-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-26450-9_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26448-6
Online ISBN: 978-3-319-26450-9
eBook Packages: EngineeringEngineering (R0)