Skip to main content
SpringerLink
Log in

A Granular Intrusion Detection System Using Rough Cognitive Networks

  • Chapter
  • First Online:
Recent Advances in Computational Intelligence in Defense and Security

Part of the book series: Studies in Computational Intelligence ((SCI,volume 621))

Abstract

Security in computer networks is an active research field since traditional approaches (e.g., access control, encryption, firewalls, etc.) are unable to completely protect networks from attacks and malwares. That is why Intrusion Detection Systems (IDS) have become an essential component of security infrastructure to detect these threats before they inflict widespread damage. Concisely, network intrusion detection is essentially a pattern recognition problem in which network traffic patterns are classified as either normal or abnormal. Several Computational Intelligence (CI) methods have been proposed to solve this challenging problem, including fuzzy sets, swarm intelligence, artificial neural networks and evolutionary computation. Despite the relative success of such methods, the complexity of the classification task associated with intrusion detection demands more effective models. On the other hand, there are scenarios where identifying abnormal patterns could be a challenge as the collected data is still permeated with uncertainty. In this chapter, we tackle the network intrusion detection problem from a classification angle by using a recently proposed granular model named Rough Cognitive Networks (RCN). An RCN is a fuzzy cognitive map that leans upon rough set theory to define its topological constructs. An optimization-based learning mechanism for RCNs is also introduced. The empirical evidence indicates that the RCN is a suitable approach for detecting abnormal traffic patterns in computer networks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abraham, A., Falcon, R., Bello, R.: Rough Set Theory: A True Landmark in Data Analysis. Springer, Heidelberg (2009)

    Book  MATH  Google Scholar 

  2. Adetunmbi, A.O., Falaki, S.O., Adewale, O.S., Alese, B.K.: Network intrusion detection based on rough set and k-nearest neighbour. I. J. Comput. ICT Res. 2(1), 60–66 (2008)

    Google Scholar 

  3. Aldous, D.: The continuum random tree. I. Ann. Prob. 1–28 (1991)

    Google Scholar 

  4. Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)

    Article  MATH  Google Scholar 

  5. Balajinath, B., Raghavan, S.: Intrusion detection through learning behavior model. Comput. Commun. 24(12), 1202–1212 (2001)

    Article  Google Scholar 

  6. Bello, R., Falcon, R., Pedrycz, W., Kacprzyk, J.: Granular Computing: At The Junction of Rough Sets and Fuzzy Sets. Springer, Heidelberg (2008)

    Book  MATH  Google Scholar 

  7. Bello, R., Verdegay, J.L.: Rough sets in the soft computing environment. Inf. Sci. 212, 1–14 (2012)

    Article  MathSciNet  Google Scholar 

  8. Bhuyan, M.H., Bhattacharyya, D., Kalita, J.K.: Network anomaly detection: methods, systems and tools. IEEE Commun. Surv. Tutorials 16(1), 303–336 (2014)

    Article  Google Scholar 

  9. Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)

    Article  MATH  Google Scholar 

  10. Bueno, S., Salmeron, J.L.: Benchmarking main activation functions in fuzzy cognitive maps. Expert Syst. Appl. 36(3), 5221–5229 (2009)

    Article  Google Scholar 

  11. Cannady, J.: Artificial neural networks for misuse detection. In: National Information Systems Security Conference, pp. 368–81 (1998)

    Google Scholar 

  12. Chang, C.C., Lin, C.J.: Libsvm: a library for support vector machines. ACM Trans. Intell. Syst. Technol. (TIST) 2(3), 27 (2011)

    Google Scholar 

  13. Chen, R.C., Cheng, K.F., Chen, Y.H., Hsieh, C.F.: Using rough set and support vector machine for network intrusion detection system. In: First Asian Conference on Intelligent Information and Database Systems, 2009. ACIIDS 2009, pp. 465–470. IEEE (2009)

    Google Scholar 

  14. Chimphlee, W., Abdullah, A.H., Noor Md Sap, M., Srinoy, S., Chimphlee, S.: Anomaly-based intrusion detection using fuzzy rough clustering. In: International Conference on Hybrid Information Technology, 2006. ICHIT’06, vol. 1, pp. 329–334. IEEE (2006)

    Google Scholar 

  15. Costa, K.A., Pereira, L.A., Nakamura, R.Y., Pereira, C.R., Papa, J.P., FalcĂ£o, A.X.: A nature-inspired approach to speed up optimum-path forest clustering and its application to intrusion detection in computer networks. Inf. Sci. 294, 95–108 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  16. Dickerson, J.E., Dickerson, J.A.: Fuzzy network profiling for intrusion detection. In: 19th International Conference of the North American Fuzzy Information Processing Society, 2000. NAFIPS, pp. 301–306. IEEE (2000)

    Google Scholar 

  17. Elkan, C.: Results of the KDD’99 classifier learning. ACM SIGKDD Explor. Newsl. 1(2), 63–64 (2000)

    Article  Google Scholar 

  18. Faraoun, K., Boukelif, A.: Genetic programming approach for multi-category pattern classification applied to network intrusions detection. Int. J. Comput. Intell. Appl. 6(01), 77–99 (2006)

    Article  Google Scholar 

  19. Feng, W., Zhang, Q., Hu, G., Huang, J.X.: Mining network data for intrusion detection through combining svms with ant colony networks. Future Gener. Comput. Syst. 37, 127–140 (2014)

    Article  Google Scholar 

  20. Gao, H.H., Yang, H.H., Wang, X.Y.: Ant colony optimization based network intrusion feature selection and detection. In: Proceedings of 2005 International Conference on Machine Learning and Cybernetics, 2005, vol. 6, pp. 3871–3875. IEEE (2005)

    Google Scholar 

  21. Geramiraz, F., Memaripour, A.S., Abbaspour, M.: Adaptive anomaly-based intrusion detection system using fuzzy controller. Int. J. Netw. Secur. 14(6), 352–361 (2012)

    Google Scholar 

  22. Govindarajan, M.: Hybrid intrusion detection using ensemble of classification methods. Int. J. Comput. Netw. Inf. Secur. 2, 45–53 (2014)

    Google Scholar 

  23. Guo, C., Zhou, Y., Ping, Y., Zhang, Z., Liu, G., Yang, Y.: A distance sum-based hybrid method for intrusion detection. Appl. Intell. 40(1), 178–188 (2014)

    Article  Google Scholar 

  24. Hofmann, A., Schmitz, C., Sick, B.: Rule extraction from neural networks for intrusion detection in computer networks. In: IEEE International Conference on Systems, Man and Cybernetics, 2003, vol. 2, pp. 1259–1265. IEEE (2003)

    Google Scholar 

  25. Hong, J., Baker, M.: Wearable computing. IEEE Pervasive Comput. 13(2), 7–9 (2014)

    Article  Google Scholar 

  26. Jankowski, A., Skowron, A.: Toward perception based computing: A rough-granular perspective. In: Zhong, N., Liu, J., Yao, Y., Wu, J., Lu, S., Li, K. (eds.) Web Intelligence Meets Brain Informatics. Lecture Notes in Computer Science, vol. 4845, pp. 122–142. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  27. Jazzar, M., Bin Jantan, A.: Using fuzzy cognitive maps to reduce false alerts in SOM-based intrusion detection sensors. In: Second Asia International Conference on Modeling Simulation, 2008. AICMS 08, pp. 1054–1060 (2008)

    Google Scholar 

  28. John, G.H., Langley, P.: Estimating continuous distributions in Bayesian classifiers. In: Proceedings of the Eleventh conference on Uncertainty in artificial intelligence, pp. 338–345. Morgan Kaufmann Publishers Inc. (1995)

    Google Scholar 

  29. Karami, A., Guerrero-Zapata, M.: A fuzzy anomaly detection system based on hybrid pso-kmeans algorithm in content-centric networks. Neurocomputing 149, 1253–1269 (2015)

    Article  Google Scholar 

  30. KDD Cup 1999: KDD’99 dataset (2007). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  31. Khan, M.S.A.: Rule based network intrusion detection using genetic algorithm. Int. J. Comput. Appl. 18(8), 26–29 (2011)

    Google Scholar 

  32. Kirkpatrick, K.: Software-defined networking. Commun. ACM 56(9), 16–19 (2013)

    Article  Google Scholar 

  33. Kohavi, R.: Scaling up the accuracy of Naive-Bayes classifiers: a decision-tree hybrid. In: KDD, pp. 202–207 (1996)

    Google Scholar 

  34. Kosko, B.: Fuzzy cognitive maps. Int. J. Man Mach. Stud. 24(1), 65–75 (1986)

    Article  MATH  Google Scholar 

  35. Kosko, B.: Hidden patterns in combined and adaptive knowledge networks. Int. J. Approximate Reasoning 2(4), 377–393 (1988)

    Article  MATH  Google Scholar 

  36. Kosko, B.: Fuzzy Engineering (1996)

    Google Scholar 

  37. Krichene, J., Boudriga, N.: Incident response probabilistic cognitive maps. In: International Symposium on Parallel and Distributed Processing with Applications, 2008. ISPA ’08, pp. 689–694 (2008)

    Google Scholar 

  38. Kuang, F., Xu, W., Zhang, S.: A novel hybrid KPCA and SVM with GA model for intrusion detection. Appl. Soft Comput. 18, 178–184 (2014)

    Article  Google Scholar 

  39. Kuehn, A.: Extending Cybersecurity, Securing Private Internet Infrastructure: the US Einstein Program and its Implications for Internet Governance. Springer (2014)

    Google Scholar 

  40. Labib, K., Vemuri, V.R.: NSOM: A tool to detect denial of service attacks using self-organizing maps. Department of Applied Science University of California, Davis, California, USA, Technical Report (2002)

    Google Scholar 

  41. Li, L., Zhao, K.: A new intrusion detection system based on rough set theory and fuzzy support vector machine. In: 2011 3rd International Workshop on Intelligent Systems and Applications (ISA), pp. 1–5 (2011)

    Google Scholar 

  42. Liang, D., Pedrycz, W., Liu, D., Hu, P.: Three-way decisions based on decision-theoretic rough sets under linguistic assessment with the aid of group decision making. Appl. Soft Comput. 29, 256–269 (2015)

    Article  Google Scholar 

  43. Liu, G.G.: Intrusion detection systems. In: Applied Mechanics and Materials, vol. 596, pp. 852–855. Trans Tech Publications (2014)

    Google Scholar 

  44. Loganathan, G.: A new heuristic optimization algorithm: harmony search. Simulation 76(2), 60–68 (2001)

    Article  Google Scholar 

  45. Manikopoulos, C., Papavassiliou, S.: Network intrusion and fault detection: a statistical anomaly approach. IEE Commun. Mag. 40(10), 76–82 (2002)

    Article  Google Scholar 

  46. McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln laboratory. ACM Trans. Inf. Syst. Secur. 3(4), 262–294 (2000)

    Article  Google Scholar 

  47. Mell, P., Grance, T.: The NIST definition of cloud computing (2011)

    Google Scholar 

  48. NĂ¡poles, G., Grau, I., Vanhoof, K., Bello, R.: Hybrid model based on rough sets theory and fuzzy cognitive maps for decision-making. In: Kryszkiewicz, M., Cornelis, C., Ciucci, D., Medina-Moreno, J., Motoda, H., Ras, Z. (eds.) RSEISP 2014 (2014)

    Google Scholar 

  49. Pawlak, Z.: Rough sets. Int. J. Comput. Inf. Sci. 11(5), 341–356 (1982)

    Article  MATH  Google Scholar 

  50. Pedrycz, W., Al-Hmouz, R., Morfeq, A., Balamash, A.S.: Building granular fuzzy decision support systems. Knowl.-Based Syst. 58, 3–10 (2014)

    Article  Google Scholar 

  51. Pedrycz, W., Al-Hmouz, R., Morfeq, A., Balamash, A.S.: Distributed proximity-based granular clustering: towards a development of global structural relationships in data. Soft Comput. 1–17 (2014)

    Google Scholar 

  52. Pedrycz, W., Skowron, A., Kreinovich, V.: Handbook of Granular Computing. Wiley (2008)

    Google Scholar 

  53. Poongothai, T., Duraiswamy, K.: Effective cross layer intrusion detection in mobile ad hoc networks using rough set theory and support vector machines. Asian J. Inf. Technol. 12(8), 242–249 (2013)

    Google Scholar 

  54. Quinlan, J.R.: C4.5: Programs for Machine Learning (2014)

    Google Scholar 

  55. Roh, S.B., Pedrycz, W., Ahn, T.C.: A design of granular fuzzy classifier. Expert Syst. Appl. 41(15), 6786–6795 (2014)

    Article  Google Scholar 

  56. Ruck, D.W., Rogers, S.K., Kabrisky, M., Oxley, M.E., Suter, B.W.: The multilayer perceptron as an approximation to a Bayes optimal discriminant function. IEEE Trans. Neural Netw. 1(4), 296–298 (1990)

    Article  Google Scholar 

  57. Shafi, K., Abbass, H.A.: Biologically-inspired complex adaptive systems approaches to network intrusion detection. Inf. Secur. Tech. Rep. 12(4), 209–217 (2007)

    Article  Google Scholar 

  58. Shafi, K., Abbass, H.A.: An adaptive genetic-based signature learning system for intrusion detection. Expert Syst. Appl. 36(10), 12036–12043 (2009)

    Article  Google Scholar 

  59. Shafi, K., Kovacs, T., Abbass, H.A., Zhu, W.: Intrusion detection with evolutionary learning classifier systems. Nat. Comput. 8(1), 3–27 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  60. Shrivastava, S.K., Jain, P.: Effective anomaly based intrusion detection using rough set theory and support vector machine. Int. J. Comput. Appl. 18(3), 35–41 (2011)

    Google Scholar 

  61. Simmross-Wattenberg, F., Asensio-Pérez, J.I., Casaseca-de-la H.P., Martin-Fernandez, M., Dimitriadis, I.A., Alberola-Lopez, C.: Anomaly detection in network traffic based on statistical inference and alpha-stable modeling. IEEE Trans. Dependable Secure Comput. 8(4), 494–509 (2011)

    Google Scholar 

  62. Siraj, A., Vaughn, R.: Multi-level alert clustering for intrusion detection sensor data. In: Annual Meeting of the North American Fuzzy Information Processing Society, 2005. NAFIPS 2005, pp. 748–753 (2005)

    Google Scholar 

  63. Siraj, A., Bridges, S.M., Vaughn, R.B.: Fuzzy cognitive maps for decision support in an intelligent intrusion detection system. In: Joint 9th IFSA World Congress and 20th NAFIPS International Conference, 2001, vol. 4, pp. 2165–2170. IEEE (2001)

    Google Scholar 

  64. Siraj, A., Vaughn, R.B., Bridges, S.M.: Intrusion sensor data fusion in an intelligent intrusion detection system architecture. In: Proceedings of the 37th Annual Hawaii International Conference on System Sciences, 2004, pp. 1–10. IEEE (2004)

    Google Scholar 

  65. Sivaranjanadevi, P., Geetanjali, M., Balaganesh, S., Poongothai, T.: An effective intrusion system for mobile ad hoc networks using rough set theory and support vector machine. IJCA Proc. E Governance Cloud Comput. Serv. 2, 1–7 (2012)

    Google Scholar 

  66. Song, X., Wu, M., Jermaine, C., Ranka, S.: Conditional anomaly detection. IEEE Trans. Knowl. Data Eng. 19(5), 631–645 (2007)

    Article  Google Scholar 

  67. Sun, J., Yang, H., Tian, J., Wu, F.: Intrusion detection method based on wavelet neural network. In: Second International Workshop on Knowledge Discovery and Data Mining, 2009. WKDD 2009, pp. 851–854. IEEE (2009)

    Google Scholar 

  68. Tajbakhsh, A., Rahmati, M., Mirzaei, A.: Intrusion detection using fuzzy association rules. Appl. Soft Comput. 9(2), 462–469 (2009)

    Article  Google Scholar 

  69. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications 2009 (2009)

    Google Scholar 

  70. Visconti, A., Tahayori, H.: Artificial immune system based on interval type-2 fuzzy set paradigm. Appl. Soft Comput. 11(6), 4055–4063 (2011)

    Article  Google Scholar 

  71. Wang, C.M., Huang, Y.F.: Self-adaptive harmony search algorithm for optimization. Expert Syst. Appl. 37(4), 2826–2837 (2010)

    Article  Google Scholar 

  72. Wang, W., Pedrycz, W., Liu, X.: Time series long-term forecasting model based on information granules and fuzzy clustering. Eng. Appl. Artif. Intell. 41, 17–24 (2015)

    Article  Google Scholar 

  73. Wu, S.X., Banzhaf, W.: The use of computational intelligence in intrusion detection systems: a review. Appl. Soft Comput. 10(1), 1–35 (2010)

    Article  Google Scholar 

  74. Xin, J., Dickerson, J., Dickerson, J.A.: Fuzzy feature extraction and visualization for intrusion detection. In: The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ’03, vol. 2, pp. 1249–1254. IEEE (2003)

    Google Scholar 

  75. Yang, H., Li, T., Hu, X., Wang, F., Zou, Y.: A survey of artificial immune system based intrusion detection. Sci. World J. 2014 (2014)

    Google Scholar 

  76. Yao, Y.: Three-way decision: An interpretation of rules in rough set theory. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 5589 LNAI, 642–649 (2009)

    Google Scholar 

  77. Yao, Y.: Three-way decisions with probabilistic rough sets. Inf. Sci. 180(3), 341–353 (2010)

    Article  MathSciNet  Google Scholar 

  78. Yong, H., Feng, Z.X.: Expert system based intrusion detection system. In: 2010 International Conference on Information Management, Innovation Management and Industrial Engineering (ICIII), vol. 4, pp. 404–407. IEEE (2010)

    Google Scholar 

  79. Yu, M.: A nonparametric adaptive cusum method and its application in network anomaly detection. Int. J. Advancements Comput. Technol. 4(1), 280–288 (2012)

    Article  Google Scholar 

  80. Zaghdoud, M., Al-Kahtani, M.S.: Contextual fuzzy cognitive map for intrusion response system. Int. J. Comput. Inf. Technol. 2(3), 471–478 (2013)

    Google Scholar 

  81. Zhang, C., Jiang, J., Kamel, M.: Comparison of BPL and RBF network in intrusion detection system. In: Rough Sets, Fuzzy Sets, Data Mining, and Granular Computing, pp. 466–470. Springer (2003)

    Google Scholar 

  82. Zhang, L., Bai, Z., Luo, S., Cui, G., Li, X.: A dynamic artificial immune-based intrusion detection method using rough and fuzzy set. In: 2013 International Conference on Information and Network Security (ICINS 2013), pp. 1–7 (2013)

    Google Scholar 

  83. Zhong, C., Yang, F., Zhang, L., Li, Z.: An efficient distributed coordinated intrusion detection algorithm. In: 2005 International Conference on Machine Learning and Cybernetics, pp. 2679–2685 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, Central University of Las Villas, Carretera CamajuanĂ­ Km 5.5, 54830, Santa Clara, Cuba

    Gonzalo NĂ¡poles, Isel Grau & Rafael Bello

  2. Larus Technologies Corporation, 170 Laurier Ave. West - Suite 310, Ottawa, ON, K1P 5V5, Canada

    Rafael Falcon

  3. Electrical Engineering & Computer Science, University of Ottawa, 800 King Edward Ave., Ottawa, ON, K1N 6N5, Canada

    Rafael Falcon

  4. Hasselt Universiteit Campus Diepenbeek, Agoralaan Gebouw D, BE3590, Diepenbeek, Belgium

    Gonzalo NĂ¡poles & Koen Vanhoof

Authors
  1. Gonzalo NĂ¡poles
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Isel Grau
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rafael Falcon
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rafael Bello
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Koen Vanhoof
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rafael Falcon .

Editor information

Editors and Affiliations

  1. Larus Technologies Corporation, Ottawa, Ontario, Canada

    Rami Abielmona

  2. Larus Technologies Corporation, Ottawa, Ontario, Canada

    Rafael Falcon

  3. Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia, Canada

    Nur Zincir-Heywood

  4. School of Engineering and Information Technology, University of New South Wales, Canberra, Aust Capital Terr, Australia

    Hussein A. Abbass

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this chapter

Cite this chapter

NĂ¡poles, G., Grau, I., Falcon, R., Bello, R., Vanhoof, K. (2016). A Granular Intrusion Detection System Using Rough Cognitive Networks. In: Abielmona, R., Falcon, R., Zincir-Heywood, N., Abbass, H. (eds) Recent Advances in Computational Intelligence in Defense and Security. Studies in Computational Intelligence, vol 621. Springer, Cham. https://doi.org/10.1007/978-3-319-26450-9_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26450-9_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26448-6

  • Online ISBN: 978-3-319-26450-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation