A Rough Neuro Data Mining Approach for Network Intrusion Detection

Abstract

Network security is one of the major concerns of modern organizations. Precise and accurate detection of attacks need modern tools which utilize past data and current trends to evaluate the situation under consideration. Data mining techniques like rule induction, neural networks, genetic algorithm, fuzzy logic and rough sets have been used for classification and pattern recognition of attacks. Zhu et al. have compared the different data mining methods in the context of intrusion detection and have shown that rough sets holds an edge over the neural network. In this paper we have shown that genetic algorithm based learning mechanism can improve the performance of neural network. The comparison shows that this method performs as efficiently as the rough set method if not better. But the variance in both these methods is significantly high, which is an undesirable system characteristic. To gain accuracy and precision we propose rough-neuro approach, a robust hybrid technique for intrusion detection. The worst case scenario analysis demonstrates the supremacy of the hybrid approach. Statistical analysis confirms the precision of the hybrid rough-neuro over rough sets and genetic algorithm based neural networks. We have evaluated by comparing against the current best known methods of intrusion detection. The paper goes on to statistically show that there is no significant difference in the average efficiency of these methods. However, the variation of rough-neuro method is significantly less than that of the other two methods at 99% confidence level. The rough neuro method outperforms the other methods with respect to the worst case efficiency and standard deviation and hence should be the chosen one in intrusion detection systems.