Abstract
Recently there has been much interest in applying data mining to computer network intrusion detection. Accurate network traffic model is important for network stipulation. Significant knowledge is crucial for better accuracy in network traffic model. This paper presents the use of a Frequent Positive and Negative (FPN) itemset approach for network traffic intrusion detection. FPN approach generates strong positive and negative rules, in which produce important knowledge for building accurate network traffic model. Usually, frequent itemsets are generated based on the frequency of the presence of a particular item or itemset before generating the relevant rules. However, in FPN approach, for negative association rules, frequent absent itemsets is introduced. FPN approach has successfully enhanced the accuracy of the network traffic model by identifying volume anomaly. The experiments performed on network traffic data at the Universiti Kebangsaan Malaysia. We also report experimental results over other algorithms such as Rough Set and Naive Bayes. The results demonstrate that the performance of the FPN approach is comparable with the results of other algorithms. Indeed, the FPN approach obtains better results compared to other algorithms, indicating that the FPN approach is a promising approach to solving intrusion detection problems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Ke, F.Y., Yan, F., Lin, Z.J.: Research of Outlier Mining Based Adaptive Intrusion Detection Techniques. In: Knowledge Discovery and Data Mining, pp. 552–555. IEEE (2010)
Gomez, J., Dasgupta, D.: Evolving fuzzy classifiers for intrusion detection. In: Proceedings of the 2002 IEEE Workshop on Information Assurance, vol. 6, pp. 321–323. IEEE Computer Press, New York (2002)
Tajbakhsh, A., Rahmati, M., Mirzaei, A.: Intrusion detection using fuzzy association rules. Applied Soft Computing, 462–469 (2009)
Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Bayesian event classification for intrusion detection. In: Proceedings of the 19th Annual Computer Security Applications Conference, pp. 14–23. IEEE (2003)
Puttini, R.S., Marrakchi, Z., Mé, L.: A Bayesian classification model for real-time intrusion detection. AIP Conference Proceedings, vol. 659. p. 150 (2003)
Fugate, M., James, R.G.: Computer intrusion detection with classification and anomaly detection, using SVMs. International Journal of Pattern Recognition and Artificial Intelligence 17, 441–458 (2003)
Li, X., Zhang, Y.: Local area network anomaly detection using association rules mining. In: 5th International Conference on Wireless Communications, Networking and Mobile Computing, WiCom 2009, pp. 1–5. IEEE (2009)
Xuren, W., Famei, H.: Improving Intrusion Detection Performance Using Rough Set Theory and Association Rule Mining. In: International Conference on Hybrid Information Technology, ICHIT 2006 (2006)
Zhang, L., Zhang, G., Yu, L., Zhang, J., Bai, Y.: Intrusion detection using rough set classification. Journal of Zhejiang University-Science A 5, 1076–1086 (2004)
Liu, B., Hsu, W., Ma, Y.: Integrating classification and association rule mining. In: Knowledge Discovery and Data Mining, pp. 80–86 (1998)
Yin, J., Han, X.: CPAR: Classification based on predictive association rules. SIAM Society for Industrial & Applied, p. 331 (2003)
Li, W., Han, J., Pei, J.: CMAR: Accurate and efficient classification based on multiple class-association rules. In: ICDM, pp. 369–376 (2001)
Thabtah, F., Cowling, P., Peng, Y.: MCAR: multi-class classification based on association rule. In: Computer Systems and Applications, p. 33. IEEE (2005)
Antonie, M.L., Zaïane, O.R.: An associative classifier based on positive and negative rules. In: ACM SIGMOD, pp. 64–69. ACM (2004)
Kundu, G., Islam, M.M., Munir, S., Bari, M.F.: ACN: An Associative Classifier with Negative Rules. Science and Engineering, 369–375 (2008)
Li, J., Jones, J.: Using multiple and negative target rules to make classifiers more understandable. Knowledge-Based Systems 19, 438–444 (2006)
Zhao, Y., Zhang, H., Wu, S., Pei, J., Cao, L., Zhang, C., Bohlscheid, H.: Debt Detection in Social Security by Sequence Classification Using Both Positive and Negative Patterns. In: Buntine, W., Grobelnik, M., Mladenić, D., Shawe-Taylor, J. (eds.) ECML PKDD 2009, Part II. LNCS(LNAI), vol. 5782, pp. 648–663. Springer, Heidelberg (2009)
Kamaruddin, S.S., Hamdan, A.R., Abu Bakar, A., Mat Nor, F.: Conceptual Graph Interchange Format for Mining Financial Statements. In: Wen, P., Li, Y., Polkowski, L., Yao, Y., Tsumoto, S., Wang, G. (eds.) RSKT 2009. LNCS, vol. 5589, pp. 579–586. Springer, Heidelberg (2009)
Zhang, Y., Jiao, J.R.: An associative classification-based recommendation system for personalization in B2C e-commerce applications. Expert Systems with Applications 33, 357–367 (2007)
Fugate, M., Gattiker, J.R.: Anomaly detection enhanced classification in computer intrusion detection. In: Lee, S.-W., Verri, A. (eds.) SVM 2002. LNCS, vol. 2388, pp. 186–197. Springer, Heidelberg (2002)
Lee, W., Stolfo, S.J., Mok, K.W.: A data mining framework for building intrusion detection models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, pp. 120–132. IEEE (1999)
Chen, G., Liu, H., Yu, L., Wei, Q., Zhang, X.: A new approach to classification based on association rule mining. Decision Support Systems 42, 674–689 (2006)
Agrawal, R., Imielinski, T., Swami, A.: Mining association rules between sets of items in large databases. ACM SIGMOD Record 22, 207–216 (1993)
Agarwal, R.C., Aggarwal, C.C., Prasad, V.V.V.: A tree projection algorithm for generation of frequent item sets. Journal of Parallel and Distributed Computing 61, 350–371 (2001)
Brin, S., Motwani, R., Silverstein, C.: Beyond market baskets: Generalizing association rules to correlations. ACM SIGMOD Record 26, 265–276 (1997)
Hussain, F., Liu, H., Suzuki, E., Lu, H.: Exception rule mining with a relative interestingness measure. In: Terano, T., Liu, H., Chen, A.L.P. (eds.) PAKDD 2000. LNCS(LNAI), vol. 1805, pp. 86–97. Springer, Heidelberg (2000)
Bakar, A., Othman, Z.A., Muda, E.A.E., Hamdan, A.R.: The Time Series Network Traffic Anomaly Detection Using Rough Set Theory. In: Malaysian Joint Conference Artificial on Intelligent (2012)
Cornelis, C., Yan, P., Zhang, X., Chen, G.: Mining positive and negative association rules from large databases. In: IEEE Cybernetics and Intelligent, pp. 1–6 (2006)
Cohen, J., Cohen, P., West, S.G., Aiken, L.S.: Applied multiple regression/correlation analysis for the behavioral sciences. NJ Eribaum, Hillsdale (1983)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Abdul Kadir, A.S., Abu Bakar, A., Hamdan, A.R. (2013). Frequent Positive and Negative Itemsets Approach for Network Intrusion Detection. In: Noah, S.A., et al. Soft Computing Applications and Intelligent Systems. M-CAIT 2013. Communications in Computer and Information Science, vol 378. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40567-9_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-40567-9_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40566-2
Online ISBN: 978-3-642-40567-9
eBook Packages: Computer ScienceComputer Science (R0)