Abstract
Intrusion detection systems (IDS) are a fundamental defence component in the architecture of the current telecommunication systems. Misuse detection is one of the different approaches to create IDS. It is based on the automatic generation of detection rules from labelled examples. Such examples are either attacks or normal situations. From this perspective the problem can be viewed as a supervised classification one. In this sense, this paper proposes the use of XCS as a classification technique to aid in the tasks of misuse detection in IDS systems. The final proposed XCS variant includes the use of hedged linguistic fuzzy classifiers to allow for interpretability. The use of this linguistic fuzzy approach provides with both the possibility of testing human designed detectors and a posteriori human fine tuning of the models obtained. To evaluate the performance not only several classic classification problems as Wine or Breast Cancer datasets are considered, but also a problem based on real data, the KDD-99. This latter problem, the KDD-99, is a classic in the literature of intrusion systems. It shows that with simple configurations the proposed variant obtains competitive results compared with other techniques shown in the recent literature. It also generates human interpretable knowledge, something very appreciated by security experts. In fact, this effort is integrated into a global detection architecture, where the security administrator is guiding part of the intrusion detection (and prevention) process.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Bonarini A (1999) An introduction to learning fuzzy classifier systems. In: IWLCS, vol 1813. Springer, Heidelberg
Butz MV, Wilson SW: An algorithmic description of XCS. J Soft Comput 6(3–4), 144–153 (2002)
Butz M, Kovacs T, Lanzi PL, Wilson SW: Toward a theory of generalization and learning in XCS. IEEE Trans Evol Comput 8(1), 28–46 (2004a)
Butz MV, Goldberg DE, Lanzi PL, Sastry K (2004b) Bounding the population size to ensure niche support in XCS. Technical report 2004033, IlliGAl, July
Casillas J, Carse B, Bull L: Fuzzy-xcs: a michigan genetic fuzzy system. IEEE Trans Fuzzy Syst 15(4), 536–550 (2007)
Cohen PR: Empirical methods for artificial intelligence. MII Press, Cambridge (1995)
Cordón O, Herrera F, Hoffmann F, Magdalena L: Genetic fuzzy systems. World Scientific, Singapore (2001)
Cox E: The fuzzy systems handbook. Academic Press Inc., Cambridge (1994)
Denning DE: An intrusion-detection model. IEEE Trans Softw Eng 13(2), 222–232 (1987)
Elkan C: Results of the KDD’99 classifier learning. SIGKDD Explor 1(2), 63–64 (2000)
Faraoun KM, Boukelif A: Genetic programming approach for multi-category pattern classification applied to network intrusions detection. Int J Comput Intell 3(1), 79–90 (2006)
Goldberg DE: Genetic algorithms in search, optimization and machine learning. Addison-Wesley, Reading (1989)
Gómez Skarmeta AF, Jimenez F: Fuzzy modeling with hybrid systems. Fuzzy Sets Syst 104(2), 199–208 (1999)
Ishibuchi H, Nojima Y: Analysis of interpretability-accuracy tradeoff of fuzzy systems by multiobjective fuzzy genetics-based machine learning. Int J Approx Reason 44(1), 4–31 (2007)
Jang J-SR, Sun C-T, Mizutani E: Neuro-fuzzy and soft computing. Matlab Curriculum, Prentice Hall (1997)
Kovacs T (2004) Strength or accuracy: credit assignment in learning classifier systems. Distinguished dissertations. Springer, Heidelberg
Lazarevic A, Ertöz L, Kumar V, Ozgur A, Srivastava J (2003) A comparative study of anomaly detection schemes in network intrusion detection. In: SDM. SIAM
Lee W, Stolfo SJ: A framework for constructing features and models for intrusion detection systems. ACM Trans Inf Syst Secur 3(4), 227–261 (2000)
Leung K, Leckie C (2005) Unsupervised anomaly detection in network intrusion detection using clusters. In: ACSC, vol 38. Australian Computer Society
Mansilla EB, Garrell Guiu JM: Accuracy-based learning classifier systems: models, analysis and applications to classification tasks. Evol Comput 11(3), 209–238 (2003)
Marín-Blázquez JG, Shen Q (2001) Linguistic hedges on trapezoidal fuzzy sets: a revisit. In: Proceedings of the 10th IEEE international conference on fuzzy systems, vol 1, pp 412–415
Marín-Blázquez JG, Shen Q: From approximative to descriptive fuzzy classifiers. IEEE Trans Fuzzy Syst 10, 484–497 (2002)
Marín-Blázquez JG, Martínez Pérez G, Gil Pérez M (2007a) Gestión de intrusiones mediante el sistema de clasificadores XCS. In: (MAEB07), Tenerife
Marín-Blázquez JG, Martínez Pérez G, Gil Pérez M (2007b) A linguistic fuzzy-XCS classifier system. In: FUZZIEEE 2007, London
McHugh J: Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Trans Inf Syst Secur 3(4), 262–294 (2000)
Miller GA: The magical number seven, plus or minus two: some limits on our capacity for processing information. Psychol Rev 63, 81–97 (1956)
Oldmeadow J, Ravinutala S, Leckie C (2004) Adaptive clustering for network intrusion detection. In: Dai H, Srikant R, Zhang C (eds) PAKDD, vol 3056. Lecture notes in computer science, pp 255–259. Springer, Heidelberg
Orriols A, Bernadó-Mansilla E (2005) The class imbalance problem in learning classifier systems: a preliminary study. In: Genetic and evolutionary computation conference (GECCO2005) workshop program, pp 74–78. ACM Press, Washington DC, 25–29 June 2005
Orriols-Puig A, Bernadó-Mansilla E (2006) Bounding XCS’s parameters for unbalanced datasets. In: GECCO 2006:, vol 2, pp 1561–1568
Quinlan JR: C4.5: Programs for machine learning. Morgan Kaufmann, San Mateo (1993)
Sabhnani M, Serpen G (2003) Application of machine learning algorithms to KDD intrusion detection dataset within misuse detection context. In: MLMTA. CSREA Press
Song D, Heywood MI, Zincir-Heywood AN: Training genetic programming on half a million patterns: an example from anomaly detection. IEEE Trans Evol Comput 9(3), 225–239 (2005)
Stone C, Bull L: For real! XCS with continuous-valued inputs. Evol Comput 11(3), 298–336 (2003)
Uci machine learning databases (2007). http://www.ics.uci.edu/mlearn//MLRepository.html
Valentede de Oliveira J: Semantic constrains for membership function optimization. IEEE Trans Syst Man Cybern Part A 29(1), 128–138 (1999)
Wilson SW: Classifier systems based on accuracy. Evol Comput 3(2), 149–175 (1995)
Wilson SW (1999) Get real! XCS with continuous-valued inputs. In: IWLCS, vol 1813. Springer, Heidelberg
Zadeh LA: The concept of a linguistic variable and its application to approximate reasoning I. Inf Sci 8, 199–249 (1975)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Marín-Blázquez, J.G., Martínez Pérez, G. Intrusion detection using a linguistic hedged fuzzy-XCS classifier system. Soft Comput 13, 273–290 (2009). https://doi.org/10.1007/s00500-008-0322-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-008-0322-z