Intrusion detection using a fuzzy genetics-based learning algorithm

Abstract

Fuzzy systems have demonstrated their ability to solve different kinds of problems in various applications domains. Currently, there is an increasing interest to augment fuzzy systems with learning and adaptation capabilities. Two of the most successful approaches to hybridize fuzzy systems with learning and adaptation methods have been made in the realm of soft computing. Neural fuzzy systems and genetic fuzzy systems hybridize the approximate reasoning method of fuzzy systems with the learning capabilities of neural networks and evolutionary algorithms. The objective of this paper is to describe a fuzzy genetics-based learning algorithm and discuss its usage to detect intrusion in a computer network. Experiments were performed with DARPA data sets [KDD-cup data set. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html], which have information on computer networks, during normal behaviour and intrusive behaviour. This paper presents some results and reports the performance of generated fuzzy rules in detecting intrusion in a computer network.

Introduction

The number of intrusions into computer systems is growing. The reason is that new automated hacking tools are appearing every day, and these tools along with various system vulnerability information are easily available on the web. The problem of intrusion detection has been studied extensively in computer security (Heady et al.; Amoroso, 1999; Allen et al., 1999; Axelsson, 2000), and has received a lot of attention in machine learning and data mining (Sundar et al., 1998; Crosbie, 1995; Lee et al., 1998). Basically, there are two models of intrusion detection (Axelsson, 2000): Anomaly Detection: This model first builds the normal profile that contains metrics derived from the system operation. While monitoring the system, current observation is compared with the normal profile in order to detect changes in the patterns of utilization or behaviour of the system. Signature or Misuse Detection: This technique relies on patterns of known intrusions to match and identify intrusions. In this case, the intrusion detection problem is a classification problem.

The technique which we have used to detect intrusion in a computer network is based on fuzzy genetic learning. Fuzzy systems based on fuzzy if-rules have been successfully used in many applications areas (Sugeno, 1985; Lee, 1990). Fuzzy if–then rules were traditionally gained from human experts. Recently, various methods have been suggested for automatically generating and adjusting fuzzy if–then rules without using the aid of human experts (Wangm and Mendel, 1992; Ishibuchi et al., 1992; Abe and Lan, 1995; Mitra and Pal, 1994). Genetic algorithms (Holland, 1975; Goldberg, 1989) have been used as rule generation and optimization tools in the design of fuzzy rule-based systems (Ishibuchi et al., 1999; Herrera and Verdegay, 1995; Carse et al., 1996; Valenzuela-Rendon, 1991; Ishibuchi et al., 1995; Ishibuchi and Nakashima, 1999). Those GA-based studies on the design of fuzzy rule-based systems are usually referred to as fuzzy genetics-based machine learning methods (fuzzy GBML methods), each of which can be classified into the Pittsburgh or Michigan approach as non-fuzzy GMBL methods. Many fuzzy GMBL methods (Ishibuchi et al., 1999; Herrera and Verdegay, 1995; Carse et al., 1996) are categorized as the Pittsburgh approach (Smith, 1980) where a set of fuzzy if–then rules is coded as an individual. Some studies (Valenzuela-Rendon, 1991; Ishibuchi et al., 1995; Ishibuchi and Nakashima, 1999) are categorized as the Michigan approach (i.e., classifier systems Holland, 1975; Goldberg, 1989; Booker et al., 1989) where a single fuzzy if–then rule is coded as an individual. In this paper we have used the Michigan approach (Fig. 1) to detect intrusion in a computer network.

This paper is organized as follows: First we discuss intrusion detection and the data set which we have used to test the presented learning algorithm. In the next section we propose the fuzzy genetics-based learning algorithm. The following section will discuss the experimental results which we have obtained. In the last section of the paper we derive some conclusions.