Search for Articles:
International Journal of Computer Network and Information Security (IJCNIS)

IJCNIS Vol. 8, No. 11, 8 Nov. 2016

Cover page and Table of Contents: PDF (size: 437KB)

MECS Press Journal

A Learnable Anomaly Detection System using Attributional Rules

Full Text (PDF, 437KB), PP.58-64

Views: 0 Downloads: 0

Author(s)

Abdurrahman A. Nasr 1,* Mohamed M. Ezz 1 Mohamed Z. Abdulmaged 1

1. Al-Azhar University, System and Computer Engineering Dept., Cairo, 11651, Egypt

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2016.11.07

Received: 4 Mar. 2016 / Revised: 21 Jun. 2016 / Accepted: 25 Aug. 2016 / Published: 8 Nov. 2016

Index Terms

Intrusion detection, Algorithm Quasi-optimal, Attributional rules, data mining, Incremental learning, Real-time detection

Abstract

The continuous changing networks introduce new attacks, which represent an explicit problem that affects the security of enterprise resources. Thus, there is a real need to build up intelligent intrusion detection systems that can learn from the network behavior. In this paper, a learnable anomaly intrusion detection system based on attributional rules is presented. The proposed model is chosen with the advantages of being expressive, flexible and can operate in noisy and inconsistent environments. The system is a real-time intrusion detector that utilizes incremental supervised machine learning technique. Such technique makes use of the Algorithm Quasi-optimal (AQ) which is based on attributional calculus.
Here, an Algorithm Quasi-optimal for Intrusion Detection System (AQ4IDS) is exploited and implemented using attributional rules to discriminate between normal and anomalous network traffic. The behavior of AQ4IDS is tested, and to illustrate its superiority. The experimental results showed that, the model automatically accommodates new rules from continuous network stream. Many experiments have verified the fact that AQ4IDS can efficiently discriminate between normal and anomalous network traffic, in addition to offering the advantage of detecting novel and zero day attacks.

Cite This Paper

Abdurrahman A. Nasr, Mohamed M. Ezz, Mohamed Z. Abdulmaged, "A Learnable Anomaly Detection System using Attributional Rules", International Journal of Computer Network and Information Security(IJCNIS), Vol.8, No.11, pp.58-64, 2016. DOI:10.5815/ijcnis.2016.11.07

Reference

[1]H.-J. Liao, C.-H. Richard Lin, Y.-C. Lin, and K.-Y. Tung, “Intrusion Detection System: A Comprehensive Review,” J. Netw. Comput. Appl., vol. 36, no. 1, pp. 16–24, Jan. 2013.
[2]W. W. Cohen, “Fast Effective Rule Induction,” in Proceedings of the Twelfth International Conference on Machine Learning, Lake Tahoe, California, 1995.
[3]J. Wojtusiak, R. S. Michalski, K. A. Kaufman, and J. Pietrzykowski, “The AQ21 natural induction program for pattern discovery: initial version and its novel features,” in Tools with Artificial Intelligence, 2006. ICTAI’06. 18th IEEE International Conference on, 2006, pp. 523–526.
[4]J. Wojtusiak, R. S. Michalski, K. A. Kaufman, and J. Pietrzykowski, “Multitype Pattern Discovery via AQ21: A Brief Description of the Method and Its Novel Features,” Reports Mach. Learn. Inference Lab., vol. 1051, pp. 2–6, 2006.
[5]G. Hulten, L. Spencer, and P. Domingos, “Mining time-changing data streams,” in ACM SIGKDD Intl. Conf. on Knowledge Discovery and Data Mining, 2001, pp. 97–106.
[6]J. G. Cleary, L. E. Trigg, and others, “K*: An Instance-based Learner Using an Entropic Distance Measure,” in ICML, 1995, pp. 108–114.
[7]H.-J. Liao, C.-H. Richard Lin, Y.-C. Lin, and K.-Y. Tung, “Intrusion detection system: A comprehensive review,” J. Netw. Comput. Appl., vol. 36, no. 1, pp. 16–24, Jan. 2013.
[8]N. A. Syed, H. Liu, and K. K. Sung, “Handling concept drifts in incremental learning with support vector machines,” in Proceedings of the fifth ACM SIGKDD international conference on Knowledge discovery and data mining - KDD ’99, 1999, pp. 317–321.
[9]B. Xu, T. Yi, F. Wu, and Z. Chen, “An incremental updating algorithm for mining association rules,” J. Electron., vol. 19, no. 4, pp. 403–407, Oct. 2002.
[10]H. Bensefia and N. Ghoualmi, “A New Approach for Adaptive Intrusion Detection,” 2011 Seventh Int. Conf. Comput. Intell. Secur., pp. 983–987, Dec. 2011.
[11]H. Du, S. Teng, M. Yang, and Q. Zhu, “Intrusion detection system based on improved SVM incremental learning,” in Artificial Intelligence and Computational Intelligence, 2009. AICI’09. International Conference on, 2009, vol. 1, pp. 23–28.
[12]X. Yun, L. Zhang, I. Security, and C. Network, “Using Incremental Learning Method For Adaptive Network,” no. August, pp. 18–21, 2005.
[13]A. Nasr, M. Ezz, and M. Abdulmageed, “Use of Decision Trees and Attributional Rules in Incremental Learning of an Intrusion Detection Model,” Int. J. Comput. Networks Commun. Secur. IJCNCS, vol. 2, no. 7, pp. 216 – 2 24, 2014.
[14]“The NSL-KDD Data Set.” [Online]. Available: http://nsl.cs.unb.ca/NSL-KDD/. [Accessed: 24-Jun-2014].
[15]M. Salem and U. Buehler, “Mining Techniques in Network Security to Enhance Intrusion Detection Systems,” CoRR, p. 16, Dec. 2012.

Subscribe to receive issue release notifications and newsletters from MECS Press journals