International Journal of Modern Education and Computer Science (IJMECS)
IJMECS Vol. 6, No. 11, 8 Nov. 2014
Cover page and Table of Contents: PDF (size: 1367KB)
A Novel Classification Method Using Hybridization of Fuzzy Clustering and Neural Networks for Intrusion Detection
Full Text (PDF, 1367KB), PP.11-24
Views: 0 Downloads: 0
Author(s)
Saeed Khazaee
1,*
Karim Faez
2
Index Terms
Intrusion detection system, fuzzy clustering, neural network, classification, regression
Abstract
In this paper, a hybrid classifier using fuzzy clustering and several neural networks has been proposed. With using the fuzzy C-means algorithm, training samples will be clustered and the inappropriate data will be detected and moved to another dataset (Removed-Dataset) and used differently in the classification phase. Also, in the proposed method using the membership degree of samples to the clusters, the class of samples will be changed to the fuzzy class. Thus, for example in KDD cup99 dataset, any sample will have 5 membership degrees to classes DoS, Probe, Normal, U2R, and R2L. Afterwards, the neural networks will be trained by new labels then using a combination of regression and classification methods, the hybrid classifier will be created. Also to classify the outlier data, a fuzzy ARTMAP neural network is employed which is a part of the hybrid classifier.
Evaluation of the proposed method is performed by KDDCup99 dataset for intrusion detection and Cambridge datasets for traffic classification problems. Our experimental results indicate that the proposed system has performed better than the previous works in the case of precision, recall and f-value also detection and false alarm rate. Also, ROC curve analysis shows that the proposed hybrid classifier has been better than the famous non-hybrid classifiers.
Cite This Paper
Saeed Khazaee, Karim Faez, "A Novel Classification Method Using Hybridization of Fuzzy Clustering and Neural Networks for Intrusion Detection", International Journal of Modern Education and Computer Science (IJMECS), vol.6, no.11, pp.11-24, 2014. DOI:10.5815/ijmecs.2014.11.02
Reference
[1]Tom Auld, Andrew W. Moore, Stephen F. Gull (2007). “Bayesian Neural Networks for Internet Traffic Classification”, IEEE Transactions On Neural Networks, volume 18, Issue 1, pp. 223-239.
[2]G. Wang, J. Hao, J. Ma and L. Huang (2010). "A new approach to intrusion detection using artificial neural networks and fuzzy clustering", Expert Systems with Applications, Volume 37, Issue 9, pp. 6225-6232.
[3]M. Sheikhan and M. Sharifi Rad,(2010). "Misuse detection based on feature selection by fuzzy association rule mining", World Applied Sciences Journal, 10 (Special Issue of Computer & Electrical Engineering), pp. 32- 40.
[4]S.Y. Wu and E. Yen, (2009). "Data mining-based intrusion detectors", Expert Systems with Applications, Volume 36, Issue 3, Part 1, pp. 5605-5612.
[5]E. Lundin, E. Jonsson, (2000). ” Anomaly-based intrusion detection: privacy concerns and other problems”, Computer Networks 34 (4), pp. 623–640.
[6]C.M. Chen, Y.L. Chen and H.C. Lin, (2010). "An efficient network intrusion detection", Computer Communications, Volume 33, Issue 4, pp. 477-484.
[7]Sheikhan M, Jadidi Z, Farrokhi A (2012) Intrusion detection using reduced-size RNN based on feature grouping. Neural Computing and Applications 21:1185–1190
[8]S.J. Horng, M.Y. Su, Y.H. Chen, T.W. Kao, R.J. Chen, J.L. Lai and C.D. Perkasa, (2011). "A novel intrusion detection system based on hierarchical clustering and support vector machines", Expert Systems with Applications, Volume 38, Issue 1, pp. 306-313.
[9]Saeed Khazaee, Mohammad Saniee Abadeh, (2011). “A Hybrid Model Based on Feature Extraction for Network Intrusion Detection”, Journal of computing, Volume 3, Issue 9, pp.65-72, New York.
[10]Seongjun Shin, Seungmin Lee, Hyunwoo Kim, Sehun Kim, (2013). ” Advanced probabilistic approach for network intrusion forecasting and detection”, Expert Systems with Applications, Volume 40, Issue 1, pp. 315–322.
[11]W. Li, J.L. Wang, Z.H. Tian, T.B. Lu and C. Young, (2009). "Building lightweight intrusion detection system using wrapper-based feature selection mechanisms", Computers & Security, Volume 28, Issue 6, pp. 466-475.
[12]D. Fisch, A. Hofmann and B. Sick, (2010). "On the versatility of radial basis function neural networks: A case study in the field of intrusion detection", Information Sciences, Volume 180, Issue 12, pp. 2421-2439.
[13]M. Saniee Abadeh, J. Habibi and C. Lucas, (2007). "Intrusion detection using a fuzzy genetics-based learning algorithm", Network and Computer Applications, Volume 30, Issue 1, pp. 414-428.
[14]Cannady J. “Artificial neural networks for misuse detection”, (1998). National information systems security conference, p. 368–81.
[15]J. C. Bezdek, "Pattern Recognition with Fuzzy Objective Function Algorithms, (1981)." Plenum, New York.
[16]J.C. Bezdek, R. Ehrlich, W. Full, (1984). "FCM: The fuzzy c-means clustering algorithm", Computers & Geosciences, Volume 10, pp. 191-203.
[17]Rosenblatt, Frank. x., (1961). Principles of Neurodynamics: Perceptrons and the Theory of Brain Mechanisms. Spartan Books, Washington DC.
[18]Rumelhart, David E., Geoffrey E. Hinton, and R. J. Williams, (1986). “Learning Internal Representations by Error Propagation”. David E. Rumelhart, James L. McClelland, and the PDP research group. (editors), Parallel distributed processing: Explorations in the microstructure of cognition, Volume 1: Foundations. MIT Press.
[19]Cybenko, G., (1989).” Approximation by superpositions of a sigmoidal function”, Mathematics of Control, Signals, and Systems, 2(4), 303–314.
[20]G.A. Carpenter, (2003). "Default ARTMAP", In Proceedings of the International Joint Conference on Neural Networks, Volume 2, pp. 1396–1401.
[21]G.A. Carpenter, S. Grossberg, N. Markuzon, J.H. Reynolds, D.B. Rosen, (1992). "Fuzzy ARTMAP: a neural network for incremental supervised learning of analog multidimensional maps", IEEE Transactions on Neural Network, Valume 3, Issue 5, pp. 689-713.
[22]Xu-sheng Gan, Jing-shun Duanmu, Jia-fu Wang, Wei Cong, (2013). “Anomaly intrusion detection based on PLS feature extraction and core vector machine”, Knowledge-Based Systems, Volume 40, pp. 1–6.
[23]Lohr, Sharon L. Sampling, (1999): Design and analysis. Duxbury. ISBN 0-534-35361-4.
[24]H.T. Nguyen, K. Franke and S. Petrovi'c, (2010). "Towards a generic feature-selection measure for intrusion detection", International Conference on Pattern Recognition, ISSN: 1051-4651, pp. 1529-1532.
[25]Zainal, M.A. Maarof and S.M. Shamsuddin, (2007). "Feature selection using Rough-DPSO in anomaly intrusion detection", Lecture Notes in Computer Science, Computational Science and its Applications, Volume 4705, Part I, pp. 512–524.
[26]Porto-D'?az, D. Mart'?nez-Rego, A. Alonso-Betanzos and O. Fontenla-Romero, (2009). "Combining feature selection and local modelling in the KDD Cup 99 dataset", Lecture Notes in Computer Science, Artificial Neural Networks, Volume 5768,pp. 824–833.
[27]John Zhong Lei, Ali A. Ghorbani, (2012). “Improved competitive learning neural networks for network intrusion and fraud detection”, Neurocomputing, Volume 75, Issue 1, Pages 135–145.
[28]MIT Lincoln Laboratory (2000). DARPA intrusion detection scenario specific datasets. <http://www.ll.mit.edu/mission/communications/ist/CST/index.html>.
[29]B. Kavitha, Dr. S. Karthikeyan, P. Sheeba Maybell, (2012). “An ensemble design of intrusion detection system for handling uncertainty using Neutrosophic Logic Classifier”, Knowledge-Based Systems, Volume 28, pp.88- 96.
[30]W. Moore and D. Papagiannaki, (2005). “Toward the accurate identification of network applications,” in Proc. 6th Passive Active Meas. Workshop (PAM), vol. 3431, pp. 41–54.
[31]W. Moore and D. Zuev, (2005). “Internet traffic classification using Bayesian analysis techniques,” in Proc. ACM Sigmetrics, pp. 50–60.
[32]W. Moore and D. Zuev, (2005). Discriminators for use in flow-based classification, Intel Research Tech. Rep.