Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection

Chi-Ho TSANG, Sam KWONG, Hanli WANG

Research output: Journal PublicationsJournal Article (refereed)peer-review

212 Citations (Scopus)

Abstract

Classification of intrusion attacks and normal network traffic is a challenging and critical problem in pattern recognition and network security. In this paper, we present a novel intrusion detection approach to extract both accurate and interpretable fuzzy IF-THEN rules from network traffic data for classification. The proposed fuzzy rule-based system is evolved from an agent-based evolutionary framework and multi-objective optimization. In addition, the proposed system can also act as a genetic feature selection wrapper to search for an optimal feature subset for dimensionality reduction. To evaluate the classification and feature selection performance of our approach, it is compared with some well-known classifiers as well as feature selection filters and wrappers. The extensive experimental results on the KDD-Cup99 intrusion detection benchmark data set demonstrate that the proposed approach produces interpretable fuzzy systems, and outperforms other classifiers and wrappers by providing the highest detection accuracy for intrusion attacks and low false alarm rate for normal network traffic with minimized number of features. © 2007 Pattern Recognition Society.
Original languageEnglish
Pages (from-to)2373-2391
JournalPattern Recognition
Volume40
Issue number9
DOIs
Publication statusPublished - Sept 2007
Externally publishedYes

Funding

The work described in this paper was supported by a grant from City University Strategic Grant 7001955.

Keywords

  • Feature selection
  • Fuzzy classifier
  • Genetic algorithms
  • Intrusion detection
  • Multi-objective optimization

Fingerprint

Dive into the research topics of 'Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection'. Together they form a unique fingerprint.

Cite this