Abstract
Intrusion detection systems are devoted to monitor a network with aims at finding and avoiding anomalous events. In particular, we focus on misuse detection systems, which are trained to identify several known types of attacks. These can be unauthorized accesses, or denial of service attacks, among others. Whenever it scans a trace of a suspicious event, it is programmed to trigger an alert and/or to block this dangerous access to the system. Depending on the security policies of the network, the administrator may seek different requirements that will have a strong dependency on the behavior of the intrusion detection system. For a given application, the cost of raising false alarms could be higher than carrying out a preventive access lock. In other scenarios, there could be a necessity of correctly identifying the exact type of cyber attack to proceed in a given way. In this paper, we propose a multi-objective evolutionary fuzzy system for the development of a system that can be trained using different metrics. By increasing the search space during the optimization of the model, more accurate solutions are expected to be obtained. Additionally, this scheme allows the final user to decide, among a broad set of solutions, which one is better suited for the current network characteristics. Our experimental results, using the well-known KDDCup’99 problem, supports the quality of this novel approach in contrast to the state-of-the-art for evolutionary fuzzy systems in intrusion detection, as well as the C4.5 decision tree.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Notes
References
Alcala R, Alcalá-Fdez J, Herrera F (2007) A proposal for the genetic lateral tuning of linguistic fuzzy systems and its interaction with rule selection. IEEE Trans Fuzzy Syst 15(4):616–635
Alcalá-Fdez J, Alcalá R, Herrera F (2011) A fuzzy association rule-based classification model for high-dimensional problems with genetic rule selection and lateral tuning. IEEE Trans Fuzzy Syst 19(5):857–872
Alok AK, Saha S, Ekbal A (2016) Multi-objective semi-supervised clustering for automatic pixel classification from remote sensing imagery. Soft Comput 20(12):4733–4751
Benferhat S, Boudjelida A, Tabia K, Drias H (2013) An intrusion detection and alert correlation approach based on revising probabilistic classifiers using expert knowledge. Appl Intell 38(4):520–540
Bostani H, Sheikhan M (2017) Hybrid of binary gravitational search algorithm and mutual information for feature selection in intrusion detection systems. Soft Comput 21(9):2307–2324
Branke J, Deb K, Dierolf H, Osswald M (2004) Finding knees in multi-objective optimization. In: Yao X, Burke EK, Lozano JA, Smith J, Guervós JJM, Bullinaria JA, Rowe JE, Tiño P, Kabán A, Schwefel HP (eds) PPSN, Lecture Notes in Computer Science, vol 3242. Springer, New York, pp 722–731
Casillas J, Cordón O, del Jesús MJ, Herrera F (2005) Genetic tuning of fuzzy rule deep structures preserving interpretability and its interaction with fuzzy rule set reduction. IEEE Trans Fuzzy Syst 13(1):13–29
Chebrolu S, Abraham A, Thomas JP (2005) Feature deduction and ensemble design of intrusion detection systems. Comput Secur 24(4):295–307
Chung YY, Wahid N (2012) A hybrid network intrusion detection system using simplified swarm optimization (SSO). Appl Soft Comput 12(9):3014–3022
Coello-Coello CA, Lamont G, van Veldhuizen D (2007) Evolutionary algorithms for solving multi-objective problems, genetic and evolutionary computation, 2nd edn. Springer, Berlin
Cordón O, del Jesus MJ, Herrera F (1999) A proposal on reasoning methods in fuzzy rule-based classification systems. Int J Approx Reason 20(1):21–45
Deb K, Pratap A, Agarwal S, Meyarivan T (2002) A fast and elitist multiobjective genetic algorithm: NSGA-II. IEEE Trans Evol Comput 6(2):182–197
Debar H, Dacier M, Wespi A (1999) Towards a taxonomy of intrusion-detection systems. Comput Netw 31(8):805–822
Eiben AE, Smith JE (2003) Introduction to evolutionary computation. Springer, Berlin
Elhag S, Fernández A, Bawakid A, Alshomrani S, Herrera F (2015) On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on intrusion detection systems. Expert Syst Appl 42(1):193–202
Fernández A, Calderón M, Barrenechea E, Bustince H, Herrera F (2010) Solving multi-class problems with linguistic fuzzy rule based classification systems based on pairwise learning and preference relations. Fuzzy Sets Syst 161(23):3064–3080
Fernández A, del Jesus MJ, Herrera F (2010) On the 2-tuples based genetic tuning performance for fuzzy rule based classification systems in imbalanced data-sets. Inf Sci 180(8):1268–1291
Fernandez A, del Rio S, Lopez V, Bawakid A, del Jesus MJ, Benitez JM, Herrera F (2014) Big data with cloud computing: an insight on the computing environment, mapreduce and programming frameworks. Wiley Interdisc Rev Data Min Knowl Discov 4(5):380–409
Fernandez A, Lopez V, del Jesus MJ, Herrera F (2015) Revisiting evolutionary fuzzy systems: taxonomy, applications, new trends and challenges. Knowl Based Syst 80:109–121
Gacto M, Alcalá R, Herrera F (2011) Interpretability of linguistic fuzzy rule-based systems: an overview of interpretability measures. Inf Sci 181(20):4340–4360
Galar M, Fernández A, Barrenechea E, Bustince H, Herrera F (2011) An overview of ensemble methods for binary classifiers in multi-class problems: experimental study on one-vs-one and one-vs-all schemes. Pattern Recogn 44(8):1761–1776
Goroohi Sardou I, Ameli MT (2016) A fuzzy-based non-dominated sorting genetic algorithm-II for joint energy and reserves market clearing. Soft Comput 20(3):1161–1177
Guo C, Zhou Y, Ping Y, Zhang Z, Liu G, Yang Y (2014) A distance sum-based hybrid method for intrusion detection. Appl Intell 40(1):178–188
Herrera F, Martínez L (2000) A 2-tuple fuzzy linguistic representation model for computing with words. IEEE Trans Fuzzy Syst 8(6):746–752
Ishibuchi H, Yamamoto T (2005) Rule weight specification in fuzzy rule-based classification systems. IEEE Trans Fuzzy Syst 13:428–435
Ishibuchi H, Nakashima T, Nii M (2004) Classification and modeling with linguistic information granules: advanced approaches to linguistic data mining. Springer, Berlin
Kavsek B, Lavrac N (2006) Apriori-sd: Adapting association rule learning to subgroup discovery. Appl Artif Intell 20(7):543–583
Khor KC, Ting CY, Phon-Amnuaisuk S (2012) A cascaded classifier approach for improving detection rates on rare attack categories in network intrusion detection. Appl Intell 36(2):320–329
Kudlacik P, Porwik P, Wesołowski T (2016) Fuzzy approach for intrusion detection based on user’s commands. Soft Comput 20(7):2705–2719
Lee W, Stolfo S (2000) A framework for constructing features and models for intrusion detection systems. ACM Trans Inf Syst Secur 3(4):227–261
Mitchell R, Chen I (2015) Behavior rule specification-based intrusion detection for safety critical medical cyber physical systems. IEEE Trans Dependable Secure Comput 12(1):16–30
Mohammadi Shanghooshabad A, Saniee Abadeh M (2016) Sifter: an approach for robust fuzzy rule set discovery. Soft Comput 20(8):3303–3319
Pan S, Morris T, Adhikari U (2015) Developing a hybrid intrusion detection system using data mining for power systems. IEEE Trans Smart Grid 6(6):3104–3113
Patcha A, Park JM (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput Netw 51(12):3448–3470
Perona I, Gurrutxaga I, Arbelaitz O, Martín JI, Muguerza J, Pérez JM (2008) Service-independent payload analysis to improve intrusion detection in network traffic. In: Proceedings of the 7th Australasian Data Mining Conference (AusDM08), pp 171–178
Quinlan J (1993) C4.5: programs for machine learning. Morgan Kauffman, San Mateo
Tavallaee M, Bagheri E, Lu W, Ghorbani A (2009) A detailed analysis of the KDD cup 99 data set. In: Second IEEE symposium on computational intelligence for security and defense applications (CISDA09), pp 53–58
Vasilomanolakis E, Karuppayah S, Muhlhauser M (2015) Taxonomy and survey of collaborative intrusion detection. ACM Comput Surv 47(4):55:1–55:33
Wu SX, Banzhaf W (2010) The use of computational intelligence in intrusion detection systems: a review. Appl Soft Comput 10(1):1–35
Zhang C, Zhang S (2002) Association rule mining, models and algorithms, Lecture Notes in Computer Science, vol 2307. Springer, Berlin
Acknowledgements
This paper was funded by King Abdulaziz University, under Grant HiCi. The authors therefore, acknowledge technical and financial support of KAU.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
None
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Communicated by V. Loia.
Rights and permissions
About this article
Cite this article
Elhag, S., Fernández, A., Altalhi, A. et al. A multi-objective evolutionary fuzzy system to obtain a broad and accurate set of solutions in intrusion detection systems. Soft Comput 23, 1321–1336 (2019). https://doi.org/10.1007/s00500-017-2856-4
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-017-2856-4