Premium
An efficient class association rule‐pruning method for unified intrusion detection system using genetic algorithm
Author(s) -
Lu Nannan,
Mabu Shingo,
Wang Tuo,
Hirasawa Kotaro
Publication year - 2013
Publication title -
ieej transactions on electrical and electronic engineering
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.254
H-Index - 30
eISSN - 1931-4981
pISSN - 1931-4973
DOI - 10.1002/tee.21836
Subject(s) - pruning , association rule learning , misuse detection , intrusion detection system , anomaly detection , computer science , data mining , matching (statistics) , genetic algorithm , class (philosophy) , degree (music) , algorithm , pattern recognition (psychology) , artificial intelligence , machine learning , anomaly based intrusion detection system , mathematics , statistics , physics , acoustics , agronomy , biology
Genetic network programming (GNP)‐based class association rule mining has been demonstrated to be efficient for misuse and anomaly detection. However, misuse detection is weak in detecting brand new attacks, while anomaly detection has a defect of high positive false rate. In this paper, a unified detection method is proposed to integrate misuse detection and anomaly detection to overcome their disadvantages. In addition, GNP‐based class association rule mining method extracts an overwhelming number of rules which contain much redundant and irrelevant information. Therefore, in this paper, an efficient class association rule‐pruning method is proposed based on matching degree and genetic algorithm (GA). In the first stage, a matching degree‐based method is applied to preprune the rules in order to improve the efficiency of the GA. In the second stage, the GA is implemented to pick up the effective rules among the rules remaining in the first stage. Simulations on KDDCup99 show the high performance of the proposed method. © 2012 Institute of Electrical Engineers of Japan. Published by John Wiley & Sons, Inc.