Journal of Network and Information Security

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

A Combined Reasoning System for Knowledge Based Network Intrusion Detection


Affiliations
1 Addis Ababa University, Institute of Ethiopian Studies, Ethiopia
2 Addis Ababa University, School of Information Science, Ethiopia
     

   Subscribe/Renew Journal


In this study, a combination of rule based and case based reasoning for network intrusion detection is proposed. To this end, knowledge is extracted using data mining from sampled KDDcup‘99 intrusion data set. Both descriptive and predictive models are created using K-means clustering and JRip rule induction respectively. Descriptive model is used to design case-based reasoning and predictive model to construct rule-based reasoning. A conditional combination is used for controlling the reasoning between RBR and CBR. In the combined system, it is the RBR that first treat the new query for recommending a solution. If RBR is unable to recommend, the query is automatically forwarded to the CBR system where the case retrieval module identifies the most related solution using case similarity measure. The combination of rule-based and case-based reasoning methods has shown an average of 9.5% improvement with regards to performance over the individual reasoning methods. As a continuation of the intrusion detection, we are now working towards the development of a combined intrusion detection system that prevents intruders to enhance the performance of the system.

Keywords

Combination of CBR and RBR, Combined Intrusion Detection, Knowledge-Based Intrusion Detection, Network Intrusion Detection.
Subscription Login to verify subscription
User
Notifications
Font Size


  • S. K. Miller, “An introduction to computer security,” IEEE Computer, vol. 38, no. 34, 2001.

  • A. H. Fares, and M. I. Sharawy, “Intrusion detection: Supervised machine learning,” Computing Science and Engineering, vol. 5, no. 4, pp. 305-313, December 2011.

  • A. Usman, H. Sajjad, N. Salman, and U. Obaid, “A survey of intrusion detection and prevention techniques,” International Conference on Information Communication and Management, vol. 16, pp. 23-36, 2011.

  • M. Sumit, M. Mary, J. Anupam, and F. Tim, “A knowledge-based approach to intrusion detection modeling,” in Computer Science and Electrical Engineering, Maryland, pp. 19-30, 2006.

  • D. Hervé, “An introduction to intrusion-detection systems,” in Proceedings of Connect’2000, Zurich, pp. 1-18, IBM Research, IBM Reseach Laboratory, 2002.

  • U. Fayyad, G. Piatetsky-Shapiro, and P. Smyth, “Knowledge discovery and data mining: Towards a unifying framework,” in Knowledge Discovery and Data Mining, California, pp. 82-88, 1996.

  • D. Hassen, “Integrating descriptive modelling with case based reasoning in network intrusion detection,” Machine Learning, School of Information Science: Addis Ababa University, M.Sc. Thesis, 2015.

  • Jaiganesh “Investigation on machine learning algorithms for network intrusion detection system,” Department of Computer Science & Engineering, Manonmaniam Sundaranar University, Ph.D. Dissertation, July 2014.

  • P. Dokas, L. Ertoz, V. Kumar, A. Lazarevic, A. J. Srivastava, and P. N. Tan, “Data mining for network intrusion detection,” IEEE, 1987.

  • Intrusion Detection Systems, 6th ed., New York: Information Assurance Tools Report IATR, 2009.

  • Khandelwal, “Knowledge based systems, problem solving competency and learnability,” Suresh Gyan Vihar University, Department of Computer Science, 2014.

  • H. A. Nguyen, and D. Choi, “Application of data mining to network intrusion detection: Classifier selection model,” in APNOMS, Berlin, pp. 399-408, 2008.

  • M. Abdilkerim, “Towards integrating data mining with knowledge based system: The case of network intrusion detection,” School of Information Science, Addis Ababa University, Addis Ababa, M.Sc. Thesis, 2013.

  • P. Carsten, “Integrating and updating domain knowledge with data mining,” Leipzig Graduate School of Management, vol. 3, pp. 50-62, June 2000.

  • J. Schäfer, “Capture, distribution and evolution of information needs in a process-oriented knowledge management environment,” University of Kaiserslautern, Department of Computer Science, 2003.

  • M. K. Patond, and Deshmukh, “Survey on data mining techniques for intrusion detection system,” International Journal of Research Studies in Science, Engineering and Technology, vol. 1, no. 1, pp. 93-97, 2014.

  • R. Kumar, Research Methodology - A Step-by-Step Guide for Beginners, 2nd ed., Singapore: Sage, 2005.

  • R. S. Engelmore, and E. Feigenbaum, “Japanese technology evaluation center, knowledge based systems in Japan,” 21 March 2009. Available: http://www.wtec.org/loyola/kb/toc.htm

  • A. J. Champandard, “AI depot, Artificial Intelligence,” 23 October 2008. Available: http://aidepot.com/Intro.html

  • J. Prentzas, and I. Hatzilygeroudis, “Categorizing approaches combining rule-based and case-based reasoning,” Expert Systems, vol. 24, no. 2, pp. 97-122, May 2007.

  • A. Bekele, “Integrated case based and rule based reasoning for decision support,” Norwegian University of Science and Technology, Department of Computer and Information Science, M.Sc. Thesis, 2009.

  • T. Dagne, “Constructing predictive model for network intrusion detection,” School of Information Science, Addis Ababa University, Addis Ababa, M.Sc. Thesis, 2012.

  • D. Hassen, “Integrating descriptive modelling with case based reasoning in network intrusion detection,” School of Information Science, Addis Ababa University, M.Sc. Thesis, 2014.

  • L. Wang, and R. Jones, “Big data analytics for network intrusion detection: A survey,” International Journal of Networks and Communications, vol. 7, no. 1, pp. 24-31, 2017. DOI: 10.5923/j.ijnc.20170701.03

  • Jaiganesh, “Investigation on machine learning algorithms for network intrusion detection system,” Department of Computer Science & Engineering, Manonmaniam Sundaranar University, Ph.D. Dissertation, July 2014.

  • K. Khandelwal, and D. P. Sharma, “Hybrid reasoning model for strengthening the problem solving capability of expert systems,” International Journal of Advanced Computer Science and Applications (IJACSA), vol. 4, no. 10, pp. 88-94, 2013.

  • E. L. Rissland, and D. B. Skalak, “Combining case-based and rule-based reasoning: A heuristic approach,” in Eleventh International Joint Conference on Artificial Intelligence (IJCAI’89), pp. 524-530, 1989.

  • D. M. W. Powers, “Evaluation: From precision, recall and F-measure to ROC, informedness, markedness and correlation,” Journal of Machine Learning Technologies, vol. 2, no. 1, pp. 37-63, 2011.


Abstract Views: 198

PDF Views: 0




  • A Combined Reasoning System for Knowledge Based Network Intrusion Detection

Abstract Views: 198  |  PDF Views: 0

Authors

Meseret Assefa
Addis Ababa University, Institute of Ethiopian Studies, Ethiopia
Million Meshesha
Addis Ababa University, School of Information Science, Ethiopia

Abstract


In this study, a combination of rule based and case based reasoning for network intrusion detection is proposed. To this end, knowledge is extracted using data mining from sampled KDDcup‘99 intrusion data set. Both descriptive and predictive models are created using K-means clustering and JRip rule induction respectively. Descriptive model is used to design case-based reasoning and predictive model to construct rule-based reasoning. A conditional combination is used for controlling the reasoning between RBR and CBR. In the combined system, it is the RBR that first treat the new query for recommending a solution. If RBR is unable to recommend, the query is automatically forwarded to the CBR system where the case retrieval module identifies the most related solution using case similarity measure. The combination of rule-based and case-based reasoning methods has shown an average of 9.5% improvement with regards to performance over the individual reasoning methods. As a continuation of the intrusion detection, we are now working towards the development of a combined intrusion detection system that prevents intruders to enhance the performance of the system.

Keywords


Combination of CBR and RBR, Combined Intrusion Detection, Knowledge-Based Intrusion Detection, Network Intrusion Detection.

References