A Hybrid Intrusion Detection Technique using Fuzzy Association Rules
Date Issued
2015
Date
2015
Author(s)
Chen, Po-Ting
Abstract
Intrusion detection includes both misuse detection and anomaly detection. Misuse detection concerns the detection of known attacks, while anomaly detection is about the detection of attacks that might be unknown. It is important for an intrusion detection system to have ability to detection both misuse and anomlay situations. The thesis presents an intrusion detection system (IDS) that architecture can achieve both misuse detection and anomaly detection. The goal of misuse detection is to achieve higher accuracy and anomaly detection to detect unknown attacks. The rule files can be edited and added to modify or expand the functionality. In this study, we use fuzzy association rule mining to automatically generate rule files for IDS. In this study, KDD Cup 99 dataset and our own dataset are for assessment and analysis. By using KDD Cup 99 dataset, the detection rate of misuse detection can reach almost 97.4% and the detection rate of anomaly detection can achieve 95% with false positive rate equal to 0%. Using our own dataset, the detection rate is 95% and the false positive rate is 10%.
Subjects
computer security
intrusion detection system
Type
thesis