Intrusion detection using fuzzy association rules

Vulnerabilities in common security components such as firewalls are inevitable. Intrusion Detection Systems (IDS) are used as another wall to protect computer systems and to identify corresponding vulnerabilities. In this paper a novel framework based on data mining techniques is proposed for designing an IDS. In this framework, the classification engine, which is actually the core of the IDS, uses Association Based Classification (ABC). The proposed classification algorithm uses fuzzy association rules for building classifiers. Particularly, the fuzzy association rulesets are exploited as descriptive models of different classes. The compatibility of any new sample (which is to be classified) with different class rulesets is assessed by the use of some matching measures and the class corresponding to the best matched ruleset is declared as the label of the sample. A new method is also proposed to speed up the rule induction algorithm via reducing items that may be included in extracted rules. KDD-99 dataset is used to evaluate the proposed framework. Although results on unseen attacks are not so promising, total detection rate and detection rate of known attacks is significant while false positive rate is kept low. Results are compared with some recent works in the literature using the same dataset. Generally, the proposed approach outperforms other methods, specially in terms of false positive rate.