Entropy Based Fuzzy Rule Weighting for Hierarchical Intrusion Detection

Predicting different behaviors in computer networks is the subject of many data mining researches. Providing a balanced Intrusion Detection System (IDS) that directly addresses the trade-off between the ability to detect new attack types and providing low false detection rate is a fundamental challenge. Many of the proposed methods perform well in one of the two aspects, and concentrate on a subset of system requirements. There are many non-functional requirements for an applicable and practical IDS. The process should be online, incremental and adaptive to ever changing behaviors of normal users and attackers. Moreover providing comprehensive and interactive IDS could both, enhance the performance of the system and extend the knowledge of domain experts.In this paper, we propose a fuzzy rule-based classification system using a hierarchical rule learning method. In each stage of the hierarchy, a set of rules with certain length of antecedent are investigated. A novel rule weighting method, based on the entropy measure, determines the appropriateness of each rule. The experimental results on KDD99 intrusion detection dataset show the effectiveness of the proposed method in tackling the tradeoff between accuracy and comprehensibility of fuzzy rule-based systems. Although the dimension of antecedents is not limited, the resultant rule-base contains a small number of complex rules, which are essential to reach the desired accuracy.