The International Arab Journal of Information Technology (IAJIT)


An Innovative Two-Stage Fuzzy kNN-DST

 Intrusion detection is the essential part of networ k security in combating against illegal network acc ess or malicious attacks. Due to constantly evolving nature of netwo rk attacks, it has been a technical challenge for an Intrusion Detection System (IDS) to recognize unknown attacks or known attacks with inadequate training data. In this work, an innovative fuzzy classifier is proposed for effectively detecting bo th unknown attacks and known attacks with insuffici ent or inaccurate training information. A Fuzzy C.Means (FCM) algorithm is fir stly employed to softly compute and optimise clustering centers of the training datasets with some degree of fuzziness cou nting for inaccuracy and ambiguity in the training data. Subsequently, a distance.weighted k.Nearest Neighbors (k.NN) classi fier, combined with the Dempster Shafer Theory (DST ) is introduced to assess the belief functions and pignistic probabili ties of the incoming data associated with each of k nown classes. Finally, a two.stage intrusion detection scheme is implemented based on the obtained pignistic probabilities and their entropy function to determine if the input data are normal, one of the known attacks or an unknown attack. The proposed in trusion detection algorithm is evaluated through the application of t he KDD’99 datasets and their variants containing kn own and unknown attacks. The experimental results show that the new algorithm outperforms other intrusion detection algorithms and is especially effective in detecting unknown attacks.  

[1] Altincay H., Ensembling Evidential K-Nearest Neighbor Classifiers Through Multi-Modal Perturbation, Applied Soft Computing , vol. 7, no. 3, pp. 1072-1083, 2007.

[2] Ambwani T., Multi Class Support Vector Machine Implementation to Intrusion Detection, in Proceedings of the International Joint Conference on Neural Networks , pp. 2300- 2305, 2003.

[3] Berardi V. and Zhang G., The Effect of Misclassification Costs on Neural Network Classifiers, Decision Science , vol. 30, no. 3, pp. 659-682, 1999.

[4] Cherkassky V., The Nature of Statistical Learning Theory, IEEE Transactions on Neural Networks , vol. 8, no. 6, pp. 1564-1564, 1997.

[5] De Biasi M., Snickars C., Landernas K., and Isaksson A., Simulation of Process Control With Wireless HART Networks Subject to Packet Losses, in Proceedings of IEEE CASE , Arlington, pp. 548-553, 2008.

[6] De Castro L. and Von Zuben F., Learning And Optimization using the Clonal Selection Principle, IEEE Transactions on Evolutionary Computation , vol. 6, no. 3, pp. 239-251, 2002.

[7] Denatious D. and John A., Survey on Data Mining Techniques to Enhance Intrusion Detection, in Proceedings of International Conference on Computer Communication and Informatics , Coimbatore, pp. 1-5, 2012.

[8] Denoeux T., A K-Nearest Neighbor Classification Rule Based on Dempster-Shafer Theory, IEEE Transactions on Systems, Man, and Cybernetics , vol. 25, no. 5, pp. 804-813, 1995.

[9] Golovko V. and Kochurko P., Intrusion Recognition Using Neural Networks, in Proceedings of Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications , Sofia, pp. 108-111, 2005.

[10] Goyal M., Aggarwal A., and Jain N., Effect of Change in Rate of Genetic Algorithm Operator on Composition of Signatures for Misuse Intrusion Detection System, in Proceedings of the 2 nd IEEE International Conference on Parallel Distributed and Grid Computing , Solan, pp. 669-672, 2012.

[11] Guangyou Y., A Modified Particle Swarm Optimizer Algorithm, in Proceedings of the 8 th International Conference on Electronic Measurement and Instruments , Xi'an, pp. 675- 679, 2007.

[12] Han W., Xiong W., Xiao Y., Ellabidy M., Vasilakos A., and Xiong N., A Class of Non- Statistical Traffic Anomaly Detection in Complex Network Systems, in Proceedings of the 32 nd International Conference on Distributed Computing Systems Workshops , Macau, pp. 640- 646, 2012.

[13] Hofmann A., Schmitz C., and Sick B., Rule Extraction from Neural Networks for Intrusion Detection in Computer Networks, in Proceedings of International Conference on Systems , Man and Cybernetics , pp. 1259-1265, 2003.

[14] Hwang W. and Wen K., Fast kNN Classification Algorithm Based on Partial Distance Search, Electronics Letters , vol. 34, no. 21, pp. 2062- 2063, 1998.

[15] Jiang L., Zhang H., and Cai Z., A Novel Bayes Model: Hidden Na ve Bayes, IEEE Transactions on Knowledge and Data Engineering , vol. 21, no. 10, pp. 1361-1371, 2009.

[16] KDD Cup 1999 Data., available at: p99.html, last visited 2013

[17] Keller J., Gray M., and Givens J., A Fuzzy K- Nearest Neighbor Algorithm, IEEE Transaction System Man, and Cybernetics , vol. 15, no. 4, pp. 580-585, 1985.

[18] Kim D., Nguyen H., and Park J., Genetic Algorithm to Improve SVM based Network Intrusion Detection System, in Proceedings of the 19 th International Conference on Advanced Information Networking and Applications , pp. 155-158, 2005.

[19] Kotsiantis S., Integrating Global and Local Application of Naive Bayes Classifier, International Arab Journal of Information Technology , vol. 11, no. 3, pp. 300-307, 2014.

[20] Lee S. and Heinbuch D., Training a Neural- Network based Intrusion Detector to Recognize Novel Attacks, IEEE Transactions on Systems , Man and Cybernetics, Part A: Systems and Humans , vol. 31, no. 4, pp. 294-299, 2001.

[21] Li H., Wen G., and Cai X., Subspace Local Mean Evidence Classifier, Journal of Computational Information System , vol. 8, pp. 8985-8992, 2012.

[22] Li J., Zhang G., and Gu G., The Research And Implementation of Intelligent Intrusion Detection System Based on Artificial Neural Network, in Proceedings of International Conference on Machine Learning and Cybernetics , pp. 3178- 3182, 2004.

[23] Liu Z., Dezert J., Mercier G., and Pan Q., Belief C-Means: An EXTENSION of Fuzzy C-Means Algorithm in Belief Function Framework , 366 The International Arab Journal of Informa tion Technology, Vol. 13, No. 4, July 2016 Pattern Recognition Letters , vol. 33, no. 3, pp. 291-300, 2012.

[24] Mitchell R. and Chen I., Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems, IEEE Transactions on Reliability , vol. 62, no. 1, pp. 199-210, 2013.

[25] Mukkamala S., Janoski G., and Sung A., Intrusion detection using neural networks and Support Vector Machines, in Proceedings of International Joint Conference on Neural Networks , Honolulu, pp. 1702-1707, 2002.

[26] Roomi M. and Saranya S., Bayesian Classification of Fabrics using Binary Co- Occurrence Matrix, International Journal of Information Science and Techniques , vol. 2, no. 2, pp. 1-9, 2012.

[27] Setnes M. and Babuska R., Fuzzy relational Classifier Trained by Fuzzy Clustering, IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics, vol. 29, no. 5, pp. 619-625, 1999.

[28] Shafer G., A Mathematical Theory of Evidence , Princeton University Press, 1979.

[29] Shazzad K. and Park J., Optimization of Intrusion Detection through Fast Hybrid Feature Selection, in Proceedings of the 6 th International Conference on Parallel and Distributed Computing Applications and Technologies , pp. 264-267, 2005.

[30] Singh J., Kaur L., and Gupta S., A Cross-Layer Based Intrusion Detection Technique for Wireless Networks, the International Arab Journal of Information Technology , vol. 9, no. 3, pp. 201-207, 2012.

[31] Tadjudin S. and Landgrebe D., A Decision Tree Classifier Design For High-Dimensional Data With Limited Training Samples, in Proceedings of International Geoscience and Remote Sensing Symposium , Lincoln, pp. 790-792, 1996.

[32] Yager R., Generalized Probabilities of Fuzzy Events from Fuzzy Belief Structures, Information Sciences , vol. 28, no. 1, pp. 45-62, 1982. Xueyan Jing currently is a PhD candidate in the Department of Electrical and Computer Engineering at Florida International University, USA. Her research interests include building next-generation tools using data-mining algorithms to detect stealth intruders in networking systems and applications of machine learning techniques in securing wireless networks. Yingtao Bi is a research assistant professor in the Feinberg School of Medicine at Northwestern University, USA. His recent research focuses mainly on developing data- mining algorithms and informatics approaches for solving problems in biology and medicine for cancer treatment. Hai Deng received the PhD degree in Electrical Engineering from University of Texas at Austin in 2000. He has been with Department of Electrical and Computer Engineering at Florida International University, USA since 2009. His research interests include radar sensor networks, MIMO radar, biomedical signal processing and VLSI design.