An Intrusion-Detection Model Based on Fuzzy Class-Association-Rule Mining Using Genetic Network Programming

As the Internet services spread all over the world, many kinds and a large number of security threats are increasing. Therefore, intrusion detection systems, which can effectively detect intrusion accesses, have attracted attention. This paper describes a novel fuzzy class-association-rule mining method based on genetic network programming (GNP) for detecting network intrusions. GNP is an evolutionary optimization technique, which uses directed graph structures instead of strings in genetic algorithm or trees in genetic programming, which leads to enhancing the representation ability with compact programs derived from the reusability of nodes in a graph structure. By combining fuzzy set theory with GNP, the proposed method can deal with the mixed database that contains both discrete and continuous attributes and also extract many important class-association rules that contribute to enhancing detection ability. Therefore, the proposed method can be flexibly applied to both misuse and anomaly detection in network-intrusion-detection problems. Experimental results with KDD99Cup and DARPA98 databases from MIT Lincoln Laboratory show that the proposed method provides competitively high detection rates compared with other machine-learning techniques and GNP with crisp data mining.