A Class Association Rule Based Classifier Using Probability Density Functions for Intrusion Detection Systems

As the number of computer systems connected to the Internet is increasing exponentially, the computer security has become a crucial problem, and many techniques for Intrusion detection have been proposed to detect network attacks efficiently. On the other hand, data mining algorithms based on Genetic Network Programming (GNP) have been proposed and applied to Intrusion detection recently. GNP is a graph-based evolutionary algorithm and can extract many important class association rules by making use of the distinguished representation ability of the graph structure. In this paper, probabilistic classification algorithms based on multi-dimensional probability distribution are proposed and combined with conventional class association rule mining of GNP, and applied to network intrusion detection for the performance evaluation. The proposed classification algorithms are based on 1) one-dimensional probability density functions and 2) a two-dimensional joint probability density function. These functions represent the distribution of normal and intrusion accesses and efficiently classify a new access data into normal, known intrusion or even unknown intrusion. The simulations using KDD99Cup database from MIT Lincoln Laboratory show some advantages of the proposed algorithms over the conventional mean and standard deviation-based method.