A Multicriterion Fuzzy Classification Method with Greedy Attribute Selection for Anomaly-based Intrusion Detection

Abstract

Intrusion is widely recognized as a chronic and recurring problem of computer systems’ security with the continual changes and increasing volume of hacking techniques. This paper explores a new countermeasure approach for anomaly-based intrusion detection using a multicriterion fuzzy classification method combined with a greedy attribute selection. The proposed approach has the advantage of dealing with various types of attributes including network traffic basic TCP/IP packet headers, as well as content-based, time-based and host-based attributes. At the same time, to reduce the dimensionality and increase the computational efficiency, the greedy attribute selection algorithm enables it to choose an optimal subset of attributes that is most relevant for detecting intrusive events. The simplicity of the constructed model allows it to be replicated at various network components in emerging open system infrastructures such as sensor networks, wireless ad hoc networks, cloud computing, and smart grids. The proposed approach is evaluated and compared on a commonly-used intrusion detection benchmark dataset. The results show more than 99.9% overall accuracy with high detection rates for various types of intrusions can be achieved with about 26% only of the available attributes.