Anomaly intrusion detection based on genetic optimization and fuzzy rules mining

Abstract

A genetic-fuzzy rule mining approach applied to anomaly intrusion detection was proposed, with an Agent-based evolutionary computing framework. Due to the exchanging of fuzzy sets information among the fuzzy sets Agents, accurate and interpretable fuzzy IF-THEN rules could be extracted from network traffic data for optimizing the interpretability and improving the compactivity of the fuzzy systems, by using three strategies including fuzzy sets distribution, interpretable regulation and fuzzy rules generation. All the training and testing datasets were based on the KDD CUP 99 intrusion detection benchmark data set. Compared with the current methods, the experimental results show that the proposed approach can provide higher detection accuracy and lower false alarm rate for DoS, Probe and U2R attacks with a slightly poorer performance for R2L attacks.