Big data analytics by automated generation of fuzzy rules for Network Forensics Readiness

Abstract

Analysis of large-scale traffic dumps in Network Forensics can be a complex and non-trivial problem. This is an important step in collecting evidences and making threat intelligence to foresee new illegal activities. Machine Learning comes into help to automatically support decision of forensics expert. Furthermore, application in live systems may bring additional obstacles related to forensics readiness and knowledge discovery. We believe that it can be mitigated by means of Neuro-Fuzzy, a fusion of human-understandable model and automated data analytic. This method includes optimal unsupervised grouping of samples with so-called Self-Organizing Features Map and fuzzy rules tuning by Artificial Neural Network. In this work we propose improvements of the methods that makes it possible to extract fewer fuzzy rules in a faster manner. The new method has two advantages in comparison to existing. First, we improve the estimation of fuzzy patches. Second, parameterization that represents the data by incorporating additional ellipse compactness information. By using ellipse rotation and flattering information, the membership functions can be derived. To even further enhance the generalization of the method, the bootstrap aggregation was tested during the grouping phase. Finally, the method has been assessed on the intrusion detection dataset with a five millions samples with classification accuracy 94% using only 12 rules.