Intrusion detection using a linguistic hedged fuzzy-XCS classifier system

Abstract

Intrusion detection systems (IDS) are a fundamental defence component in the architecture of the current telecommunication systems. Misuse detection is one of the different approaches to create IDS. It is based on the automatic generation of detection rules from labelled examples. Such examples are either attacks or normal situations. From this perspective the problem can be viewed as a supervised classification one. In this sense, this paper proposes the use of XCS as a classification technique to aid in the tasks of misuse detection in IDS systems. The final proposed XCS variant includes the use of hedged linguistic fuzzy classifiers to allow for interpretability. The use of this linguistic fuzzy approach provides with both the possibility of testing human designed detectors and a posteriori human fine tuning of the models obtained. To evaluate the performance not only several classic classification problems as Wine or Breast Cancer datasets are considered, but also a problem based on real data, the KDD-99. This latter problem, the KDD-99, is a classic in the literature of intrusion systems. It shows that with simple configurations the proposed variant obtains competitive results compared with other techniques shown in the recent literature. It also generates human interpretable knowledge, something very appreciated by security experts. In fact, this effort is integrated into a global detection architecture, where the security administrator is guiding part of the intrusion detection (and prevention) process.