On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on Intrusion Detection Systems

Abstract

Security policies of information systems and networks are designed for maintaining the integrity of both the confidentiality and availability of the data for their trusted users. However, a number of malicious users analyze the vulnerabilities of these systems in order to gain unauthorized access or to compromise the quality of service. For this reason, Intrusion Detection Systems have been designed in order to monitor the system and trigger alerts whenever they found a suspicious event.Optimal Intrusion Detection Systems are those that achieve a high attack detection rate together with a small number of false alarms. However, cyber attacks present many different characteristics which make them hard to be properly identified by simple statistical methods. According to this fact, Data Mining techniques, and especially those based in Computational Intelligence, have been used for implementing robust and accuracy Intrusion Detection Systems.In this paper, we consider the use of Genetic Fuzzy Systems within a pairwise learning framework for the development of such a system. The advantages of using this approach are twofold: first, the use of fuzzy sets, and especially linguistic labels, enables a smoother borderline between the concepts, and allows a higher interpretability of the rule set. Second, the divide-and-conquer learning scheme, in which we contrast all possible pair of classes with aims, improves the precision for the rare attack events, as it obtains a better separability between a “normal activity” and the different attack types.The goodness of our methodology is supported by means of a complete experimental study, in which we contrast the quality of our results versus the state-of-the-art of Genetic Fuzzy Systems for intrusion detection and the C4.5 decision tree.