Rule Mining Using Particle Swarm Optimization for Intrusion Detection Systems

Abstract

Traditional data mining techniques are commonly used to build the Intrusion Detection Systems IDSs. They are designed on the basis of some probabilistic methods that still do not take into account some of the important properties of each feature in the dataset. We believe that each feature in the dataset has its own crucial role for its characteristics, which should be taken into consideration. In this work, instead of using the traditional technique or applying feature selection methods we proposed max and min boundary mining approach to solve Anomaly Intrusion Detection System AIDS problem. The main idea of the proposed method is to handle each feature in the dataset independently extracting two important properties represented by max-boundary and min-boundary. First, Particle Swarm Optimization PSO is used to search for the optimal max and min boundary for each feature in each class from the train data set. Second, the generated max and min boundaries are used as detection rules in order to detect anomalies from normal behavior using test dataset. KDD Cup 99 and the new version of KDD Cup 99 called NSL-KDD datasets are used to test the proposed model and its performance is compared with four well-known techniques such as J48, Naïve Bayes, PART and SMO. In addition, performance is also compared with some recent work. Experiment results show that the proposed model is outperformed all other algorithms in all terms (true positive rate, false positive rate, f-measure, Recall, Precision, MCC and AUC).