Journal of Network and Information Security

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

A Combined Reasoning System for Knowledge Based Network Intrusion Detection


Affiliations
1 Addis Ababa University, Institute of Ethiopian Studies, Ethiopia
2 Addis Ababa University, School of Information Science, Ethiopia
     

   Subscribe/Renew Journal


In this study, a combination of rule based and case based reasoning for network intrusion detection is proposed. To this end, knowledge is extracted using data mining from sampled KDDcup‘99 intrusion data set. Both descriptive and predictive models are created using K-means clustering and JRip rule induction respectively. Descriptive model is used to design case-based reasoning and predictive model to construct rule-based reasoning. A conditional combination is used for controlling the reasoning between RBR and CBR. In the combined system, it is the RBR that first treat the new query for recommending a solution. If RBR is unable to recommend, the query is automatically forwarded to the CBR system where the case retrieval module identifies the most related solution using case similarity measure. The combination of rule-based and case-based reasoning methods has shown an average of 9.5% improvement with regards to performance over the individual reasoning methods. As a continuation of the intrusion detection, we are now working towards the development of a combined intrusion detection system that prevents intruders to enhance the performance of the system.

Keywords

Combination of CBR and RBR, Combined Intrusion Detection, Knowledge-Based Intrusion Detection, Network Intrusion Detection.
Subscription Login to verify subscription
User
Notifications
Font Size



  • A Combined Reasoning System for Knowledge Based Network Intrusion Detection

Abstract Views: 359  |  PDF Views: 0

Authors

Meseret Assefa
Addis Ababa University, Institute of Ethiopian Studies, Ethiopia
Million Meshesha
Addis Ababa University, School of Information Science, Ethiopia

Abstract


In this study, a combination of rule based and case based reasoning for network intrusion detection is proposed. To this end, knowledge is extracted using data mining from sampled KDDcup‘99 intrusion data set. Both descriptive and predictive models are created using K-means clustering and JRip rule induction respectively. Descriptive model is used to design case-based reasoning and predictive model to construct rule-based reasoning. A conditional combination is used for controlling the reasoning between RBR and CBR. In the combined system, it is the RBR that first treat the new query for recommending a solution. If RBR is unable to recommend, the query is automatically forwarded to the CBR system where the case retrieval module identifies the most related solution using case similarity measure. The combination of rule-based and case-based reasoning methods has shown an average of 9.5% improvement with regards to performance over the individual reasoning methods. As a continuation of the intrusion detection, we are now working towards the development of a combined intrusion detection system that prevents intruders to enhance the performance of the system.

Keywords


Combination of CBR and RBR, Combined Intrusion Detection, Knowledge-Based Intrusion Detection, Network Intrusion Detection.

References