A Combined Reasoning System for Knowledge Based Network Intrusion Detection
Published: 2019
Author(s) Name: Meseret Assefa and Million Meshesha |
Author(s) Affiliation: Addis Ababa University, Institute of Ethiopian Studies, Ethiopia.
Locked
Subscribed
Available for All
Abstract
In this study, a combination of rule based and case based reasoning for network intrusion detection is proposed. To this end, knowledge is extracted using data mining from sampled KDDcup‘99 intrusion data set. Both descriptive and predictive models are created using K-means clustering and JRip rule induction respectively. Descriptive model is used to design case-based reasoning and predictive model to construct rule-based reasoning. A conditional combination is used for controlling the reasoning between RBR and CBR. In the combined system, it is the RBR that first treat the new query for recommending a solution. If RBR is unable to recommend, the query is automatically forwarded to the CBR system where the case retrieval module identifies the most related solution using case similarity measure. The combination of rule-based and case-based reasoning methods has shown an average of 9.5% improvement with regards to performance over the individual reasoning methods. As a continuation of the intrusion detection, we are now working towards the development of a combined intrusion detection system that prevents intruders to enhance the performance of the system.
Keywords: Combination of CBR and RBR, Combined intrusion detection, Knowledge-based intrusion detection, Network intrusion detection.
View PDF