Improving Intrusion Detection by the Automated Generation of Detection Rules

Rule Based Detection Systems have been successful in preventing attacks on network resources, but suffer a problem in that they are not adaptable in cases where new attacks are made i.e. they need human intervention for investigating new attacks. This paper proposes the creation of a predictive intrusion detection model that is based on usage of classification techniques such as decision tree, Naïve Bayes, neural network, and fuzzy logic to generate new rules. The proposed model in this paper consists of two stages. The first stage uses either a Decision tree (J48 based on C4.5) or Naïve Bayes classifier based on the results obtained in experiments while the second stage is based on a hybrid module that uses both a neural network (MLP) and fuzzy logic. Training and evaluation phases used randomly selected connections in a subset of the KDD’99 intrusion detection data set. A selected set of features has been extracted from those connections using a subset evaluation algorithm. This paper shows how the proposed system has been trained detailing parameters that affect the training process; it also details results obtained in the evaluation process including detection and false positive rates.