Skip to main content
SpringerLink
Log in

Unravelling Network-Based Intrusion Detection: A Neutrosophic Rule Mining and Optimization Framework

  • Conference paper
  • First Online:
Computer Security. ESORICS 2023 International Workshops (ESORICS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14399))

Included in the following conference series:

  • 265 Accesses

Abstract

The ever-increasing number of cyber-attacks thought the network is a real concern. It is of the utmost importance to reliably detect malicious network traffic, mitigating its impact on business continuity. Rule-based security measures are a very common security implementation that aims to protect critical infrastructure assets from cyber threats. However, it is extremely complicated to manage these systems, as one must identify the attacks signatures. This can be relatively easy if the threat is common, but unknown attacks require an expert analysis of the network’s traffic, which is much more complex. Extracting accurate and comprehensible rules from multiple sources of authentic data is crucial to attaining reliable classification knowledge that can be applied to many real-life scenarios. This paper presents the Rule Generator (RUGE) framework, which automates the rule mining and selection process using a genetic algorithm with a single-valued neutrosophic cross-entropy fitness operator. The capabilities of the developed framework were evaluated using the network traffic flows of the CICIDS2017 dataset. The obtained results show that in a network-based context, intrusion detection systems may benefit from rule mining to automate the knowledge acquisition process, being able to keep the attack signatures up-to-date. Moreover, smaller groups of rules can be selected to achieve a good balance between performance and interpretability. Therefore, in the network-based intrusion detection context, optimizing the rules extracted from multiple machine learning models with a genetic algorithm using a neutrosophic logic can be significantly advantageous.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Zhang, Y., Breslau, L., Paxson, V., Shenker, S.: On the characteristics and origins of internet flow rates. In: Proceedings of the 2002 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications - SIGCOMM 2002 (2002). https://doi.org/10.1145/633025

  2. Ozkan-Okay, M., Samet, R., Aslan, O., Gupta, D.: A comprehensive systematic literature review on intrusion detection systems. IEEE Access 9, 157727–157760 (2021). https://doi.org/10.1109/ACCESS.2021.3129336

    Article  Google Scholar 

  3. Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J.: Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity 2(1), 1–22 (2019). https://doi.org/10.1186/S42400-019-0038-7/FIGURES/8

    Article  Google Scholar 

  4. Waltl, B., Bonczek, G., Matthes, F.: Rule-based Information Extraction: Advantages, Limitations, and Perspectives, vol. 24, no. 2, p. 26 (2007)

    Google Scholar 

  5. Fallahi, N., Sami, A., Tajbakhsh, M.: Automated flow-based rule generation for network intrusion detection systems. In: 2016 24th Iranian Conference on Electrical Engineering, ICEE 2016, pp. 1948–1953 (2016). https://doi.org/10.1109/IranianCEE.2016.7585840

  6. Kong, H., Jong, C., Ryang, U.: Rare association rule mining for network intrusion detection, October 2016

    Google Scholar 

  7. Eesa, A.S., Sadiq, S., Hassan, M., Orman, Z.: Rule generation based on modified cuttlefish algorithm for intrusion detection S. Uludağ Univ. J. Faculty Eng. 26(1), 253–268 (2021). https://doi.org/10.17482/uumfd.747078

    Article  Google Scholar 

  8. Prentzas, J., Hatzilygeroudis, I.: Categorizing approaches combining rule-based and case-based reasoning. Expert. Syst. 24(2), 97–122 (2007). https://doi.org/10.1111/j.1468-0394.2007.00423.x

    Article  Google Scholar 

  9. Medsker, L.R., Bailey, D.L.: Models and guidelines for integrating expert systems and neural networks. In: Hybrid Architectures for Intelligent Systems, pp. 153–171 (2020). https://doi.org/10.1201/9781003068075-9

  10. Dias, T., Oliveira, N., Sousa, N., Praça, I., Sousa, O.: A hybrid approach for an interpretable and explainable intrusion detection system. In: Lecture Notes in Networks and Systems, vol. 418 LNNS, pp. 1035–1045. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-96308-8_96/COVER

  11. Dash, B., Farheen Ansari, M., Sharma, P., Ali, A.: Threats and opportunities with AI-based cyber security intrusion detection: a review. Int. J. Softw. Eng. Appl. (IJSEA) 13(5), 2022. https://doi.org/10.5121/ijsea.2022.13502

  12. Sadiku, M.N.O., Fagbohungbe, O.I., Musa, S.M., Perry, R.G.: Artificial intelligence in cyber security. Int. J. Eng. Res. Adv. Technol. https://doi.org/10.31695/IJERAT.2020.3612

  13. Smith, G.: The intelligent solution: automation, the skills shortage and cyber-security. Comp. Fraud Secur. 2018(8), 6–9 (2018). https://doi.org/10.1016/S1361-3723(18)30073-3

    Article  Google Scholar 

  14. Zhang, Z., al Hamadi, H., Damiani, E., Yeun, C.Y., Taher, F.: Explainable artificial intelligence applications in cyber security: state-of-the-art in research. IEEE Access 10, 93104–93139 (2022). https://doi.org/10.1109/ACCESS.2022.3204051

  15. Wang, M., Zheng, K., Yang, Y., Wang, X.: An explainable machine learning framework for intrusion detection systems. IEEE Access 8, 73127–73141 (2020). https://doi.org/10.1109/ACCESS.2020.2988359

    Article  Google Scholar 

  16. Fayyad, U., Piatetsky-Shapiro, G., Smyth, P.: From data mining to knowledge discovery in databases. AI Mag. 17(3), 37 (1996). https://doi.org/10.1609/AIMAG.V17I3.1230

    Article  Google Scholar 

  17. Mohan, L., Jain, S., Suyal, P., Kumar, A.: Data mining classification techniques for intrusion detection system. In: 2020 12th International Conference on Computational Intelligence and Communication Networks (CICN), Sep. 2020, pp. 351–355 (2020) https://doi.org/10.1109/CICN49253.2020.9242642

  18. Cano, A., Zafra, A., Ventura, S.: An interpretable classification rule mining algorithm. Inf. Sci. (N Y) 240, 1–20 (2013). https://doi.org/10.1016/J.INS.2013.03.038

    Article  Google Scholar 

  19. Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: ICISSP 2018 - Proceedings of the 4th International Conference on Information Systems Security and Privacy, vol. 2018-Janua, pp. 108–116 (2018). https://doi.org/10.5220/0006639801080116

  20. García, S., Fernández, A., Luengo, J., Herrera, F.: A study of statistical techniques and performance measures for genetics-based machine learning: accuracy and interpretability. Soft. Comput. 13(10), 959–977 (2009). https://doi.org/10.1007/s00500-008-0392-y

    Article  Google Scholar 

  21. Lu, H., Setiono, R., Liu, H.: NeuroRule: a connectionist approach to data mining (2017)

    Google Scholar 

  22. Tsumoto, S.: Mining diagnostic rules from clinical databases using rough sets and medical diagnostic model. Inform. Sci. Inform. Comp. Sci. Intell. Syst. Appl. Int. J. 162(2), 65–80 (2004). https://doi.org/10.1016/J.INS.2004.03.002

    Article  MathSciNet  Google Scholar 

  23. Vitorino, J., Andrade, R., Praça, I., Sousa, O., Maia, E.: A comparative analysis of machine learning techniques for IoT intrusion detection, pp. 191–207 (2022). https://doi.org/10.1007/978-3-031-08147-7_13

  24. Pintelas, E., Livieris, I.E., Pintelas, P.: A grey-box ensemble model exploiting black-box accuracy and white-box intrinsic interpretability. Algorithms 13(1), 17 (2020). https://doi.org/10.3390/a13010017

    Article  MathSciNet  Google Scholar 

  25. Gandhi, K.R., Karnan, M., Kannan, S.: Classification rule construction using particle swarm optimization algorithm for breast cancer data sets. In: 2010 International Conference on Signal Acquisition and Processing, ICSAP 2010, pp. 233–237 (2010). https://doi.org/10.1109/ICSAP.2010.58

  26. Islam, N., Abu, Farid, T.: Crime Prediction Using Classification Rule Mining (2018)

    Google Scholar 

  27. Al-Diabat, M.: Arabic text categorization using classification rule mining. Appl. Math. Sci. 6(81), 4033–4046 (2012)

    Google Scholar 

  28. Han, J., Kamber, M., Pei, J.: Data Mining. Concepts and Techniques, 3rd Edition (The Morgan Kaufmann Series in Data Management Systems) (2011)

    Google Scholar 

  29. Bo, L., Abbas, H.A., McKay, B.: Classification rule discovery with ant colony optimization. In: IEEE/WIC International Conference on Intelligent Agent Technology, 2003. IAT 2003, pp. 83–88 (2003) https://doi.org/10.1109/IAT.2003.1241052

  30. Wang, Z., Feng, B.: Classification rule mining with an improved ant colony algorithm. In: Lecture Notes in Artificial Intelligence (Subseries of Lecture Notes in Computer Science), vol. 3339, pp. 357–367 (2004).https://doi.org/10.1007/978-3-540-30549-1_32

  31. Wang, Z., Sun, X., Zhang, D.: Classification rule mining based on particle swarm optimization. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4062 LNAI, pp. 436–441 (2006). https://doi.org/10.1007/11795131_63

  32. Li, X., Qian, X., Wang, Z.: Classification rule mining using feature selection and genetic algorithm. In: PACIIA 2009 - 2009 2nd Asia-Pacific Conference on Computational Intelligence and Industrial Applications, vol. 2, pp. 107–110 (2009). https://doi.org/10.1109/PACIIA.2009.5406606

  33. Tsang, C.-H., Kwong, S., Wang, H.: Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection. Pattern Recogn. 40(9), 2373–2391 (2007). https://doi.org/10.1016/j.patcog.2006.12.009

    Article  Google Scholar 

  34. Dartigue, C., Jang, H.I., Zeng, W.: A new data-mining based approach for network intrusion detection. In: 2009 Seventh Annual Communication Networks and Services Research Conference, May 2009, pp. 372–377. https://doi.org/10.1109/CNSR.2009.64

  35. Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A Detailed Analysis of the KDD CUP 99 Data Set”

    Google Scholar 

  36. Almseidin, M., Alzubi, M., Kovacs, S., Alkasassbeh, M.: Evaluation of machine learning algorithms for intrusion detection system. In: 2017 IEEE 15th International Symposium on Intelligent Systems and Informatics (SISY), Sep. 2017, pp. 000277–000282. https://doi.org/10.1109/SISY.2017.8080566

  37. Liu, H., Lang, B.: Machine learning and deep learning methods for intrusion detection systems: a survey. Appl. Sci. 9(20), 4396 (2019). https://doi.org/10.3390/app9204396

    Article  Google Scholar 

  38. Oliveira, N., Praça, I., Maia, E., Sousa, O.: Intelligent cyber attack detection and classification for network-based intrusion detection systems. Appl. Sci. 11(4), 1674 (2021). https://doi.org/10.3390/app11041674

    Article  Google Scholar 

  39. Carneiro, J., Oliveira, N., Sousa, N., Maia, E., Praça, I.: Machine learning for network-based intrusion detection systems: an analysis of the CIDDS-001 dataset (2022), pp. 148–158. https://doi.org/10.1007/978-3-030-86261-9_15

  40. Hassan, M.M.M.: Current studies on intrusion detection system, genetic algorithm and fuzzy logic. Int. J. Distrib. Parallel Syst. (IJDPS) 4(2) (2013). https://doi.org/10.5121/ijdps.2013.4204

  41. Abdalla, A.: Different methodologies in treating uncertainty. In: IMSCI 2018 - 12th International Multi-Conference on Society, Cybernetics and Informatics, Proceedings, vol. 1, no. July, pp. 59–64 (2018)

    Google Scholar 

  42. Jain, A., Pal Nandi, B.: Intuitionistic and neutrosophic fuzzy logic: basic concepts and applications. Stud. Comput. Intell. 827, 3–18 (2020). https://doi.org/10.1007/978-3-030-34135-0_1/COVER

  43. Radwan, N., Senousy, M.B., Riad, A.E.D.M.: Neutrosophic logic approach for evaluating learning management systems. Neutrosophic Sets Syst. 11, 3–7 (2016)

    Google Scholar 

  44. Rivieccio, U.: Neutrosophic logics: prospects and problems. Fuzzy Sets Syst. 159(14), 1860–1868 (2008). https://doi.org/10.1016/j.fss.2007.11.011

    Article  MathSciNet  Google Scholar 

  45. Kavitha, B., Karthikeyan, D.S., Sheeba Maybell, P.: An ensemble design of intrusion detection system for handling uncertainty using Neutrosophic Logic Classifier. Knowl Based Syst. 28, 88–96 (2012). https://doi.org/10.1016/J.KNOSYS.2011.12.004

  46. Gardin, F., Gautier, R., Goix, N., Ndiaye, B., Schertzer, J.-M.: Skope-Rules Algorithm. https://skope-rules.readthedocs.io/en/latest/. Accessed 30 Sep 2022

  47. Loyola-Gonzalez, O.: Black-box vs. White-Box: understanding their advantages and weaknesses from a practical point of view. IEEE Access 7, 154096–154113 (2019). https://doi.org/10.1109/ACCESS.2019.2949286

    Article  Google Scholar 

  48. Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001). https://doi.org/10.1023/A:1010933404324

    Article  Google Scholar 

  49. Ye, J.: Single valued neutrosophic cross-entropy for multicriteria decision making problems. Appl. Math. Model. 38(3), 1170–1175 (2014). https://doi.org/10.1016/J.APM.2013.07.020

    Article  MathSciNet  Google Scholar 

  50. Sharafaldin, I., Lashkai, A.H., Ghorbani, A.A.: IDS 2017 | Datasets | Research | Canadian Institute for Cybersecurity | UNB. Canadian Institute for Cybersecurity (2018). https://www.unb.ca/cic/datasets/ids-2017.html

  51. Engelen, G., Rimmer, V., Joosen, W.: Troubleshooting an intrusion detection dataset: the CICIDS2017 case study. In: 2021 IEEE Security and Privacy Workshops (SPW), May 2021, pp. 7–12 (2021). https://doi.org/10.1109/SPW53761.2021.00009

  52. Lanvin, M., Gimenez, P.-F., Han, Y., Majorczyk, F., Mé, L., Totel, E.: Errors in the CICIDS2017 dataset and the significant differences in detection performances it makes, pp. 1–16 (2023). https://hal.science/hal-03775466

Download references

Acknowledgements

The present work was partially supported by the Norte Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, through the Fundo Europeu de Desenvolvimento Regional (FEDER), within project “Cybers SeC IP” (NORTE-01–0145-FEDER-000044). This work has also received funding from UIDB/00760/2020.

Author information

Authors and Affiliations

  1. School of Engineering, Polytechnic of Porto (ISEP/IPP), 4249-015, Porto, Portugal

    Tiago Fontes Dias, João Vitorino, Tiago Fonseca, Isabel Praça, Eva Maia & Maria João Viamonte

  2. Research Group On Intelligent Engineering and Computing for Advanced Innovation and Development (GECAD), 4249-015, Porto, Portugal

    Tiago Fontes Dias, João Vitorino, Isabel Praça, Eva Maia & Maria João Viamonte

Authors
  1. Tiago Fontes Dias
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. João Vitorino
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tiago Fonseca
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Isabel Praça
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Eva Maia
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Maria João Viamonte
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tiago Fontes Dias .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis Katsikas

  2. Norwegian Computing Center, Oslo, Norway

    Habtamu Abie

  3. University of Trento, Trento, Italy

    Silvio Ranise

  4. University of Genoa, Genoa, Italy

    Luca Verderame

  5. Consiglio Nazionale delle Ricerche (CNR), Genoa, Italy

    Enrico Cambiaso

  6. SINTEF A.S., Oslo, Norway

    Rita Ugarelli

  7. Instituto Superior de Engenharia do Porto, Porto, Portugal

    Isabel Praça

  8. Hong Kong Polytechnic University, Hong Kong, China

    Wenjuan Li

  9. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  10. University of Nottingham, Nottingham, UK

    Steven Furnell

  11. Norwegian University of Science and Technology, Gjøvik, Norway

    Basel Katt

  12. Norwegian Computing Center, Oslo, Norway

    Sandeep Pirbhulal

  13. Institute for Energy Technology (IFE), Halden, Norway

    Ankur Shukla

  14. University of Calabria, Rende, Italy

    Michele Ianni

  15. University of Verona, Verona, Italy

    Mila Dalla Preda

  16. The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  17. University of Lisbon, Lisbon, Portugal

    Miguel Pupo Correia

  18. University of Twente, Enschede, The Netherlands

    Abhishta Abhishta

  19. University of Amsterdam, Amsterdam, The Netherlands

    Giovanni Sileno

  20. Open University in the Netherlands, Heerlen, The Netherlands

    Mina Alishahi

  21. Robert Gordon University, Aberdeen, UK

    Harsha Kalutarage

  22. Osaka University, Osaka, Japan

    Naoto Yanai

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Dias, T.F., Vitorino, J., Fonseca, T., Praça, I., Maia, E., Viamonte, M.J. (2024). Unravelling Network-Based Intrusion Detection: A Neutrosophic Rule Mining and Optimization Framework. In: Katsikas, S., et al. Computer Security. ESORICS 2023 International Workshops. ESORICS 2023. Lecture Notes in Computer Science, vol 14399. Springer, Cham. https://doi.org/10.1007/978-3-031-54129-2_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-54129-2_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-54128-5

  • Online ISBN: 978-3-031-54129-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation