Evolving Fuzzy Classifiers for Intrusion Detection - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

Evolving Fuzzy Classifiers for Intrusion Detection

Description:

TV(R) = TV(condition) * weight. Example: IF x is HIGH and y is LOW THEN ... land: symbolic. wrong_fragment: continuous. Overally 41 features class attribute. ... – PowerPoint PPT presentation

Number of Views:130
Avg rating:3.0/5.0
Slides: 22
Provided by: kin133
Category:

less

Transcript and Presenter's Notes

Title: Evolving Fuzzy Classifiers for Intrusion Detection


1
Evolving Fuzzy Classifiers for Intrusion
Detection
  • Jonatan Gomez
  • Dipankar Dasgupta
  • Presented By Sohraab Soltani

2
Intrusion Detection
  • Misuse Detection
  • Use signatures of known intrusions.
  • Low false alarm rate.
  • Unable to detect unknown attacks.
  • Anomaly Detection
  • Builds a profile based on system normal behavior.
  • Label any behavior that deviates from a normal
    distribution as anomaly.
  • Enable to detect unknown attacks.
  • High false alarm rate.

3
Overview
Training Data
Find Fuzzy Classifier Rules For normal and
abnormal behaviors
Label each data point as normal or abnormal
Data Flow
Trigger an alarm if it is abnormal
4
Fuzzy Logic
  • Classic An Object entirely in a set or not.
  • Fuzzy An object can partially be in a set.

5
Fuzzy Operators
6
Fuzzy Rule
  • Rule IF condition THEN consequence weight
  • TV(R) TV(condition) weight
  • Example IF x is HIGH and y is LOW THEN pattern
    is normal 0.4

7
A Fuzzy Classifier as an Intrusion Detector
8
Class Prediction
9
Steps to generate a fuzzy rule for class k using
GA
10
Representation of the condition part of the fuzzy
rule.
x is C or z is E and w is not D
11
Binary Tree representation
  • Free parenthesis expression
  • A or B and C and D or E.
  • Represents the logical expression
  • (((A or E) and C) or (B and D))
  • Can also be represented by complete tree

12
Genetic operators- Crossover
Because the crossover point was selected inside
nodes C and Y, then these nodes interchange their
code and create new fuzzy expressions H and M.
13
Genetic operators- Gene addition, deletion
14
Genetic operators- Mutation
15
Fitness Function Confusion Matrix
16
Fitness Function
17
KDDCUP DATASET
  • duration continuous.
  • protocol_type symbolic.
  • service symbolic.
  • flag symbolic.
  • src_bytes continuous.
  • dst_bytes continuous.
  • land symbolic.
  • wrong_fragment continuous.
  • Overally 41 features class attribute.

18
Experimental Settings
  • Normalize each continuous attribute.
  • A five-fold cross validation.
  • A genetic algorithm was initialized by 200 random
    chromosome.
  • Length of each chromosome is between one to six.
  • Maximum number of iteration is 200.
  • GA runs 5 times, one for each class.

19
Accuracy
20
ROC Curve
21
Conclusion
  • Curse of Dimensionality
  • As the dimension of the data increases, it
    impacts the performance of the algorithm.
  • Multimodality
  • It may possible that more than one normal pattern
    exist in a data set.
  • False alarm rate
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Evolving Fuzzy Classifiers for Intrusion Detection" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!