Authors : Hayri Sever and Ahmed Nasser
Abstract: Intrusion detection is considered as a remarkable approach used in network and computer security. In this study, we proposed a host based IDS architecture that exploits the adaptive aspect of machine learning mechanisms and rough set theory. The proposed IDS architecture involves using new feature extraction method based on statistical measures which generate a training dataset with less feature space compared to the ones generated by traditional methods used in literature. The proposed IDS architecture also utilizes the principles of rough set theory in term of attribute reduction techniques. Two variations of rough set attribute reduction (Crisp and fuzzy) are considered to reduce the feature space by removing redundant and irrelative attributes which leads to improving the system performance. Rough Set Classification (RSC) approach is used to generate the IDS decision model by taking the form of “IF-THEN” rules using MODLEM rule induction algorithm. Our test and comparison of RSC with four standard classification methods showed that the RSC yielded highly accurate results in the term of F-score. The test experiments also show the impact of the attribute reduction method on increasing the classification accuracy.
Hayri Sever and Ahmed Nasser, 2019. Host-Based Intrusion Detection Architecture Based on Rough Set Theory and Machine Learning. Journal of Engineering and Applied Sciences, 14: 415-422.