ETRI Journal

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

Network Intrusion Detection Based on Directed Acyclic Graph and Belief Rule Base

  • Zhang, Bang-Cheng (School of Mechatronic Engineering, Changchun University of Technology) ;
  • Hu, Guan-Yu (School of Information Science and Technology, Hainan Normal University) ;
  • Zhou, Zhi-Jie (High-Tech Institute of Xi'an) ;
  • Zhang, You-Min (Department of Information and Control Engineering, Xi'an University of Technology) ;
  • Qiao, Pei-Li (School of Computer Science and Technology, Harbin University of Science and Technology) ;
  • Chang, Lei-Lei (High-Tech Institute of Xi'an)
  • Received : 2016.05.12
  • Accepted : 2017.05.08
  • Published : 2017.08.01
Download PDF
⟨ Previous Next ⟩

Abstract

Intrusion detection is very important for network situation awareness. While a few methods have been proposed to detect network intrusion, they cannot directly and effectively utilize semi-quantitative information consisting of expert knowledge and quantitative data. Hence, this paper proposes a new detection model based on a directed acyclic graph (DAG) and a belief rule base (BRB). In the proposed model, called DAG-BRB, the DAG is employed to construct a multi-layered BRB model that can avoid explosion of combinations of rule number because of a large number of types of intrusion. To obtain the optimal parameters of the DAG-BRB model, an improved constraint covariance matrix adaption evolution strategy (CMA-ES) is developed that can effectively solve the constraint problem in the BRB. A case study was used to test the efficiency of the proposed DAG-BRB. The results showed that compared with other detection models, the DAG-BRB model has a higher detection rate and can be used in real networks.

Keywords

References

  1. T. BASS, "Intrusion Detection System and Multi-sensor Data Fusion: Creating Cyberspace Situation Awareness," Commun. ACM, vol. 43, no. 4, Apr. 2000, pp. 99-105. https://doi.org/10.1145/332051.332079
  2. Y.H. Liu, D.X. Tian, and A.N. Wang, "ANNIDS: Intrusion Detection System Based on Artificial Neural Network," In IEEE Int. Conf. Mach. Learning Cybern., Xi'an, China, Nov. 5, 2003, pp. 1337-1342.
  3. A.K. Ghosh and A. Schwartzbard, "A Study in Using Neural Networks for Anomaly and Misuse Detection," In Proc. USENIX Security Symp., Washington, D.C., USA, Aug. 23-26, 1999, pp. 141-152.
  4. J.M. Bonifacio et al., "Neural Networks Applied in Intrusion Detection," In Proc. Int. Joint Conf. Neural Netw., Anchorage, AK, USA, May 4-9, pp. 205-210.
  5. P. Xu et al., "Evidential Calibration of Binary SVM Classifiers," Int. J. Approximate Reasoning, vol. 72, May 2016, pp. 55-70. https://doi.org/10.1016/j.ijar.2015.05.002
  6. Z.G. Liu et al., "Hybrid Classification System for Uncertain Data," IEEE Trans. Syst., Man, Cybern.: Syst., no. 99, Nov. 2016, pp. 1-8.
  7. Z.G. Liu et al., "Credal Classification Rule for Uncertain Data Based on Belief Functions," Pattern Recogn., vol. 47, no. 7, July 2014, pp. 2532-2541. https://doi.org/10.1016/j.patcog.2014.01.011
  8. C. Angdo and L. Gonzalez, "1-v-1 Tri-Class SV Machine," In Proc. Eur. Symp. Artif. Neural Netw., Bruges, Belgium, Apr. 23-25, 2003, pp. 355-360.
  9. J.C. Platt, N. Cristianini, and J. Shawetaylor, "Large Margin DAGs for Multiclass Classification," In Advances in Neural Information Processing Systems 12, MIT Press, 2000, pp. 547-553.
  10. B. Widrow et al., "Neural Network Application in Industry, Business and Science," Commun. ACM, vol. 37, no. 3, Mar. 1994, pp. 93-105. https://doi.org/10.1145/175247.175257
  11. C. Cortes and V. Vapnik, "Support Vector Networks," Mach. Learn., vol. 20, no. 3, Sept. 1995, pp. 273-295. https://doi.org/10.1007/BF00994018
  12. J.B. Yang and D.L. Xu, "Evidential Reasoning Rule for Evidence Combination," Artif. Intell., vol. 205, Dec. 2013, pp. 1-29. https://doi.org/10.1016/j.artint.2013.09.003
  13. F.J. Zhao et al., "A New Evidential Reasoning-Based Method for Online Safety Assessment of Complex Systems," IEEE Trans. Syst., Man Cybern.: Syst., no. 99, Dec. 2016, pp. 1-13.
  14. Z.J. Zhou et al., "Hidden Behavior Prediction of Complex Systems Under Testing Influence Based on Semiquantitative Information and Belief Rule Base" IEEE Trans. Fuzzy Syst., vol. 23, no. 6, Dec. 2015, pp. 2371- 2386. https://doi.org/10.1109/TFUZZ.2015.2426207
  15. Z.J Zhou et al., "A New BRB-ER Based Model for Assessing the Life of Product Using Data Under Various Environments," IEEE Trans. Syst., Man Cybern.: Syst., Nov. 2016, vol. 46, no. 11, pp. 1529-1543. https://doi.org/10.1109/TSMC.2015.2504047
  16. Z.G Zhou et al., "A Bi-Level Belief Rule Based Decision Support System for Diagnosis of Lymph Node Metastasis in Gastric caNcer," Knowl-Based Syst., vol. 54, Dec. 2013, pp. 128-136. https://doi.org/10.1016/j.knosys.2013.09.001
  17. Y.W. Chen et al., "Identification of Uncertain Nonlinear Systems: Constructing Belief Rule-Based Models," Knowl-Based Syst., vol. 73, Jan. 2015, pp. 124-133. https://doi.org/10.1016/j.knosys.2014.09.010
  18. G. Li et al., "A New Safety Assessment Model for Complex System Based on the Conditional Generalized Minimum Variance and the Belief Rule Base," Safety Sci., vol. 93, Mar. 2017, pp.108-120. https://doi.org/10.1016/j.ssci.2016.11.011
  19. J.B. Yang and D.L. Xu, "Introduction to the ER Rule for Evidence Combination," in Lecture Notes in Computer Science, vol. 7027, Springer, 2011, pp. 7-15.
  20. N. Hansen, "The CMA Evolution Strategy: a Comparing Review," In Advances on Estimation of Distribution Algorithms, vol. 192, Springer, 2006, pp. 75-102.
  21. N. Hansen and S. Kern, "Evaluating the CMA Evolution Strategy on Multimodal Test Functions," In Parallel Problem Solving from Nature - PPSN VIII, Springer, 2004, pp. 282-291.
  22. N. Hansen, S.D. M€uller, and P. Koumoutsakos, "Reducing the Time Complexity of the Deran-Domized Evolution Strategy with Covariance Matrix Adaptation (CMA-ES)," Evolutionary Comput, vol. 11, no. 1, Mar. 2003, pp. 1-18. https://doi.org/10.1162/106365603321828970
  23. A. Auger and N. Hansen, "Benchmarking the (1+1)-CMAES on the BBOB-2009 Function Tested," In Proc. Genetic Evolutionary Comput. Conf., Montreal, Canada, July 8-12, 2009, pp. 2389-2396.
  24. K. Wang and J.S. Salvatore, "Anomalous Payload Based Network Intrusion Detection," In Proc. Int. Symp. Recent Adv. Intrusion Detection, Sophia Antipolis, France, Sept. 15-17, pp. 203-222.
  25. S.J. Stolfo, L. Wenke, and P.K. Chan, "Data Mining-Based Intrusion Detectors: An Overview of the Columbia IDS Project," ACM SIGMOD Record, vol. 30, no. 4, Dec. 2001, pp. 5-14. https://doi.org/10.1145/604264.604267
  26. Z.J. Zhou et al., "Online Updating Belief-Rule-Base Using the RIMER Approach," IEEE Trans. Syst., Man, Cybern., Syst., vol. 41, no. 6, Nov. 2011, pp. 1225-1243. https://doi.org/10.1109/TSMCA.2011.2147312
  27. X. Xu and X.N. Wang, "An Adaptive Network Intrusion Detection Method Based on PCA and support Vector Machines," In Adv. Data Mining Applicat., Second Int. Conf., ADMA 2006, China, 2006, pp. 696-703.
  28. Z.G. Liu et al., "Hybrid Classification System for Uncertain Data," IEEE Trans. Syst., Man, Cybern.: Syst., no. 99, Nov. 2016, pp. 1-8.
  29. Z.G. Liu et al., "Credal c-means Clustering Method Based on Belief Functions," Knowl.-Based Syst., vol. 74, Jan. 2015, pp. 119-132. https://doi.org/10.1016/j.knosys.2014.11.013
  30. J.B. Jian, "A Superlinearly and Quadratically Convergent SQP Type Feasible Method for Constrained Optimization," Appl. Math. J. Chinese Univ. (B), vol. 15, 2000, pp. 319-332. https://doi.org/10.1007/s11766-000-0057-9
  31. S. Das and P.N. Suganthan, "Differential Evolution: A Survey of the State-of-the-Art," IEEE Trans. Evolut. Comput, vol. 15, 2011, pp. 4-31. https://doi.org/10.1109/TEVC.2010.2059031

Cited by

  1. Key Feature Recognition Algorithm of Network Intrusion Signal Based on Neural Network and Support Vector Machine vol.11, pp.3, 2019, https://doi.org/10.3390/sym11030380
  2. Online updating belief-rule-base using Bayesian estimation vol.171, pp.None, 2017, https://doi.org/10.1016/j.knosys.2019.02.007
  3. A semantic approach to improving machine readability of a large-scale attack graph vol.75, pp.6, 2017, https://doi.org/10.1007/s11227-018-2394-6
  4. Health condition estimation of spacecraft key components using belief rule base vol.15, pp.8, 2017, https://doi.org/10.1080/17517575.2019.1670361
  5. AutoBRB: An automated belief rule base model for pathologic complete response prediction in gastric cancer vol.140, pp.None, 2017, https://doi.org/10.1016/j.compbiomed.2021.105104