Intrusion detection method based on variable precision covering rough set

doi:10.11772/j.issn.1001-9081.2020060918

Journal of Computer Applications ›› 2020, Vol. 40 ›› Issue (12): 3465-3470.DOI: 10.11772/j.issn.1001-9081.2020060918

• 2020 China Conference on Granular Computing and Knowledge Discovery（CGCKD 2020） • Previous Articles Next Articles

Intrusion detection method based on variable precision covering rough set

OU Binli¹, ZHONG Xiaru¹, DAI Jianhua², YANG Tian²

1. School of Logistics and Transportation, Central South University of Forestry and Technology, Changsha Hunan 410004, China;
2. Hunan Provincial Key Laboratory of Intelligent Computing and Language Information Processing;(Hunan Normal University), Changsha Hunan 410081, China

Received:2020-06-12 Revised:2020-08-25 Online:2020-12-10 Published:2020-10-20
Supported by:
This work is partially supported by the National Natural Science Foundation of China （11201490， 61976089）， the China Postdoctoral Science Foundation （2017T100795）， the Natural Science Foundation of Hunan Province （2017JJ2408）， the Key Research and Development Program of Hunan Province （2018SK2129）， the Training Program for Excellent Young Innovators of Changsha （kq1905031）.

基于变精度覆盖粗糙集的入侵检测方法

欧彬利¹, 钟夏汝¹, 代建华², 杨田²

1. 中南林业科技大学物流与交通学院, 长沙 410004;
2. 智能计算与语言信息处理湖南省重点实验室(湖南师范大学), 长沙 410081

通讯作者: 杨田(1984-),女,湖北荆门人,副教授,博士,CCF会员,主要研究方向:粒计算、人工智能、数据挖掘。math_yangtian@126.com
作者简介:欧彬利(1993-),女,湖南永州人,硕士研究生,主要研究方向:粒计算、人工智能;钟夏汝(1994-),女,湖南常德人,硕士研究生,主要研究方向:粗糙集、数据挖掘;代建华(1977-),男,湖北荆州人,教授,博士,CCF会员,主要研究方向:粒计算、人工智能、数据挖掘
基金资助:
国家自然科学基金资助项目（11201490，61976089）；中国博士后科学基金资助项目（2017T100795）；湖南省自然科学基金资助项目（2017JJ2408）；湖南省重点研发计划项目（2018SK2129）；长沙市杰出创新青年培养计划项目（kq1905031）。

Abstract

Abstract: It is an important task for an Intrusion Detection System (IDS) to identify abnormal user behaviors accurately and quickly. In order to solve the problems of high dimensionality and large sample size of intrusion detection data, a related family attribute reduction method based on variable precision covering rough set was proposed, and was applied to the intrusion detection data. Firstly, the variable precision related families with condition attributes were generated based on the covering decision table. Then, a heuristic algorithm was used to obtain the attribute reduction of the decision table based on all the variable precision related families with condition attributes. Finally, the intrusion detection data was detected by combining with the classifier on the above basis. Experimental results show that, the proposed method has the low time complexity of calculating attribute reduction, and on large sample datasets, the running time of attribute reduction algorithm named Neighborhood Fuzzy Rough Sets (NFRS) based on fuzzy rough set dependency is 96 times of that of the proposed method. On the NSL-KDD dataset, the proposed method can identify key attributes quickly, eliminate invalid information, and has the overall accuracy reached 90.53% and the accuracy of Normal reached 97%.

Key words: rough set, variable precision covering rough set, attribute reduction, related family, intrusion detection

摘要： 精准且快速地识别异常用户行为是入侵检测系统（IDS）的重要任务。针对入侵检测数据维度高、样本量大的问题，提出了基于变精度覆盖粗糙集的相关族属性约简方法，并将其运用至入侵检测数据中。首先，基于覆盖决策表生成条件属性的变精度相关族；然后，在所有条件属性变精度相关族的基础上利用启发式算法求得决策表的属性约简；最后，在上述的基础上结合分类器对入侵检测数据进行检测。实验结果表明，所提方法具有计算属性约简时间短的优点，在大样本数据集上，基于模糊粗糙集依赖度的属性约简算法NFRS运行所需时长为该算法的96倍。在入侵检测数据集NSL-KDD上，该方法可快速识别关键属性，剔除无效信息，其整体准确率可达到90.53%，且对Normal的识别准确率可达到97%。

关键词: 粗糙集, 变精度覆盖粗糙集, 属性约简, 相关族, 入侵检测

CLC Number:

OU Binli, ZHONG Xiaru, DAI Jianhua, YANG Tian. Intrusion detection method based on variable precision covering rough set[J]. Journal of Computer Applications, 2020, 40(12): 3465-3470.

欧彬利, 钟夏汝, 代建华, 杨田. 基于变精度覆盖粗糙集的入侵检测方法[J]. 计算机应用, 2020, 40(12): 3465-3470.

References

[1] PAWLAK Z. Rough sets[J]. International Journal of Computer and Information Sciences,1982,11(5):341-356.
[2] BONIKOWSKI Z, BRYNIARSKI E, WYBRANIEC-SKARDOWSKA U. Extensions and intentions in the rough set theory[J]. Information Science, 1998, 107(1/2/3/4):149-167.
[3] DUBOIS D,PRADE H. Rough fuzzy sets and fuzzy rough sets[J]. International Journal of General Systems,1990,17(2/3):191-209
[4] ZIARKO W. Variable precision rough set model[J]. Journal of Computer and System Sciences,1993,46(1):39-59.
[5] 刘瑞新, 孙士保, 秦克云. 变精度覆盖粗糙集[J]. 计算机工程与应用, 2008, 44(12):47-50.(LIU R X,SUN S B,QIN K Y. On variable precision covering rough set[J]. Computer Engineering and Applications,2008,44(12):47-50.)
[6] ZHENG X,DAI J. A variable precision covering generalized rough set model[C]//Proceedings of the 6th International Conference on Rough Sets and Knowledge Technology, LNCS 6954. Berlin:Springer,2011:120-125.
[7] ZHAO S,TSANG E C C,CHEN D. The model of fuzzy variable precision rough sets[J]. IEEE Transactions on Fuzzy Systems, 2009,17(2):451-467.
[8] AGGARWAL M. Probabilistic variable precision fuzzy rough sets[J]. IEEE Transactions on Fuzzy Systems,2016,24(1):29-39.
[9] JENSEN R, SHEN Q. Fuzzy-rough attribute reduction with application to web categorization[J]. Fuzzy Sets and Systems, 2004,141(3):469-485.
[10] SKOWRON A,RAUSZER C. The discernibility matrices and functions in information systems[M]//SŁOWIŃSKI R. Intelligent Decision Support:Handbook of Applications and Advances in the Rough Set Theory, TDLD 11. Dordrecht:Springer, 1992:331-362.
[11] WANG C,HE Q,CHEN D,et al. A novel method for attribute reduction of covering decision systems[J]. Information Sciences, 2014,254:181-196.
[12] 王国胤, 于洪, 杨大春. 基于条件信息熵的决策表约简[J]. 计算机学报, 2002, 25(7):759-766.(WANG G Y,YU H,YANG D C. Decision table reduction based on conditional information entropy[J]. Chinese Journal of Computers, 2002, 25(7):759-766.)
[13] MI J,WU W,ZHANG W. Approaches to knowledge reduction based on variable precision rough set model[J]. Information Sciences,2004,159(3/4):255-272.
[14] CHEN R C,CHENG K F,HSIEH C F. Using rough set and support vector machine fornetwork intrusion detection[J]. International Journal of Network Security and Its Applications, 2009,1(1):1-13.
[15] ZHAO H. Intrusion detection ensemble algorithm based on bagging and neighborhood rough set[J]. International Journal of Security and Its Applications,2013,7(5):193-204.
[16] PANIGRAHI A,PATRA M R. Fuzzy rough classification models fornetwork intrusion detection[J]. Transactions on Machine Learning and Artificial Intelligence, 2016, 4(2):Article No. 1882.
[17] 刘金平, 张五霞, 唐朝晖, 等. 基于模糊粗糙集属性约简与GMM-LDA最优聚类簇特征学习的自适应网络入侵检测[J]. 控制与决策, 2019, 34(2):243-251.(LIU J P,ZHANG W X, TANG Z H,et al. Adaptivenetwork intrusion detection based on fuzzy rough set-based attribute reduction and GMM-LDA-based optimal cluster feature learning[J]. Control and Decision,2019, 34(2):243-251.)
[18] QIAN Y,LIANG J,PEDRYCZ W,et al. Positive approximation:An accelerator for attribute reduction in rough set theory[J]. Artificial Intelligence,2010,174(9/10):597-618.
[19] YANG T,LI Q,ZHOU B. Related family:a new method for attribute reduction of covering information systems[J]. Information Sciences,2013,228:175-191
[20] SHAKIBA A,HOOSHMANDASL M R. Data volume reduction in covering approximation spaces with respect to twenty-two types of covering based rough sets[J]. International Journal of Approximate Reasoning,2016,75:13-38
[21] TSANG E C C,CHEN D,YEUNG D S. Approximations and reducts with covering generalized rough sets[J]. Computers and Mathematics with Applications,2008,56(1):279-289
[22] HU Q,YU D,LIU J,et al. Neighborhood rough set based heterogeneous feature subset selection[J]. Information Sciences, 2008,178(18):3577-3594.
[23] WANG C,QI Y,SHAO M,et al. A fitting model for feature selection with fuzzy rough sets[J]. IEEE Transactions on Fuzzy Systems,2017,25(4):741-753.
[24] WANG C,HU Q,WANG X,et al. Feature selection based on neighborhood discrimination index[J]. IEEE Transactions on Neural Networks and Learning Systems,2018,29(7):2986-2999.

Intrusion detection method based on variable precision covering rough set

基于变精度覆盖粗糙集的入侵检测方法

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

[1]	ZHANG Shipeng, LI Yongzhong, DU Xiangtong. Intrusion detection model based on semi-supervised learning and three-way decision [J]. Journal of Computer Applications, 2021, 41(9): 2602-2608.
[2]	WANG Yue, JIANG Yiming, LAN Julong. Intrusion detection based on improved triplet network and K-nearest neighbor algorithm [J]. Journal of Computer Applications, 2021, 41(7): 1996-2002.
[3]	WANG Yao, SUN Guozi. Oversampling method for intrusion detection based on clustering and instance hardness [J]. Journal of Computer Applications, 2021, 41(6): 1709-1714.
[4]	ZHANG Quanlong, WANG Huaibin. Intrusion detection model based on combination of dilated convolution and gated recurrent unit [J]. Journal of Computer Applications, 2021, 41(5): 1372-1377.
[5]	WANG Xiaorong, ZHANG Yuzhao, ZHANG Zhenjiang. Selection of express freight transportation schemes based on rough set over two universes [J]. Journal of Computer Applications, 2021, 41(5): 1500-1505.
[6]	REN Xiaokui, LIU Pengfei, TAO Zhiyong, LIU Ying, BAI Lichun. Indoor intrusion detection based on direction-of-arrival estimation algorithm for single snapshot [J]. Journal of Computer Applications, 2021, 41(4): 1153-1159.
[7]	PENG Li, ZHANG Haiqing, LI Daiwei, TANG Dan, YU Xi, HE Lei. Imputation algorithm for hybrid information system of incomplete data analysis approach based on rough set theory [J]. Journal of Computer Applications, 2021, 41(3): 677-685.
[8]	WANG Lei. Network intrusion detection method based on improved rough set attribute reduction and K-means clustering [J]. Journal of Computer Applications, 2020, 40(7): 1996-2002.
[9]	CHENG Xiaohui, NIU Tong, WANG Yanjun. Wireless sensor network intrusion detection system based on sequence model [J]. Journal of Computer Applications, 2020, 40(6): 1680-1684.
[10]	ZHANG Wu, CHEN Hongmei. Hyperspectral band selection based on multi-kernelized fuzzy rough set and grasshopper optimization algorithm [J]. Journal of Computer Applications, 2020, 40(5): 1425-1430.
[11]	ZHANG Xiajie, ZHU Jinghua, CHEN Yang. Distributed rough set attribute reduction algorithm under Spark [J]. Journal of Computer Applications, 2020, 40(2): 518-523.
[12]	LI Zhongwei, TAN Kai, GUAN Yadong, JIANG Wenqi, YE Lin. In-vehicle CAN bus-off attack and its intrusion detection algorithm [J]. Journal of Computer Applications, 2020, 40(11): 3224-3228.
[13]	LI Ziying, SHI Zhenguo. Scheduling method for big data tasks [J]. Journal of Computer Applications, 2020, 40(10): 2923-2928.
[14]	ZHANG Wu, CHEN Hongmei. Hyperspectral band selection algorithm based on kernelized fuzzy rough set [J]. Journal of Computer Applications, 2020, 40(1): 258-263.
[15]	CHI Yaping, MO Chongwei, YANG Yintan, CHEN Chunxia. Design and implementation of intrusion detection model for software defined network architecture [J]. Journal of Computer Applications, 2020, 40(1): 116-122.