GNP-based fuzzy class-association-rule mining with sub-attribute utilization

Network intrusion detection aims at distinguishing the attacks on the Internet from normal use of the Internet. It is an indispensable part of the information security system. Due to the variety of network behaviors and the rapid development of attack fashions, it is necessary to develop fast machine-learning-based intrusion detection algorithms with high detection rates and low false-alarm rates. In this correspondence, we propose a novel fuzzy class-association rule mining method based on genetic network programming (GNP) for detecting network intrusions. GNP is an evolutionary optimization technique, which uses directed graph structures instead of strings in genetic algorithm or trees in genetic programming, which leads to enhancing the representation ability with compact programs derived from the reusability of nodes in a graph structure. By combining fuzzy set theory with GNP, the proposed method can deal with the mixed database that contains both discrete and continuous attributes and also extract many important class association rules that contribute to enhancing detection ability. Therefore, the proposed method can be flexibly applied to both misuse and anomaly detection in network-intrusion-detection problems. An incomplete database includes missing data in some tuples; however, the proposed method can extract important rules using these tuples. The GNP-Based Fuzzy Class- Association-Rule Mining performs in existing data only it cannot newly added Intrusion. Therefore we present Intrusion Detection Systems based on analyzing process traces. It also include following steps in GNP-Based Fuzzy Class- Association-Rule Process data model as a mathematical representation of normal behavior Improving the process data model improves the model of normal behavior. It should represent the underlying truth of normalcy of the data Uses cluster centers or centroids Uses distances away from the centroids Convert the Data to the Training Data.