Research On Intrusion Detection System Based On Fuzzy Association Rules

With rapid development of the computer and network technology, computer network play an increasingly important role in our daily lives. Network security problems appeared, which is due to a computer network has advantages of the open, sharing and so on. Users and researchers have more focus on how to safeguard the security of the system. Intrusion detection is an important component in network security. Unlike traditional security technologies, intrusion detection technology is an active detection technology. It is a necessary complement of firewalls and other traditional technologies. Intrusion detection technology will greatly enhance the network security capabilities.Intrusion detection system (IDS) is based on data mining technology in this paper. Association rule mining which is a method of data mining reveals the hidden information and knowledge in a dataset. Based on categories of variables in the processing, association rules can be divided into Boolean association rules and quantitative association rules. As quantitative association rules are usually transformed into the Boolean one, it needs to partition the attributes domains. It causes the sharp boundary problem and the lost information. In this paper, a framework of intrusion detection system based on fuzzy association rules is proposed. Fuzzy set theory is used to the value of property converted to fuzzy interval, which makes the transition smoother interval and reduces the phenomenon of the lost boundaries information. In this framework, the classification engine, which is actually the core of the IDS, uses fuzzy association rules for building classifiers, and defines appropriate matching measures. Besides, membership functions based on Fuzzy C-Means (FCM) clustering algorithm are considered to have a trapezoidal shape. And a concept called association hyper-edge is used to the basis of item reduction. Experimental results show that not only detection rate is close to the best, but also false positive rate is kept at a minimum level. Generally, the proposed approach outperforms other methods.