Download presentation

Presentation is loading. Please wait.

Published byBailee Bovey Modified over 2 years ago

1
Fuzzy Learning Classifier System for Intrusion Detection Monu Bambroo

2
Motivation Total revenue losses in 2002 due to network breaches were about $10 billion. Computer security problem is inherently modeling in nature. Fuzzy logic is robust with respect to modeling imprecision and vagueness

3
Inductive Learning Inductive learning is learning by example. C4.5 program constructs classifiers in the form of a decision tree. Decision trees are sometimes too complex to understand. C4.5 re-expresses the classification model as production-rules.

4
Experimental Data Set KDD’99 dataset was used for the experiments. Each connection in the dataset is labeled as either normal or an attack type with exactly one specific attack type. Attacks fall into 4 main categories. – DOS – R2L – U2R – Probing R2L attack warez-master is our experimental attack- type.

5
Crisp Versus Fuzzy Sets Close 0 750 1500 Distance[mm] MediumFarμ Crisp Set Fuzzy Set 0 600 900 1350 1650 Distance[mm] μ CloseMediumFar

6
Fuzzy Inference Steps Input Fuzzification Implication Method Aggregation Defuzzification

7
Fuzzy Logic, How it works? Input Fuzzification

8
Fuzzy Logic, How it works? Volatility index = 0.6 Cyclomatic Complexity = 32 Rule across Antecedents

9
Quality Risk Fuzzy Logic, How it works? Volatility index = 0.6 Cyclomatic Complexity = 32 Implication method

10
Fuzzy Logic, How it works? Aggregation Quality Risk

11
Fuzzy Logic, How it works? Defuzzification

12
7 6 3 : 1 7 6 2 : 2 Fuzzy rules 02540normal. 073210normal. 2821582warezmaster. All Rules Match

13
NoClassifierStrengthMessageMatchedBidTax 1#010:0011200 0.1*200 = 20 2 #101:0001200 Env 0.2*200 = 400.1*200 = 20 3 ##01:0010200 Env 0.2*200 = 400.1*200 = 20 4 010#:0010200 Env 0.2*200 = 400.1*200 = 20 5 ##1#:1000200 0.1*200 = 20 6 #011:0100200 0.1*200 = 20 7 1###:0101200 0.1*200 = 20 Environment 00101

14
NoClassifierStrengthMessageMatchedBidTax 1 #010:0011180 0.1*180 = 18 2 #101:00011400001 0.1*140 = 14 3 ##01:0010140 2 0.2*140 = 280.1*140 = 14 4 010#:0010140 0.1*140 = 14 5 ##1#:1000180 0.1*180 = 18 6 #011:0100180 0.1*180 = 18 7 1###:0101180 0.1*180 = 18 Environment 120

15
NoClassifierStrengthMessageMatchedBidTax 1#010:0011162 3 0.2*162 = 32.40.1*162 = 16.2 2 #101:0001154 0.1*154 = 15.4 3 ##01:0010980010 0.1*98 = 9.8 4 010#:0010126 0.1*126 = 12.6 5 ##1#:10001623 0.2*162 = 32.40.1*162 = 16.2 6 #011:0100162 0.1*162= 16.2 7 1###:0101162 0.1*162 = 16.2 Environment 120

16
What is a ‘Learning Fuzzy Classifier System’ (LFCS) Learn rules where clauses are labels associated with fuzzy sets Each fuzzy set represents a membership function for a variable A Genetic algorithm operates on fuzzy sets evolving best solution

17
Comparing ‘LCS’ and ‘LFCS’ Matching Rule Activation Reinforcement Distribution Genetic Algorithm

18
Rule Base Representation Type 7 6 3 : 1 If (duration is 7) and (srcbytes is 6) and (hot is 3) then (attack is ware-master) (1)

19
Contd. Rules are represented using the ‘Michigan Approach’ Pittsburgh requires large amount of computational effort Genetic activity destroys local optimum In Michigan approach, genetic operator operate on single rules

20
Reinforcement Distribution Fuzzy Bucket Brigade Algorithm I.Compute the bid basing on action sets of active classifier II.Reduce strength of active classifiers by a quantity equal to its contribution to the bid III.Distribute the bid to classifier belonging to action set which led to reward.

21
Genetic Algorithm ‘Name’‘Description’ RepresentationInteger RecombinationOne-Point Crossover MutationUniform Mutation Mutation Probability70% Crossover Probability20% Parent SelectionRank Based Survival SelectionGenerational InitializationC4.5 heuristic Rules

22
Name='srcbytes' Range=[0 5135678] NumMFs=6 MF1='1':'trimf',[0 149.4455 245.9026] MF2='2':'trimf',[195.1873 232.6335 305.2674] MF3='3':'trimf',[288.2449 335.5554 352.726] MF4='4':'trimf',[335 479.0667 979.6835] MF5='5':'trimf',[872.45944836 976.71911992 1476407.9375] MF6='6':'trimf',[1003.3344398 4241231.9102 5135678] Input Input/Output for the System

23
Name='duration' Range=[0 29296] Num M F’s=8 MF1='1':'trimf',[0 3.9672 7.3611] MF2='2':'trimf',[2.84113 6.52038 11.4731] MF3='3':'trimf',[10 10.4385 13.2237] MF4='4':'trimf',[11.7093 14.9302 46.311] MF5='5':'trimf',[15.8705 37.2474 70] MF6='6':'trimf',[74.830436 780.36685 2422.6428] MF7='7':'trimf',[1225.35095 2561.29491 13717.8565] MF8='8':'trimf',[2576.6364 18682.0544 29296] Input

24
Name='hot' Range=[0 30] NumMFs=4 MF1='1':'trimf',[0 1.1054 8.8699] MF2='2':'trimf',[2.09904 11.0163 20.0822] MF3='3':'trimf',[16.0978 19.0139 26.1328] MF4='4':'trimf',[22.1838 26.9372 30] Input Input/Output for the System

25
Name='attack' Range=[0 1] NumMFs=3 MF1='normal':'trimf',[0 0.2 0.35] MF2='warezclient':'trimf',[0.35 0.5 0.65] MF3='warezmaster':'trimf',[0.65 0.797 1] Output Input/Output for the System

26
Results Number of RecordsPercentage of Records Negative Detection Missed Alarms 410 98.10 25.59 61014 Positive Detection False Alarms 1180 2 73.66 0.0048

Similar presentations

Presentation is loading. Please wait....

OK

4.5 Solve Quadratic Equations by Finding Square Roots

4.5 Solve Quadratic Equations by Finding Square Roots

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Urinary bladder anatomy and physiology ppt on cells Small ppt on aston martin Ppt on south african culture and traditions Ppt on live line maintenance usa Download ppt on transportation in plants Download ppt on query processing and optimization ppt Ppt on conservation of nonrenewable resources Ppt on abo blood grouping system Animated ppt on chemical bonding Ppt on regular expression tutorial