Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fuzzy Learning Classifier System for Intrusion Detection Monu Bambroo.

Similar presentations


Presentation on theme: "Fuzzy Learning Classifier System for Intrusion Detection Monu Bambroo."— Presentation transcript:

1 Fuzzy Learning Classifier System for Intrusion Detection Monu Bambroo

2 Motivation Total revenue losses in 2002 due to network breaches were about $10 billion. Computer security problem is inherently modeling in nature. Fuzzy logic is robust with respect to modeling imprecision and vagueness

3 Inductive Learning Inductive learning is learning by example. C4.5 program constructs classifiers in the form of a decision tree. Decision trees are sometimes too complex to understand. C4.5 re-expresses the classification model as production-rules.

4 Experimental Data Set KDD’99 dataset was used for the experiments. Each connection in the dataset is labeled as either normal or an attack type with exactly one specific attack type. Attacks fall into 4 main categories. – DOS – R2L – U2R – Probing R2L attack warez-master is our experimental attack- type.

5 Crisp Versus Fuzzy Sets Close Distance[mm] MediumFarμ Crisp Set Fuzzy Set Distance[mm] μ CloseMediumFar

6 Fuzzy Inference Steps  Input Fuzzification  Implication Method  Aggregation  Defuzzification

7 Fuzzy Logic, How it works? Input Fuzzification

8 Fuzzy Logic, How it works? Volatility index = 0.6 Cyclomatic Complexity = 32 Rule across Antecedents

9 Quality Risk Fuzzy Logic, How it works? Volatility index = 0.6 Cyclomatic Complexity = 32 Implication method

10 Fuzzy Logic, How it works? Aggregation Quality Risk

11 Fuzzy Logic, How it works? Defuzzification

12 7 6 3 : : 2 Fuzzy rules 02540normal normal warezmaster. All Rules Match

13 NoClassifierStrengthMessageMatchedBidTax 1#010: *200 = 20 2 #101: Env 0.2*200 = 400.1*200 = 20 3 ##01: Env 0.2*200 = 400.1*200 = #: Env 0.2*200 = 400.1*200 = 20 5 ##1#: *200 = 20 6 #011: *200 = ###: *200 = 20 Environment 00101

14 NoClassifierStrengthMessageMatchedBidTax 1 #010: *180 = 18 2 #101: *140 = 14 3 ##01: *140 = 280.1*140 = #: *140 = 14 5 ##1#: *180 = 18 6 #011: *180 = ###: *180 = 18 Environment 120

15 NoClassifierStrengthMessageMatchedBidTax 1#010: *162 = *162 = #101: *154 = ##01: *98 = #: *126 = ##1#: *162 = *162 = #011: *162= ###: *162 = 16.2 Environment 120

16 What is a ‘Learning Fuzzy Classifier System’ (LFCS) Learn rules where clauses are labels associated with fuzzy sets Each fuzzy set represents a membership function for a variable A Genetic algorithm operates on fuzzy sets evolving best solution

17 Comparing ‘LCS’ and ‘LFCS’ Matching Rule Activation Reinforcement Distribution Genetic Algorithm

18 Rule Base Representation Type : 1 If (duration is 7) and (srcbytes is 6) and (hot is 3) then (attack is ware-master) (1)

19 Contd. Rules are represented using the ‘Michigan Approach’ Pittsburgh requires large amount of computational effort Genetic activity destroys local optimum In Michigan approach, genetic operator operate on single rules

20 Reinforcement Distribution Fuzzy Bucket Brigade Algorithm I.Compute the bid basing on action sets of active classifier II.Reduce strength of active classifiers by a quantity equal to its contribution to the bid III.Distribute the bid to classifier belonging to action set which led to reward.

21 Genetic Algorithm ‘Name’‘Description’ RepresentationInteger RecombinationOne-Point Crossover MutationUniform Mutation Mutation Probability70% Crossover Probability20% Parent SelectionRank Based Survival SelectionGenerational InitializationC4.5 heuristic Rules

22 Name='srcbytes' Range=[ ] NumMFs=6 MF1='1':'trimf',[ ] MF2='2':'trimf',[ ] MF3='3':'trimf',[ ] MF4='4':'trimf',[ ] MF5='5':'trimf',[ ] MF6='6':'trimf',[ ] Input Input/Output for the System

23 Name='duration' Range=[ ] Num M F’s=8 MF1='1':'trimf',[ ] MF2='2':'trimf',[ ] MF3='3':'trimf',[ ] MF4='4':'trimf',[ ] MF5='5':'trimf',[ ] MF6='6':'trimf',[ ] MF7='7':'trimf',[ ] MF8='8':'trimf',[ ] Input

24 Name='hot' Range=[0 30] NumMFs=4 MF1='1':'trimf',[ ] MF2='2':'trimf',[ ] MF3='3':'trimf',[ ] MF4='4':'trimf',[ ] Input Input/Output for the System

25 Name='attack' Range=[0 1] NumMFs=3 MF1='normal':'trimf',[ ] MF2='warezclient':'trimf',[ ] MF3='warezmaster':'trimf',[ ] Output Input/Output for the System

26 Results Number of RecordsPercentage of Records Negative Detection Missed Alarms Positive Detection False Alarms


Download ppt "Fuzzy Learning Classifier System for Intrusion Detection Monu Bambroo."

Similar presentations


Ads by Google