Share Email Print
cover

Proceedings Paper

A new framework for intrusion detection based on rough set theory
Author(s): Zhijun Li; Yu Wu; Guoyin Wang; Yongjun Hai; Yunpeng He
Format Member Price Non-Member Price
PDF $14.40 $18.00
cover GOOD NEWS! Your organization subscribes to the SPIE Digital Library. You may be able to download this paper for free. Check Access

Paper Abstract

Intrusion detection is an essential component of critical infrastructure protection mechanism. Since many current IDSs are constructed by manual encoding of expert knowledge, it is time-consuming to update their knowledge. In order to solve this problem, an effective method for misuse intrusion detection with low cost and high efficiency is presented. This paper gives an overview of our research in building a detection model for identifying known intrusions, their variations and novel attacks with unknown natures. The method is based on rough set theory and capable of extracting a set of detection rules from network packet features. After getting a decision table through preprocessing raw packet data, rough-set-based reduction and rule generation algorithms are applied, and useful rules for intrusion detection are obtained. In addition, a rough set and rule-tree-based incremental knowledge acquisition algorithm is presented in order to solve problems of updating rule set when new attacks appear. Compared with other methods, our method requires a smaller size of training data set and less effort to collect training data. Experimental results demonstrate that our system is effective and more suitable for online intrusion detection.

Paper Details

Date Published: 12 April 2004
PDF: 9 pages
Proc. SPIE 5433, Data Mining and Knowledge Discovery: Theory, Tools, and Technology VI, (12 April 2004); doi: 10.1117/12.540951
Show Author Affiliations
Zhijun Li, Chongqing Univ. of Posts and Telecommunications (China)
Yu Wu, Chongqing Univ. of Posts and Telecommunications (China)
Guoyin Wang, Chongqing Univ. of Posts and Telecommunications (China)
Yongjun Hai, Chongqing Univ. of Posts and Telecommunications (China)
Yunpeng He, Chongqing Univ. of Posts and Telecommunications (China)


Published in SPIE Proceedings Vol. 5433:
Data Mining and Knowledge Discovery: Theory, Tools, and Technology VI
Belur V. Dasarathy, Editor(s)

© SPIE. Terms of Use
Back to Top