[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.4218/etrij.17.0116.0305

Network Intrusion Detection Based on Directed Acyclic Graph and Belief Rule Base

Zhang, Bang-Cheng (School of Mechatronic Engineering, Changchun University of Technology)
Hu, Guan-Yu (School of Information Science and Technology, Hainan Normal University)
Zhou, Zhi-Jie (High-Tech Institute of Xi'an)
Zhang, You-Min (Department of Information and Control Engineering, Xi'an University of Technology)
Qiao, Pei-Li (School of Computer Science and Technology, Harbin University of Science and Technology)
Chang, Lei-Lei (High-Tech Institute of Xi'an)

Publication Information

ETRI Journal / v.39, no.4, 2017 , pp. 592-604 More about this Journal

Abstract

Intrusion detection is very important for network situation awareness. While a few methods have been proposed to detect network intrusion, they cannot directly and effectively utilize semi-quantitative information consisting of expert knowledge and quantitative data. Hence, this paper proposes a new detection model based on a directed acyclic graph (DAG) and a belief rule base (BRB). In the proposed model, called DAG-BRB, the DAG is employed to construct a multi-layered BRB model that can avoid explosion of combinations of rule number because of a large number of types of intrusion. To obtain the optimal parameters of the DAG-BRB model, an improved constraint covariance matrix adaption evolution strategy (CMA-ES) is developed that can effectively solve the constraint problem in the BRB. A case study was used to test the efficiency of the proposed DAG-BRB. The results showed that compared with other detection models, the DAG-BRB model has a higher detection rate and can be used in real networks.

Keywords

Network intrusion detection; Belief rule base; Directed acyclic graph; Covariance matrix adaption evolution strategy; Evidential reasoning rule;

Citations & Related Records

Reference

1	N. Hansen and S. Kern, "Evaluating the CMA Evolution Strategy on Multimodal Test Functions," In Parallel Problem Solving from Nature - PPSN VIII, Springer, 2004, pp. 282-291.
2	N. Hansen, S.D. M€uller, and P. Koumoutsakos, "Reducing the Time Complexity of the Deran-Domized Evolution Strategy with Covariance Matrix Adaptation (CMA-ES)," Evolutionary Comput, vol. 11, no. 1, Mar. 2003, pp. 1-18. DOI
3	A. Auger and N. Hansen, "Benchmarking the (1+1)-CMAES on the BBOB-2009 Function Tested," In Proc. Genetic Evolutionary Comput. Conf., Montreal, Canada, July 8-12, 2009, pp. 2389-2396.
4	K. Wang and J.S. Salvatore, "Anomalous Payload Based Network Intrusion Detection," In Proc. Int. Symp. Recent Adv. Intrusion Detection, Sophia Antipolis, France, Sept. 15-17, pp. 203-222.
5	S.J. Stolfo, L. Wenke, and P.K. Chan, "Data Mining-Based Intrusion Detectors: An Overview of the Columbia IDS Project," ACM SIGMOD Record, vol. 30, no. 4, Dec. 2001, pp. 5-14. DOI
6	Z.J. Zhou et al., "Online Updating Belief-Rule-Base Using the RIMER Approach," IEEE Trans. Syst., Man, Cybern., Syst., vol. 41, no. 6, Nov. 2011, pp. 1225-1243. DOI
7	Y.W. Chen et al., "Identification of Uncertain Nonlinear Systems: Constructing Belief Rule-Based Models," Knowl-Based Syst., vol. 73, Jan. 2015, pp. 124-133. DOI
8	X. Xu and X.N. Wang, "An Adaptive Network Intrusion Detection Method Based on PCA and support Vector Machines," In Adv. Data Mining Applicat., Second Int. Conf., ADMA 2006, China, 2006, pp. 696-703.
9	Z.G. Liu et al., "Hybrid Classification System for Uncertain Data," IEEE Trans. Syst., Man, Cybern.: Syst., no. 99, Nov. 2016, pp. 1-8.
10	Z.G. Liu et al., "Credal c-means Clustering Method Based on Belief Functions," Knowl.-Based Syst., vol. 74, Jan. 2015, pp. 119-132. DOI
11	J.B. Jian, "A Superlinearly and Quadratically Convergent SQP Type Feasible Method for Constrained Optimization," Appl. Math. J. Chinese Univ. (B), vol. 15, 2000, pp. 319-332. DOI
12	S. Das and P.N. Suganthan, "Differential Evolution: A Survey of the State-of-the-Art," IEEE Trans. Evolut. Comput, vol. 15, 2011, pp. 4-31. DOI
13	J.M. Bonifacio et al., "Neural Networks Applied in Intrusion Detection," In Proc. Int. Joint Conf. Neural Netw., Anchorage, AK, USA, May 4-9, pp. 205-210.
14	T. BASS, "Intrusion Detection System and Multi-sensor Data Fusion: Creating Cyberspace Situation Awareness," Commun. ACM, vol. 43, no. 4, Apr. 2000, pp. 99-105. DOI
15	Y.H. Liu, D.X. Tian, and A.N. Wang, "ANNIDS: Intrusion Detection System Based on Artificial Neural Network," In IEEE Int. Conf. Mach. Learning Cybern., Xi'an, China, Nov. 5, 2003, pp. 1337-1342.
16	A.K. Ghosh and A. Schwartzbard, "A Study in Using Neural Networks for Anomaly and Misuse Detection," In Proc. USENIX Security Symp., Washington, D.C., USA, Aug. 23-26, 1999, pp. 141-152.
17	P. Xu et al., "Evidential Calibration of Binary SVM Classifiers," Int. J. Approximate Reasoning, vol. 72, May 2016, pp. 55-70. DOI
18	Z.G. Liu et al., "Hybrid Classification System for Uncertain Data," IEEE Trans. Syst., Man, Cybern.: Syst., no. 99, Nov. 2016, pp. 1-8.
19	Z.G. Liu et al., "Credal Classification Rule for Uncertain Data Based on Belief Functions," Pattern Recogn., vol. 47, no. 7, July 2014, pp. 2532-2541. DOI
20	C. Angdo and L. Gonzalez, "1-v-1 Tri-Class SV Machine," In Proc. Eur. Symp. Artif. Neural Netw., Bruges, Belgium, Apr. 23-25, 2003, pp. 355-360.
21	J.C. Platt, N. Cristianini, and J. Shawetaylor, "Large Margin DAGs for Multiclass Classification," In Advances in Neural Information Processing Systems 12, MIT Press, 2000, pp. 547-553.
22	F.J. Zhao et al., "A New Evidential Reasoning-Based Method for Online Safety Assessment of Complex Systems," IEEE Trans. Syst., Man Cybern.: Syst., no. 99, Dec. 2016, pp. 1-13.
23	B. Widrow et al., "Neural Network Application in Industry, Business and Science," Commun. ACM, vol. 37, no. 3, Mar. 1994, pp. 93-105. DOI
24	C. Cortes and V. Vapnik, "Support Vector Networks," Mach. Learn., vol. 20, no. 3, Sept. 1995, pp. 273-295. DOI
25	J.B. Yang and D.L. Xu, "Evidential Reasoning Rule for Evidence Combination," Artif. Intell., vol. 205, Dec. 2013, pp. 1-29. DOI
26	Z.J. Zhou et al., "Hidden Behavior Prediction of Complex Systems Under Testing Influence Based on Semiquantitative Information and Belief Rule Base" IEEE Trans. Fuzzy Syst., vol. 23, no. 6, Dec. 2015, pp. 2371- 2386. DOI
27	Z.J Zhou et al., "A New BRB-ER Based Model for Assessing the Life of Product Using Data Under Various Environments," IEEE Trans. Syst., Man Cybern.: Syst., Nov. 2016, vol. 46, no. 11, pp. 1529-1543. DOI
28	Z.G Zhou et al., "A Bi-Level Belief Rule Based Decision Support System for Diagnosis of Lymph Node Metastasis in Gastric caNcer," Knowl-Based Syst., vol. 54, Dec. 2013, pp. 128-136. DOI
29	G. Li et al., "A New Safety Assessment Model for Complex System Based on the Conditional Generalized Minimum Variance and the Belief Rule Base," Safety Sci., vol. 93, Mar. 2017, pp.108-120. DOI
30	J.B. Yang and D.L. Xu, "Introduction to the ER Rule for Evidence Combination," in Lecture Notes in Computer Science, vol. 7027, Springer, 2011, pp. 7-15.
31	N. Hansen, "The CMA Evolution Strategy: a Comparing Review," In Advances on Estimation of Distribution Algorithms, vol. 192, Springer, 2006, pp. 75-102.

3	(2019) Symmetry Key Feature Recognition Algorithm of Network Intrusion Signal Based on Neural Network and Support Vector Machine / 11 (3) , 380
None	(2017) Knowledge-based systems Online updating belief-rule-base using Bayesian estimation / 171 (None) , 93
6	(2017) The Journal of supercomputing A semantic approach to improving machine readability of a large-scale attack graph / 75 (6) , 3028
8	(2017) Enterprise information systems Health condition estimation of spacecraft key components using belief rule base / 15 (8) , 1107
None	(2017) Computers in biology and medicine AutoBRB: An automated belief rule base model for pathologic complete response prediction in gastric cancer / 140 (None) , 105104