This paper describes research in progress on the application of Neuro-Fuzzy (NF) to support large-scale network traffic dumps analysis in the domain of Network Security. In particular we focus on patterns of benign and malicious activity that can be found in network traffic dumps and can facilitate to firewall rules generation. We propose several improvements to the NF algorithm that results in proper handling of large-scale datasets, significantly reduces number of rules and yields a decreased complexity of the classification model. This includes better automated extraction of rules parameters as well as bootstrap aggregation for generalization. Experimental results show that such optimization gives a smaller number of rules, while the accuracy increases in comparison to existing approaches. In particular, it showed an accuracy of 98% when using only 39 rules.
In our research we contribute to forensics science and network security by bringing more generalized fuzzy rules. An increase in network communication over the last decade cause to appear such amount of data that can be related to Big Data due to its complexity. Application of Soft Computing methods, such that Neuro-Fuzzy may bring not only sufficient classification accuracy of normal and attack traffic, yet also facilitate in understanding traffic properties and developing a decision-support mechanism. In particular, we focus on network firewalls application.
SinghR., KumarH. and SinglaR., Review of soft computing in malware detection, Special Issues on IP Multimedia Communications1(1) (October 2011), 55-60.
2.
ShanmugavadivuR. and NagarajanN., Network intrusion detection system using fuzzy logic, Indian Journal of Computer Science and Engineering (2011).
ShalaginovA. and FrankeK., A new method for an optimal som size determination in neuro-fuzzy for the digital forensics applications, in: Advances in Computational Intelligence, Springer International Publishing, (2015), 549-563.
5.
DickersonJ.A. and KoskoB., Fuzzy function approximation with ellipsoidal rules, Trans Sys Man Cyber Part B26(4) (Aug 1996), 542-560.
6.
AlahakoonD., HalgamugeS. and SrinivasanB., A self-growing cluster development approach to data mining, in: Systems, Man, and Cybernetics, 1998 IEEE International Conference on3 (1998), 2901-2906.
7.
VesantoJ. and AlhoniemiE., Clustering of the self-organizing map, Neural Networks, IEEE Transactions on11(3) (2000), 586-600.
8.
MchughJ., Testing intrusion detection systems: A critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory, ACM Trans Inf Syst Secur3(4) (Nov 2000), 262-294.
9.
TavallaeeM., BagheriE., LuW. and GhorbaniA., A detailed analysis of the kdd cup 99 data set, in: Computational Intelligence for Security and Defense Applications, 2009 CISDA 2009 IEEE Symposium on (July 2009), 1-6.
GallagherB. and Eliassi-RadT., Classification of http attacks: A study on the ecml/pkdd 2007 discovery challenge, in: Center for Advanced Signal and Image Sciences (CASIS) Workshop, (2008).
12.
SinghH., Performance analysis of unsupervised machine learning techniques for network traffic classification, in: Advanced Computing Communication Technologies (ACCT), 2015 Fifth International Conference on, (Feb 2015), 401-404.
13.
MakiouA., BegricheY. and SerhrouchniA., Hybrid approach to detect sqli attacks and evasion techniques, in: Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2014 International Conference on, (Oct 2014), 452-456.
14.
Senel-KleineS., BoucheJ. and KappesM., On the usefulness of machine learning techniques in collaborative anomaly detection, in: Internet Technologies and Applications (ITA), 2015, (Sept 2015), 213-218.
15.
ZhaoS., ChandrashekarM., LeeY. and MedhiD., Real-time network anomaly detection system using machine learning, in: Design of Reliable Communication Networks (DRCN), 2015 11th International Conference on the, (March 2015), 267-270.
16.
HongY., HuangC., NandyB. and SeddighN., Iterative-tuning support vector machine for network traffic classification, in: Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on, (May 2015), 458-466.
17.
SinghJ. and NeneM.J., A survey on machine learning techniques for intrusion detection systems, International Journal of Advanced Research in Computer and Communication Engineering2(11) (2013).
18.
ZamaniM., Machine learning techniques for intrusion detection, 2013.
19.
ShafiqM.Z., FarooqM. and KhayamS.A., A comparative study of fuzzy inference systems, neural networks and adaptive neuro fuzzy inference systems for portscan detection, in: Applications of Evolutionary Computing, Springer (2008), 52-61.
20.
AguiarH., JuniorO. and MachadoM.A.S., Fuzzy firewalls, Revista Eletrônica de Sistemas de Informação, ISSN 1677-3071 doi: 10.5329/RESI5(2) (2006).
21.
NguyenL.A.T. and NguyenH.K., Phishing identification: An efficient neuro-fuzzy model without using rule sets, in: Control Conference (ASCC), 2015 10th Asian, (May 2015), 1-6.
22.
AmiriF., LucasC. and YazdaniN., Anomaly detection using neuro fuzzy system, World Acad Sci Eng Technol49 (2009), 889-896.
23.
CastellanoG., FanelliA.M. and MencarC., Discovering interpretable classification rules from neural processed data, Workshop AI*IA 2002 (2002).
24.
GactoM., AlcaláR. and HerreraF., Interpretability of linguistic fuzzy rule-based systems: An overview of interpretability measures, Information Sciences181(20) (2011), 4340-4360, special Issue on Interpretable Fuzzy Systems.
25.
ShalaginovA. and FrankeK., A new method of fuzzy patches construction in neuro-fuzzy for malware detection, in: IFSA-EUSFLAT, Atlantis Press, 2015.
26.
MarkT.C.K., BerensonL., LevineD.M., Basic Business Statistics, 11/E, Pearson, 2009.
27.
RossT., Fuzzy Logic with Engineering Applications, Wiley, 2009.
28.
KimH.M. and MendelJ., Fuzzy basis functions: Comparisons with other basis functions, Fuzzy Systems, IEEE Transactions on3(2) (May 1995), 158-168.
29.
PiegatA., Fuzzy Modeling and Control, Studies in Fuzziness and Soft Computing, Physica-Verlag HD, 2001.
30.
DongG. and BaileyJ., Contrast Data Mining: Concepts, Algorithms, and Applications, Chapman & Hall/CRC Data Mining and Knowledge Discovery Series, Taylor & Francis, 2012.
31.
DudoitS. and FridlyandJ., Bagging to improve the accuracy of a clustering procedure, Bioinformatics19(9) (2003), 1090-1099.
32.
ShalaginovA. and FrankeK., Automated generation of fuzzy rules from large-scale network traffic analysis in digital forensics investigations, in: 7th International Conference on Soft Computing and Pattern Recognition (SoCPaR 2015), IEEE (2015).
33.
WoodallS., Firewall design principles, Computer Networks and Computer Security Coursework Paper, North Carolina State University, USA (2004).
BayS.D., KiblerD.F., PazzaniM.J. and SmythP., The uci kdd archive of large data sets for data mining research and experimentation, SIGKDD Explorations2 (2000), 81.
36.
NguyenH., FrankeK. and PetrovicS., Improving effectiveness of intrusion detection by correlation feature selection, in: Availability, Reliability, and Security, 2010 ARES'10 International Conference on, IEEE (2010), 17-24.
37.
Boost C++ libraries, http://www.boost.org/, accessed: 16.12. 2015.
38.
Eigen - a C++ template library for linear algebra: Matrices, vectors, numerical solvers, and related algorithms, http://eigen.tuxfamily.org, accessed: 16.12.2015.
39.
Weka 3: Data mining software in java, http://www.cs.waikato.ac.nz/ml/weka/, accessed: 15.12. 2015.
40.
AbrahamA. and JainR., Soft computing models for network intrusion detection systems, in: Classification and Clustering for Knowledge Discovery, Springer (2005), 191-207.
41.
KononenkoI. and KukarM., Machine Learning and Data Mining: Introduction to Principles and Algorithms, Horwood Publishing, 2007.
