Network intrusion detection using fuzzy class association rule mining based on genetic network programming

Computer systems are exposed to an increasing number and type of security threats due to the expanding of Internet in recent years. How to detect network intrusions effectively becomes an important techniques. This paper presents a novel fuzzy class association rule mining method based on Genetic Network Programming (GNP) for detecting network intrusions. GNP is an evolutionary optimization techniques, which uses directed graph structures as genes instead of strings (Genetic Algorithm) or trees (Genetic Programming), leading to creating compact programs and implicitly memorizing past action sequences. By combining fuzzy set theory with GNP, the proposed method can deal with the mixed database which contains both discrete and continuous attributes. And it can be flexibly applied to both misuse and anomaly detection in Network Intrusion Detection Problem. Experimental results with KDD99Cup and DAPRA98 databases from MIT Lincoln Laboratory show that the proposed method provides a competitively high detection rate compared with other machine learning techniques.