Ontology-Based Layered Rule-Based Network Intrusion Detection System for Cybercrimes Detection

The need to secure Internet applications on global networks has become an important task due to the ever-increasing cybercrimes. A common technique for identifying intrusions in computer networks is the Network Intrusion Detection System (NIDS). Several Intrusion Detection Systems have been proposed previously, but these systems are still limited in detection and error rates. Additionally, most of the detection techniques used a set of static rules and manual taxonomies for the detection of intrusions. In this study, a layered rule-based NIDS using ontology was developed. The study adapted a layered attribute evaluator approach to choose the best attributes for NIDS. In order to automatically construct the rules for intrusion detection, the chosen attributes were trained with a classification tree. The created rules are then introduced into the Protégé software for the ontology classification of NIDS. In contrast with taxonomies, the generated ontology provides comprehensive definitions of the concepts inside the NIDS domain that are machine interpretable and illustrates the relationships between the concepts. The findings revealed that the developed approach has 97.431% accuracy, 97.48% precision, 97.41% recall, and 97.41% F1-score on the original dataset. Similarly, the developed approach reported 98.21% accuracy, 98.21% precision, 98.21% recall, and 98.21% F1-score on the reduced dataset. These results demonstrated that the developed approach outperformed the other similar approaches on both the original and reduced datasets. The developed approach also showed better training time compared to the other related approaches.