Intrusion Detection Mechanism Using Fuzzy Rule Interpolation

TL;DR

This paper explores the application of Fuzzy Rule Interpolation (FRI) in intrusion detection systems, demonstrating its competitive detection performance and adaptability for identifying DDoS attacks with reduced false positives.

Contribution

It introduces the use of FRI in IDS for DDoS attack detection, showing its effectiveness and ease of integrating expert knowledge compared to traditional classification methods.

Findings

FRI-based IDS achieves detection rates comparable to other classifiers.

FRI outperforms SVM in detection rate on the test dataset.

The FRI system reduces false positive rates in intrusion detection.

Abstract

Fuzzy Rule Interpolation (FRI) methods can serve deducible (interpolated) conclusions even in case if some situations are not explicitly defined in a fuzzy rule based knowledge representation. This property can be beneficial in partial heuristically solved applications; there the efficiency of expert knowledge representation is mixed with the precision of machine learning methods. The goal of this paper is to introduce the benefits of FRI in the Intrusion Detection Systems (IDS) application area, in the design and implementation of the detection mechanism for Distributed Denial of Service (DDOS) attacks. In the example of the paper as a test-bed environment an open source DDOS dataset and the General Public License (GNU) FRI Toolbox was applied. The performance of the FRI-IDS example application is compared to other common classification algorithms used for detecting DDOS attacks on the same open source test-bed environment. According to the results, the overall detection rate of the FRI-IDS is in pair with other methods. On the example dataset it outperforms the detection rate of the support vector machine algorithm, whereas other algorithms (neural network, random forest and decision tree) recorded lightly higher detection rate. Consequently, the FRI inference system could be a suitable approach to be implemented as a detection mechanism for IDS; it effectively decreases the false positive rate value. Moreover, because of its fuzzy rule base knowledge representation nature, it can easily adapt expert knowledge, and also be-suitable for predicting the level of degree for threat possibility.