An Innovative Two-Stage Fuzzy kNN-DST Classifier for Unknown Intrusion Detection
Xueyan Jing1, Yingtao Bi2, and Hai Deng1
1Department of Electrical and Computer Engineering, Florida International University, USA
2Feinberg School of Medicine, Northwestern University, USA
Abstract: Intrusion detection is the essential part of network security in combating against illegal network access or malicious attacks. Due to constantly evolving nature of network attacks, it has been a technical challenge for an Intrusion Detection System (IDS) to recognize unknown attacks or known attacks with inadequate training data. In this work, an innovative fuzzy classifier is proposed for effectively detecting both unknown attacks and known attacks with insufficient or inaccurate training information. A Fuzzy C-Means (FCM) algorithm is firstly employed to softly compute and optimise clustering centers of the training datasets with some degree of fuzziness counting for inaccuracy and ambiguity in the training data. Subsequently, a distance-weighted k-Nearest Neighbors (k-NN) classifier, combined with the Dempster Shafer Theory (DST) is introduced to assess the belief functions and pignistic probabilities of the incoming data associated with each of known classes. Finally, a two-stage intrusion detection scheme is implemented based on the obtained pignistic probabilities and their entropy function to determine if the input data are normal, one of the known attacks or an unknown attack. The proposed intrusion detection algorithm is evaluated through the application of the KDD’99 datasets and their variants containing known and unknown attacks. The experimental results show that the new algorithm outperforms other intrusion detection algorithms and is especially effective in detecting unknown attacks.
Keywords: Network security, intrusion detection, FCM, classifiers, DST.
Received June 10, 2014; accepted February 10, 2015