Enhanced Adaptive Neuro-Fuzzy Inference System Classification Method for Intrusion Detection

Jia, Liu (2024) Enhanced Adaptive Neuro-Fuzzy Inference System Classification Method for Intrusion Detection. PhD thesis, Universiti Malaysia Sarawak.

	PDF Thesis PhD_Liu Jia - 24 pages.pdf Download (342kB)
	PDF Thesis PhD_Liu Jia.dsva.pdf Restricted to Repository staff only Download (799kB)
	PDF (Please get the password by email to repository@unimas.my , or call ext: 3942 / 3973 / 3933) Thesis PhD_Liu Jia.ftext.pdf Restricted to Registered users only Download (2MB)

Abstract

Nowadays, the rapid advancement of technologies such as e-commerce, mobile payments, cloud computing, big data and analytics, IoT, AI, machine learning, and social media has greatly contributed to economic growth. However, it has also resulted in an increased frequency of cyberattacks. In order to ensure network security, intrusion detection has become a crucial technology. However, due to the inherent uncertainty in distinguishing between normal and abnormal behaviours, intrusion detection problems can be considered as fuzzy classification problems. Many traditional classification methods are inadequate in handling this fuzziness, leading to suboptimal performance in intrusion detection. To address this issue, the Adaptive-Network-based Fuzzy Inference System (ANFIS) has emerged as a promising approach. ANFIS combines the uncertainty processing ability of fuzzy logic with the learning process of Neural Networks (NNs). It has demonstrated excellent performance in various domains, including intrusion detection. However, due to the constraint of having only 5 layers, ANFIS is unable to identify higher-level and more abstract representations of the data. To address this problem, this study first uses CART (Classification and Regression Tree) to enhance the depth of ANFIS, providing a deeper and interpretable hybrid architecture. The method is then compared to single CART, single ANFIS, BPNN, GA-ANFIS, PSO-ANFIS, and CSO-ANFIS. The results demonstrate a detection rate of 99.86% and a false alarm rate of 0.14% on the intrusion detection dataset, KDDTrain+, which is one of the most widely used benchmark datasets. The proposed method outperforms CSO-ANFIS by exhibiting a 4.06% higher detection rate (improving from 95.80%) and a 2.31% lower false alarm rate (compared to 3.45%). On the KDDTest+ dataset, the proposed method also outperforms single CART and ANFIS in terms of various metrics other than precision. Since the CART tree is a binary tree, it can only represent the relationship between data through a split based on a single attribute at a single tree node. Therefore, this binary tree cannot analyse complex features of mixed attributes and restricts the CART tree's deep-level feature recognition ability. Although the combination of ANFIS and CART provides deeper feature recognition for ANFIS, it still lacks the ability to recognize deep-level features and mixed-attribute features due to the limitations of both ANFIS and CART. Therefore, deep-level feature analysis, recognizing complex and mixed factors, has essential research value and significance for improving the efficiency and accuracy of intrusion detection. This study further enhances the depth of ANFIS and identifies deep features by using the ResNet (Residual Network) with ANFIS. The proposed hybrid model is able to deepen the structure of ANFIS and provide a deep and hybrid architecture. A comparison study with the proposed method with MVO-ANN, FC-ANN, DN, CSO-ANFIS, single ANFIS and single ResNet is conducted. The results show improved performance with a 10.68% better detection rate (improving from 88.2%) and a 10.68% lower false alarm rate (compared to 11.79%) than a single ANFIS. Furthermore, the proposed method outperforms MVO-ANN, FC-ANN, DN, CSO-ANFIS, single ANFIS, and single ResNet in terms of detection rate, F1-score, and recall rate. Additionally, standard deviation and proposed adaptive K-means algorithms have been employed to minimize the generated rules by ANFIS from the proposed hybrid models. This approach can dynamically minimize the interval number of each continuous attribute. As a result, the number of fuzzy rules generated by ANFIS is reduced, subsequently improving the training and prediction efficiency of the proposed hybrid models.

Actions (For repository members only: login required)

View Item