Dynamic fuzzy rule interpolation and its application to intrusion detection

Fuzzy rule interpolation (FRI) offers an effective approach for making inference possible in sparse rule-based systems (and also for reducing the complexity of fuzzy models). However, requirements of fuzzy systems may change over time and hence, the use of a static rule base may affect the accuracy of FRI applications. Fortunately, an FRI system in action will produce interpolated rules in abundance during the interpolative reasoning process. While such interpolated results are discarded in existing FRI systems, they can be utilized to facilitate the development of a dynamic rule base in supporting subsequent inference. This is because the otherwise relinquished interpolated rules may contain possibly valuable information, covering regions that were uncovered by the original sparse rule base. This paper presents a dynamic fuzzy rule interpolation (D-FRI) approach by exploiting such interpolated rules in order to improve the overall system's coverage and efficacy. The resulting D-FRI system is able to select, combine, and generalize informative, frequently used interpolated rules for merging with the existing rule base while performing interpolative reasoning. Systematic experimental investigations demonstrate that D-FRI outperforms conventional FRI techniques, with increased accuracy and robustness. Furthermore, D-FRI is herein applied for network security analysis, in devising a dynamic intrusion detection system (IDS) through integration with the Snort software, one of the most popular open source IDSs. This integration, denoted as D-FRI-Snort hereafter, delivers an extra amount of intelligence to predict the level of potential threats. Experimental results show that with the inclusion of a dynamic rule base, by generalising newly interpolated rules based on the current network traffic conditions, D-FRI-Snort helps reduce both false positives and false negatives in intrusion detection

ВИЯВЛЕННЯ МЕРЕЖЕВИХ ВТОРГНЕНЬ З ВИКОРИСТАННЯМ АЛ-ГОРИТМІВ МАШИННОГО НАВЧАННЯ І НЕЧІТКОЇ ЛОГІКИ

Abstract. The study proposed a model of an intrusion detection system based on machine learning using feature selection in large data sets based on ensemble learning methods. Statistical tests and fuzzy rules were used to select the necessary features. When choosing a basic classifier, the behavior of 8 machine learning algorithms was investigated. The proposed system provided a reduction in intrusion detection time (up to 60%) and a high level of attack detection accuracy. The best classification results for all studied datasets were provided by tree-based classifiers: DesignTreeClassifier, ExtraTreeClassifier, RandomForestClassifier. With the appropriate setting, choosing Stacking or Bagging classifier for model training using all data sets provides a small increase in the classification accuracy, but significantly increases the training time (by more than an order of magnitude, depending on the base classifiers or the number of data subsets). As the number of observations in the training dataset increases, the effect of increasing training time becomes more noticeable. The best indicators in terms of learning speed were provided by the VotingClassifier, built on the basis of algorithms with maximum learning speed and sufficient classification accuracy. The training time of the classifier using FuzzyLogic practically does not differ from the training time of the voting classifier (approximately 10-15% more). The influence of the number of features on the training time of the classifiers and the VotingClassifier ensemble depends on the behavior of the base classifiers. For ExtraTreeClassifier, the training time is weakly dependent on the number of features. For DesignTree or KNeibors (and, as a result, for the Voting classifier in general), the training time increases significantly with the increase in the number of features. Reducing the number of features on all datasets affects the estimation accuracy according to the criterion of average reduction of classification errors. As long as the group of features in the training dataset contains the first in the list of features with the greatest influence, the accuracy of the model is at the initial level, but when at least one of the features with a large influence is excluded from the model, the accuracy of the model drops dramatically.Анотація. У дослідженні була запропонована модель системи виявлення вторгнень на основі машинного навчання з використанням вибору ознак у великих наборах даних на основі методів ансамблевого навчання. Для вибору необхідних ознак було використано статистичні тести та нечіткі правила. При виборі базового класифікатора було досліджено поведінку 8 алгоритмів машинного навчання. Запропонована система забезпечила скорочення часу виявлення вторгнень (до 60%) та високий рівень точності виявлення атак. Найкращі результати класифікації для усіх досліджених наборів даних забезпечили класифікатори на основі дерев: DecignTreeClassifier, ExtraTreeClassifier, RandomForestClassifier. При відповідному налаштуванні обрання Stacking або Bagging класифікатора для навчання моделі з використанням усіх наборів даних забезпечує невеличке підвищення точності класифікацій, але суттєво збільшує час навчання(більш ніж на порядок, в залежності від базових класифікаторів або кількості підмножин даних). При збільшенні кількості спостережень в наборі даних для навчання ефект зростання часу навчання стає більш помітним. Найкращі показники за швидкістю навчання забезпечив класифікатор VotingClassifier, побудований на базі алгоритмів з максимальною швидкістю навчання і достатньою точністю класифікації. Час навчання класифікатора з використанням FuzzyLogic практично не відрізняється від часу навчання вотуючого класифікатора (більше приблизно на 10-15%). Вплив кількості ознак на час навчання класифікаторів і ансамбля VotingClassifier залежить від поведінки базових класифікаторів. Для ExtraTreeClassifier час навчання слабко залежить від кількості ознак. Для DesignTree або KNeibors (і, як наслідок, для класифікатора Voting в цілому) час навчання помітно зростає зі збільшенням кількості ознак. Зменшення кількості ознак на усіх наборах даних впливає на точність оцінювання відповідно до критерію середнього зменшення помилок класифікації. Поки група ознак в наборі даних для навчання містить перши за списком ознаки з найбільшим впливом, точність моделі знаходиться на початковому рівні, але при виключенні з моделі хоча б однієї з ознак з великим впливом, точність моделі стрибкоподібно знижується

Dendritic Cell Algorithm with Optimised Parameters using Genetic Algorithm

Intrusion detection systems are developed with the abilities to discriminate between normal and anomalous traffic behaviours. The core challenge in implementing an intrusion detection systems is to determine and stop anomalous traffic behavior precisely before it causes any adverse effects to the network, information systems, or any other hardware and digital assets which forming or in the cyberspace. Inspired by the biological immune system, Dendritic Cell Algorithm (DCA) is a classification algorithm developed for the purpose of anomaly detection based on the danger theory and the functioning of human immune dendritic cells. In its core operation, DCA uses a weighted sum function to derive the output cumulative values from the input signals. The weights used in this function are either derived empirically from the data or defined by users. Due to this, the algorithm opens the doors for users to specify the weights that may not produce optimal result (often accuracy). This paper proposes a weight optimisation approach implemented using the popular stochastic search tool, genetic algorithm. The approach is validated and evaluated using the KDD99 dataset with promising results generated

Job Shop Planning and Scheduling for Manufacturers with Manual Operations

Job shop scheduling systems are widely employed to optimise the efficiency of machine utilisation in the manufacturing industry, by searching the most cost-effective permutation of job operations based on the cost of each operation on each compatible machine and the relations between job operations. Such systems are paralysed when the cost of operations are not predictable led by the involvement of complex manual operations. This paper proposes a new genetic algorithm-based job shop scheduling system by integrating a fuzzy learning and inference sub-system in an effort to address this limitation. In particular, the fuzzy sub-system adaptively estimates the completion time and thus cost of each manual task under different conditions based on a knowledge base which is initialised by domain experts and then constantly updated based on its built-in learning ability and adaptability. The manufacturer of Point of Sale and Point of Purchase products is taken in this paper as an example case for both theoretical discussion and experimental study. The experimental results demonstrate the promising of the proposed system in improving the efficiency of manual manufacturing operations

Adaptive ankle impedance control for bipedal robotic upright balance

Upright balance control is a fundamental skill of bipedal robots for various tasks that are usually performed by human beings. Conventional robotic control is often realized by developing accurate dynamic models using a series of fixed torque-ankle states, but their success is subject to accurate physical and kinematic models. This can be particularly challenging when external disturbing forces present, but this is common in unstructured robotic working environments, leading to ineffective robotic control. To address such limitation, this paper presents an adaptive ankle impedance control method with the support of the advances of adaptive fuzzy inference systems, by which the desired ankle torques are generated in real time to adaptively meet the dynamic control requirement. In particular, the control method is initialised with specific external disturbing forces first representing a general situation, which then evolves whilst performing in a real-world working environment by acting on the feedback from the control system. This is implemented by initialising a rule base for a typical situation, and then allowing the rule base to evolve to specific robotic working environments. This closed loop feedback and action mechanism timely and effectively configures the control system to meet the dynamic control requirements. The proposed control method was applied to a bipedal robot on a moving vehicle for system validation and evaluation, with robotic loads ranging from 0 to 1.65 kg and external disturbances in terms of vehicle acceleration ranging from 0.5 to 1.5 m/s, leading to robotic swing angles up to 7.6º and anti-disturbance timespans up to 8.5 s. These experimental results demonstrate the power of the proposed upright balance control method in improving the robustness, and thus applicability, of bipedal robots