Galal, Omar and Nasr, Ahmed and Rizkallah, Lydia (2023) A RULE LEARNING APPROACH FOR BUILDING AN EXPERT SYSTEM TO DETECT NETWORK INTRUSIONS. International Journal of Intelligent Computing and Information Sciences, 23 (1). pp. 106-114. ISSN 2535-1710
IJICIS_Volume 23_Issue 1_Pages 106-114.pdf - Published Version
Download (352kB)
Abstract
Network intrusion detection is the problem of detecting suspicious requests through networks. In recent years, many researchers focus on addressing this problem in the context of machine learning. Although machine learning algorithms are powerful, most of them lack the power of interpretability. Expert systems, on the other hand, are knowledge-based systems designed to simulate the problem-solving behavior of human experts. Expert systems possess the advantage of interpretability through an explanation mechanism that justifies its own line of reasoning, however, they need the availability of a domain expert. This paper proposes the use of rule learning approaches to gain the best of both fields, being interpretable as expert system and learnable through collected datasets without the need for explicit expertise. A separate and conquer rule learning approach is proposed for network intrusion detection. Our results show that the separate and conquer approach achieves a 0.99 weighted average F1-score on the test set which makes it very comparative to both decision trees and classical machine learning approaches. We also show that rules produced using separate and conquer are much simpler than decision trees and more interpretable.
Item Type: | Article |
---|---|
Subjects: | STM Digital Library > Computer Science |
Depositing User: | Unnamed user with email support@stmdigitallib.com |
Date Deposited: | 29 Jun 2023 04:28 |
Last Modified: | 30 May 2024 07:06 |
URI: | http://archive.scholarstm.com/id/eprint/1578 |