A RULE LEARNING APPROACH FOR BUILDING AN EXPERT SYSTEM TO DETECT NETWORK INTRUSIONS

Network intrusion detection is the problem of detecting suspicious requests through networks. In recent years, many researchers focus on addressing this problem in the context of machine learning. Although machine learning algorithms are powerful, most of them lack the power of interpretability. Expert systems, on the other hand, are knowledge-based systems designed to simulate the problem-solving behavior of human experts. Expert systems possess the advantage of interpretability through an explanation mechanism that justifies its own line of reasoning, however, they need the availability of a domain expert. This paper proposes the use of rule learning approaches to gain the best of both fields, being interpretable as expert system and learnable through collected datasets without the need for explicit expertise. A separate and conquer rule learning approach is proposed for network intrusion detection. Our results show that the separate and conquer approach achieves a 0.99 weighted average F1-score on the test set which makes it very comparative to both decision trees and classical machine learning approaches. We also show that rules produced using separate and conquer are much simpler than decision trees and more interpretable.