A RULE LEARNING APPROACH FOR BUILDING AN EXPERT SYSTEM TO DETECT NETWORK INTRUSIONS

Galal, Omar and Nasr, Ahmed and Rizkallah, Lydia (2023) A RULE LEARNING APPROACH FOR BUILDING AN EXPERT SYSTEM TO DETECT NETWORK INTRUSIONS. International Journal of Intelligent Computing and Information Sciences, 23 (1). pp. 106-114. ISSN 2535-1710

[thumbnail of IJICIS_Volume 23_Issue 1_Pages 106-114.pdf] Text
IJICIS_Volume 23_Issue 1_Pages 106-114.pdf - Published Version

Download (352kB)

Abstract

Network intrusion detection is the problem of detecting suspicious requests through networks. In recent years, many researchers focus on addressing this problem in the context of machine learning. Although machine learning algorithms are powerful, most of them lack the power of interpretability. Expert systems, on the other hand, are knowledge-based systems designed to simulate the problem-solving behavior of human experts. Expert systems possess the advantage of interpretability through an explanation mechanism that justifies its own line of reasoning, however, they need the availability of a domain expert. This paper proposes the use of rule learning approaches to gain the best of both fields, being interpretable as expert system and learnable through collected datasets without the need for explicit expertise. A separate and conquer rule learning approach is proposed for network intrusion detection. Our results show that the separate and conquer approach achieves a 0.99 weighted average F1-score on the test set which makes it very comparative to both decision trees and classical machine learning approaches. We also show that rules produced using separate and conquer are much simpler than decision trees and more interpretable.

Item Type: Article
Subjects: STM Digital Library > Computer Science
Depositing User: Unnamed user with email support@stmdigitallib.com
Date Deposited: 29 Jun 2023 04:28
Last Modified: 30 May 2024 07:06
URI: http://archive.scholarstm.com/id/eprint/1578

Actions (login required)

View Item
View Item