Intrusion Detection Based on Rule Extraction from Dynamic Cell Structure Neural Networks

Abstract

Knowledge embedded within artificial neural networks (ANNs) is distributed over the connections and weights of neurons. So, the user considers ANN as a black box system. There are many researches investigating the area of rule extraction by ANNs. In this paper, a dynamic cell structure (DCS) neural network and a modified version of LERX algorithm are used for rule extraction. On the other hand, intrusion detection system (IDS) is known as a critical technology to secure computer networks. So, the proposed algorithm is used to develop IDS and classify the patterns of intrusion. To compare the performance of the proposed system with other machine learning algorithms, multi-layer perceptron (MLP) with output weight optimization-hidden weight optimization (OWO-HWO) training algorithm is employed with selected inputs based on the results of a feature relevance analysis. Empirical results show the superior performance of the IDS based on rule extraction from DCS, in recognizing hard-detectable attack categories, e.g. userto-root (U2R) and also offering competitive false alarm rate (FAR). Although, MLP with 25 selected input features, instead of 41 standard features introduced by knowledge discovery and data mining group (KDD), performs better in terms of detection rate (DR) and cost per example (CPE) when compared with some other machine learning methods, as well.