Intrusion Detection Mechanism Using Fuzzy Rule Interpolation

Fuzzy Rule Interpolation (FRI) methods can serve deducible (interpolated) conclusions even in case if some situations are not explicitly defined in a fuzzy rule based knowledge representation. This property can be beneficial in partial heuristically solved applications; there the efficiency of expert knowledge representation is mixed with the precision of machine learning methods. The goal of this paper is to introduce the benefits of FRI in the Intrusion Detection Systems (IDS) application area, in the design and implementation of the detection mechanism for Distributed Denial of Service (DDOS) attacks. In the example of the paper as a test-bed environment an open source DDOS dataset and the General Public License (GNU) FRI Toolbox was applied. The performance of the FRI-IDS example application is compared to other common classification algorithms used for detecting DDOS attacks on the same open source test-bed environment. According to the results, the overall detection rate of the FRI-IDS is in pair with other methods. On the example dataset it outperforms the detection rate of the support vector machine algorithm, whereas other algorithms (neural network, random forest and decision tree) recorded lightly higher detection rate. Consequently, the FRI inference system could be a suitable approach to be implemented as a detection mechanism for IDS; it effectively decreases the false positive rate value. Moreover, because of its fuzzy rule base knowledge representation nature, it can easily adapt expert knowledge, and also be-suitable for predicting the level of degree for threat possibility.