A Learnable Anomaly Detection System using Attributional Rules

Abstract

The continuous changing networks introduce new attacks, which represent an explicit problem that affects the security of enterprise resources. Thus, there is a real need to build up intelligent intrusion detection systems that can learn from the network behavior. In this paper, a learnable anomaly intrusion detection system based on attributional rules is presented. The proposed model is chosen with the advantages of being expressive, flexible and can operate in noisy and inconsistent environments. The system is a real-time intrusion detector that utilizes incremental supervised machine learning technique. Such technique makes use of the Algorithm Quasi-optimal (AQ) which is based on attributional calculus. Here, an Algorithm Quasi-optimal for Intrusion Detection System (AQ4IDS) is exploited and implemented using attributional rules to discriminate between normal and anomalous network traffic. The behavior of AQ4IDS is tested, and to illustrate its superiority. The experimental results showed that, the model automatically accommodates new rules from continuous network stream. Many experiments have verified the fact that AQ4IDS can efficiently discriminate between normal and anomalous network traffic, in addition to offering the advantage of detecting novel and zero day attacks.