Intrusion detection, as a technology used to monitor abnormal behavior and maintain network security, has attracted many researchers’ attention in recent years. Thereinto, association rule mining is one of the mainstream methods to construct intrusion detection systems (IDS). However, the existing association rule algorithms face the challenges of high false positive rate and low detection rate. Meanwhile, too many rules might lead to the uncertainty increase that affects the performance of IDS. In order to tackle the above problems, a modified genetic network programming (GNP) is proposed for class association rule mining. Specifically, based on the property that node connections in the directed graph structure of GNP can be used to construct attribute associations, we propose to introduce information gain into GNP node selection. The most important attributes are thus selected, and the irrelevant attributes are removed before the rule is extracted. Moreover, not only the uncertainty among the class association rules is alleviated and also time consumption is reduced. The extracted rules can be applied to any classifier without affecting the detection performance. Experiment results based on NSL-KDD and KDDCup99 verify the performance of our proposed algorithm.

1. [1] El-Semary et al., “Applying data mining of fuzzy association rules to network intrusion detection,” 2006 IEEE Information Assurance Workshop, pp. 100-107, 2006.
2. [2] Q. Meng, S. Zheng, and Y. Cai, “Deep Learning SDN Intrusion Detection Scheme Based on TW-Pooling,” J. Adv. Comput. Intell. Intell. Inform., Vol.23, No.3, pp. 396-401, 2019.
3. [3] D. E. Denning, “An intrusion-detection model,” IEEE Trans. on Software Engineering, Vol.SE-13, No.2, pp. 222-232, 1987.
4. [4] S. Mohammadi et al., “Cyber intrusion detection by combined feature selection algorithm,” J. of Information Security and Applications, Vol.44, pp. 80-88, 2019.
5. [5] A. L. Buczak and E. Guven, “A survey of data mining and machine learning methods for cyber security intrusion detection,” IEEE Communications Surveys & Tutorials, Vol.18, No.2, pp. 1153-1176, 2016.
6. [6] W. Wang, “Optimization of intelligent data mining technology in big data environment,” J. Adv. Comput. Intell. Intell. Inform., Vol.23, No.1, pp. 129-133, 2019.
7. [7] R. Agrawal and R. Srikant, “Fast algorithms for mining association rules,” Proc. 20th Int. Conf. Very Large Data Bases (VLDB’94), pp. 487-499, 1994.
8. [8] J. Han et al., “Mining frequent patterns without candidate generation: a frequent-pattern tree approach,” Data Mining and Knowledge Discovery, Vol.8, pp. 53-87, 2004.
9. [9] B. Minaei-Bidgoli, R. Barmaki, and M. Nasiri, “Mining numerical association rules via multi-objective genetic algorithms,” Information Sciences, Vol.233, pp. 15-24, 2013.
10. [10] J. M. Luna et al., “A genetic programming free-parameter algorithm for mining association rules,” 2012 12th Int. Conf. on Intelligent Systems Design and Applications (ISDA), pp. 64-69, 2012.
11. [11] S. Mabu et al., “An intrusion-detection model based on fuzzy class-association-rule mining using genetic network programming,” IEEE Trans. on Systems, Man, and Cybernetics, Part C (Applications and Reviews), Vol.41, No.1, pp. 130-139, 2011.
12. [12] X. Dong et al., “An efficient method for pruning redundant negative and positive association rules,” Neurocomputing, Vol.393, pp. 245-258, 2020.
13. [13] M. A. Franco, N. Krasnogor, and J. Bacardit, “Post-processing operators for decision lists,” Proc. of the 14th Annual Conf. on Genetic and Evolutionary Computation (GECCO’12), pp. 847-854, 2012.
14. [14] D. Denning and P. G. Neumann, “Requirements and model for IDES – a real-time intrusion-detection expert system,” SRI Int., 1985.
15. [15] N. Ye et al., “Multivariate statistical analysis of audit trails for host-based intrusion detection,” IEEE Trans. on Computers, Vol.51, No.7, pp. 810-820, 2002.
16. [16] P. García-Teodoro et al., “Anomaly-based network intrusion detection: Techniques, systems and challenges,” Computers & Security, Vol.28, Nos.1-2, pp. 18-28, 2009.
17. [17] T. Hurley, J. E. Perdomo, and A. Perez-Pons, “HMM-based intrusion detection system for software defined networking,” 2016 15th IEEE Int. Conf. on Machine Learning and Applications (ICMLA), pp. 617-621, 2016.
18. [18] H. Benaddi, K. Ibrahimi, and A. Benslimane, “Improving the intrusion detection system for nsl-kdd dataset based on pca-fuzzy clustering-knn,” 2018 6th Int. Conf. on Wireless Networks and Mobile Communications (WINCOM), doi: 10.1109/WINCOM.2018.8629718, 2018.
19. [19] S. Chen et al., “SVM intrusion detection model based on compressed sampling,” J. of Electrical and Computer Engineering, Article No.3095971, 2016.
20. [20] R. R. Reddy, Y. Ramadevi, and K. N. Sunitha, “Effective discriminant function for intrusion detection using SVM,” 2016 Int. Conf. on Advances in Computing, Communications and Informatics (ICACCI), pp. 1148-1153, 2016.
21. [21] X. Zhang and X. Hao, “Research on intrusion detection based on improved combination of K-means and multi-level SVM,” 2017 IEEE 17th Int. Conf. on Communication Technology (ICCT), pp. 2042-2045, 2017.
22. [22] R. A. Shah et al., “Network intrusion detection through discriminative feature selection by using sparse logistic regression,” Future Internet, Vol.9, No.4, Article No.81, 2017.
23. [23] M. Bitaab and S. Hashemi, “Hybrid intrusion detection: combining decision tree and Gaussian mixture model,” 2017 14th Int. Iranian Society of Cryptology Conf. on Information Security and Cryptology (ISCISC), pp. 8-12, 2017.
24. [24] E. D. l. Hoz et al., “PCA filtering and probabilistic SOM for network intrusion detection,” Neurocomputing, Vol.164, pp. 71-81, 2015.
25. [25] K. Poornamala and R. Lawrance, “A frequent pattern tree algorithm for mining association rule using genetic algorithm,” Data Mining and Knowledge Engineering, Vol.4, No.7, pp. 357-360, 2012.
26. [26] H. Guo and Y. Zhou, “An algorithm for mining association rules based on improved genetic algorithm and its application,” 2009 3rd Int. Conf. on Genetic and Evolutionary Computing, pp. 117-120, 2009.
27. [27] K. Hirasawa et al., “Comparison between genetic network programming (GNP) and genetic programming (GP),” Proc. of the 2001 Congress on Evolutionary Computation, Vol.2, pp. 1276-1282, 2001.
28. [28] K. Shimada, K. Hirasawa, and J. Hu, “Class association rule mining with chi-squared test using genetic network programming,” 2006 IEEE Int. Conf. on Systems, Man and Cybernetics, pp. 5338-5344, 2006.
29. [29] C. Chen et al., “Network intrusion detection using class association rule mining based on genetic network programming,” IEEJ Trans. on Electrical and Electronic Engineering, Vol.5, No.5, pp. 553-559, 2010.
30. [30] C. Chen et al., “Network intrusion detection using fuzzy class association rule mining based on genetic network programming,” 2009 IEEE Int. Conf. on Systems, Man and Cybernetics, pp. 60-67, 2009.
31. [31] H. R. Qodmanan, M. Nasiri, and B. Minaei-Bidgoli, “Multi objective association rule mining with genetic algorithm without specifying minimum support and minimum confidence,” Expert Systems with Applications, Vol.38, No.1, pp. 288-298, 2011.
32. [32] E. O. Omuya, G. O. Okeyo, and M. W. Kimwele, “Feature selection for classification using principal component analysis and information gain,” Expert Systems with Applications, Vol.174, Article No.114765, 2021.
33. [33] S. Chaising, P. Temdee, and R. Prasad, “Individual attribute selection using information gain based distance for group classification of elderly people with hypertension,” IEEE Access, Vol.9, pp. 82713-82725, 2021.
34. [34] M. Prasad, S. Tripathi, and K. Dahal, “An efficient feature selection based Bayesian and Rough set approach for intrusion detection,” Applied Soft Computing, Vol.87, Article No.105980, 2020.
35. [35] M. A. Mahdi, K. M. Hosny, and I. Elhenawy, “FR-tree: A novel rare association rule for big data problem,” Expert Systems with Applications, Vol.187, Article No.115898, 2022.
36. [36] G. Chen et al., “A new approach to classification based on association rule mining,” Decision Support Systems, Vol.42, No.2, pp. 674-689, 2006.
37. [37] W. Li, J. Han, and J. Pei, “CMAR: Accurate and efficient classification based on multiple class-association rules,” Proc. 2001 IEEE Int. Conf. on Data Mining, pp. 369-376, 2001.
38. [38] J. Dai and Q. Xu, “Attribute selection based on information gain ratio in fuzzy rough set theory with application to tumor classification,” Applied Soft Computing, Vol.13, No.1, pp. 211-221, 2013.
39. [39] P. Nimbalkar and D. Kshirsagar, “Feature selection for intrusion detection system in Internet-of-Things (IoT),” ICT Express, Vol.7, No.2, pp. 177-181, 2021.
40. [40] Y. Mei, B. Xue, and M. Zhang, “Fast bi-objective feature selection using entropy measures and bayesian inference,” Proc. of the Genetic and Evolutionary Computation Conf. 2016 (GECCO’16), pp. 469-476, 2016.
41. [41] V. Bolón-Canedo, N. Sánchez-Maroño, and A. Alonso-Betanzos, “Feature selection and classification in multiple class datasets: an application to KDD Cup 99 dataset,” Expert Systems with Applications, Vol.38, No.5, pp. 5947-5957, 2011.
42. [42] M. Tavallaee et al., “A detailed analysis of the KDD CUP 99 data set,” 2009 IEEE Symp. on Computational Intelligence for Security and Defense Applications, doi: 10.1109/CISDA.2009.5356528, 2009.
43. [43] Z. Chang and W. Wang, “An Improved PSO-Based Rule Extraction Algorithm for Intrusion Detection,” 2009 Int. Conf. on Computational Intelligence and Natural Computing, pp. 56-58, 2009.
44. [44] N. Lu et al., “Integrated fuzzy GNP rule mining with distance-based classification for intrusion detection system,” 2012 IEEE Int. Conf. on Systems, Man, and Cybernetics (SMC), pp. 1569-1574, 2012.
45. [45] E. Bigdeli et al., “Incremental anomaly detection using two-layer cluster-based structure,” Information Sciences, Vol.429, pp. 315-331, 2018.
46. [46] O. F. Rashid et al., “DNA encoding and STR extraction for anomaly intrusion detection systems,” IEEE Access, Vol.9, pp. 31892-31907, 2021.
47. [47] D. Song, M. I. Heywood, and A. N. Zincir-Heywood, “Training genetic programming on half a million patterns: an example from anomaly detection,” IEEE Trans. on Evolutionary Computation, Vol.9, No.3, pp. 225-239, 2005.
48. [48] S. Akbar et al., “Improving network security using machine learning techniques,” 2012 IEEE Int. Conf. on Computational Intelligence and Computing Research, doi: 10.1109/ICCIC.2012.6510197, 2012.
49. [49] B. Gu and H. Guo, “The intrusion detection system based on a novel association rule,” 2014 Int. Conf. on Information Science, Electronics and Electrical Engineering, pp. 1313-1316, 2014.
50. [50] S. S. s. Sindhu et al., “An active rule approach for network intrusion detection with NeuroC4.5 algorithm,” 2006 Annual IEEE India Conf., doi: 10.1109/INDCON.2006.302774, 2006.
51. [51] R. Agarwal and M. V. Joshi, “PNrule: a new framework for learning classifier models in data mining (a case-study in network intrusion detection),” Proc. of the 2001 SIAM Int. Conf. on Data Mining (SDM), doi: 10.1137/1.9781611972719.29, 2001.