ADAPTIVE NEURO FUZZY INFERENCE SYSTEM FOR ATTACK

Turkish Journal of Physiotherapy and Rehabilitation; 32(3)

ISSN 2651-4451 | e-ISSN 2651-446X

www.turkjphysiotherrehabil.org 430

ADAPTIVE NEURO FUZZY INFERENCE SYSTEM FOR ATTACK

PREDICTION IN THE NETWORKS

Durairaj. M1, D. Radhika2 1Assistant Professor, Department of Computer Science and Engineering, Bharathidasan

University, Tiruchirappalli – 620 023. Email: [email protected] 2Research Scholar, Department of Computer Science and Engineering, Bharathidasan

University, Tiruchirappalli – 620 023. Email: [email protected].

ABSTRACT

With the rise of the Internet, the number of attacks has skyrocketed, and Intrusion Detection Systems (IDS)

have emerged as a critical component of information security. The aim of an intrusion detection system (IDS)

is to assist computer systems in dealing with attacks. This anomaly detection system builds a database of

regular behavior and deviations from it, which it uses to activate when intrusions occur. IDS is divided into

two types depending on the data source: host-based IDS and network-based IDS. Individual packets flowing

through the network are analyzed in network-based IDS, while activities on a single device or server are

analyzed in host-based IDS. IDS' feature selection aids in the reduction of classification time.In this paper, a

new framework is proposed with Adaptive Neuro Fuzzy Inference System (ANFIS) for an IDS, to find the

risk severity of the attacks. The proposed framework is composed Pre-Processing, Classification and Risk

Severity Prediction. In this research work, the proposed ANFIS network is designed to predict the risk

severity of the attacks in the IDS.

KEYWORDS: Intrusion Detection System, Adaptive Neuro Fuzzy Inference System (ANFIS),

Classification, Feature Selection, Risk Severity Prediction

I. INTRODUCTION

The Internet has recently become an integral part of everyday life. Present internet-based information

management systems are vulnerable to a variety of attacks, resulting in a variety of damages and substantial

losses. As a result, the value of information protection is rapidly increasing. The most fundamental aim of

information security is to create protective information systems that are protected against unauthorized access,

usage, disclosure, disturbance, alteration, or destruction. Furthermore, information protection reduces the risks

associated with the three primary security objectives of confidentiality, integrity, and availability. Various

systems have previously been developed to detect and prevent Internet-based attacks. Intrusion detection systems

(IDS) are the most important systems among them because they effectively resist external attacks. Furthermore,

IDSs serve as a line of protection against attacks on computer systems over the Internet. IDS may be used to

detect various forms of attacks on network communications and computer system use in situations where a

conventional firewall would fail. Intrusion detection is built on the premise that intruders behave differently than

authorized users [1]. Based on their detection methods, IDSs are generally divided into two categories: anomaly

detection systems and misuse detection systems [2][3]. Anomaly intrusion detection decides whether deviations

from standard use habits are intrusions. Misuse detection systems, on the other hand, efficiently detect permission

breaches. Intelligent agents and classification methods may be used to build intrusion detection systems. The

majority of IDSs have two phases: pre-processing and intrusion detection. The intrusions detected by IDSs can be

effectively avoided by implementing an intrusion prevention scheme.

1.1 Intelligent Intrusion Detection System

Intelligent IDSs are intelligent computer programs that observe the environment and function flexibly to achieve

higher detection accuracy [4][5]. They can be found in either a host or a network. These programs compute the

behavior that should be taken in the environment by understanding the environment and firing inference rules [6].

http://www.turkjphysiotherrehabil.org/


ISSN 2651-4451 | e-ISSN 2651-446X


Intelligent IDSs are capable of making decisions and testing constraints. In most intelligent systems, decision-

making is handled by either rules or agents. Furthermore, to accomplish a single target, a collection of static

agents or a set of mobile and static agents have been used. By proposing intelligent techniques for pre-processing

and effective classification, intelligent intrusion detection systems have been developed. In contrast to other

methods, such IDSs have given a higher detection rate.

1.2 Intelligent pre-processing techniques

Detecting relevant features and discarding irrelevant ones is the task of feature selection (or pre-processing), with

the goal of obtaining a subset of features that accurately represent the given problem with minimal performance

degradation. It has a number of benefits [7], including enhancing the efficiency of machine learning algorithms,

data comprehension, gaining information about the process and assisting with visualization, data reduction,

minimizing storage requirements, and assisting with processing cost reduction. Filter methods and wrapper

methods [8][9] are the two major models for feature selection. While wrapper models select features by

optimizing a predictor, filter models select features by relying on the general characteristics of the training data,

which are independent of any predictor. Wrapper models provide better results than filter models, and this model

is more accurate.

1.3 Intelligent classification techniques

Classification [10] is a technique for learning a model called a classifier from a collection of labeled data

instances known as training and then using the learned model to classify a test instance into one of the classes

known as testing. Anomaly detection techniques based on classification work in a similar two-phase method. The

available labeled training data is used to train a classifier in the training process. Using the classifier, the testing

process classifies a test instance as regular or anomalous. Anomaly detection strategies focused on classification

use either a one-class or multi-class classifier. Anomaly detection strategies based on one-class classification

presume that all training instances have only one class mark. Using a one-class classification algorithm, these

techniques learn a discriminative boundary around the usual instances. Anomaly is declared for any test instance

that does not fall within the learned boundary. Anomaly detection techniques focused on multi-class

classification presume that the training data includes classified instances belonging to several normal classes [11].

A classifier can learn to differentiate between each regular class and the rest of the classes using anomaly

detection techniques. If none of the classifiers classify a test instance as natural, it is called anomalous. In this

subcategory, some techniques associate a confidence score with the classifier's prediction. The test instance is

considered anomalous if none of the classifiers is secure in classifying it as natural.

II. RELATED WORKS

Elhag, S., et al [12] Evolutionary Fuzzy Systems now have a complete taxonomy. The authors then went through

a few of the ideas that have been introduced in this research field to solve Intrusion Detection Systems. Finally,

the authors provided a case study that demonstrated the effectiveness of Evolutionary Fuzzy Systems in this

situation.

Elhag, Salma, et al [13] for the creation of a system that can be trained using various metrics, a multi-objective

evolutionary fuzzy system was suggested. More precise solutions are expected to be obtained by expanding the

search space during model optimization. Furthermore, this scheme enables the end user to choose from a wide

range of solutions which is best suited to the current network characteristics.

Selvakumar, K., et al [14] proposed an adaptive IDS based on Fuzzy Rough Sets for attribute selection and

Allen's interval algebra, which is used on network trace datasets to pick a large number of attack data for

successful attack prediction in WSNs. In addition, for successful classification of network trace datasets, this

article proposes a fuzzy and rough collection based nearest neighbour algorithm (FRNN). This model uses a

skewed dataset of 50:50 normal and attack data, as opposed to 80:20 normal and attack data in traditional

datasets. Since biased data is used, the proposed IDS's efficiency is improved.

Pradeep Mohan Kumar, K., et al [15] proposed a new paradigm called hybrid-based intrusion detection

framework (GA-Fuzzy) for managing large volumes of NSL-KDD Dataset in order to efficiently detect attacks

and reduce the rate of misclassification alarms. The Genetic Algorithm (GA) is used to create new patterns (new

characteristics, records) in order to efficiently train the Fuzzy classifier.



ISSN 2651-4451 | e-ISSN 2651-446X


Elisa, Noe, et al [16] proposed a method for computing the three output background values of the Dendritic cell

algorithm (DCA) using the recently proposed TSK+ fuzzy inference system, with the weights always being

optimal for the data set given for a particular application. The proposed method was tested and validated using

the two most common datasets, KDD99 and UNSW NB15.

Sathesh, A [17] To detect intrusions that trigger security issues in social networks, researchers merged soft

computing techniques and framed an improved soft computing approach. The paper's proposed method used an

improved soft computing methodology that combined fuzzy logic, decision trees, K means -EM, and machine

learning in pre-processing, feature reduction, clustering, and classification to build a security strategy that is more

efficient than conventional computations in detecting social network misuse.

Senthilnayaki, Balakrishnan, Krishnan Venkatalakshmi, and ArputharajKannan [18] Using the Maximum

Dependency Maximum Significance algorithm, a new feature selection algorithm is proposed. This algorithm is

used to pick the smallest number of attributes from a data collection of information Discovery and Data (KDD).

Furthermore, a new K-Nearest Neighborhood-based algorithm for classifying data sets is proposed. This

proposed feature selection algorithm significantly eliminates unnecessary attributes or functions, and the

classification algorithm effectively determines the form of intrusion.

Ali, Ahmed Hussein [19] to overcome the problem of data redundancy in IDS, the Fuzzy Generalized Hebbian

Algorithm was proposed as a novel data reduction process. In this analysis, two dimensionality reduction

methods (GHA and Fuzzy GHA) were used and compared. This allowed the network's most important traffic

data information to be saved. In addition, the K Nearest Neighbor algorithm was used to divide the test

connections into two groups (attack or normal).

III. PROPOSED RISK SEVERITY PREDICTION OF ATTACKS USING ADAPTIVE NEURO FUZZY

INFERENCE SYSTEM

3.1 Fuzzy Inference System

The Fuzzy Inference System (FIS) is a decision-making process that takes input values and generates fuzzy

output values using logic rules [59, 60]. Real-world observations (which can be crisp or fuzzy values) and fuzzy

logic rules (i.e., IF-THEN rules) are often needed to make decisions [21]. The Mamdani Fuzzy Inference System

and the Takagi-Sugeno Fuzzy Model are two different types of fuzzy inference systems. In this paper, the ANFIS

version of the Takagi-Sugeno Fuzzy Model is used to assess the intensity of attack risk.

3.2 Adaptive Neuro Fuzzy Inference System (ANFIS)

Traditional Fuzzy Inference Systems (FIS) have the downside of requiring users to design the rules, which is

often impractical since the relationship between inputs and outputs in certain decision-making problems is not

straightforward and there are no intuitive methods to design the rules. In the meantime, artificial intelligence-

based approaches are gaining popularity, and the artificial neural network (ANN) is a model that can learn

characteristics and rules from vast amounts of data. The aim of ANN is to reduce performance error by changing

the coefficients in the networks.

Jiang et al. [21] In 1993, Adaptive Neuro-Fuzzy Inference System was introduced, which merged FIS with neural

networks to solve the limitations of FIS (ANFIS). ANFIS is basically a five-layer neural network. Equations (1)

and (2) can be used to display the constructed rules if there are two input parameters, z and y, and one output

parameter, f. (2).

In this case, 𝑀1,𝑀2,𝑁1 and 𝑁2 are fuzzy sets, and 𝑓1 and 𝑓2 are the resultant outputs. When the training phase is

run, the value of design parameters 𝑧𝑖, 𝑦𝑖 and 𝑝𝑖can also be determined. In the following line, the detailed steps of

ANFIS exploitation are clarified. The use of ANFIS is broken down into six steps:



ISSN 2651-4451 | e-ISSN 2651-446X


Step 1:Data collection: The aim of this phase is to gather a dataset for training and testing that includes inputs and

outputs. As input and output variables, the variables from the dataset and one variable (i.e. attackseverity) are

chosen.

Step 2:Construct Fuzzy Sets: ANFIS is a fuzzy inference method in which membership functions and fuzzy sets

should be described during the ANFIS preparation process, as done in this paper to find fuzzy sets for the output

variable (Attack Severity). The triangular membership function is one of the simplest among the other forms and

can be easily extended to the parameters. In this article, the triangular membership function is used as in Equation

(3).

The lower, median, and upper limits of fuzzy sets, which are user parameters, are represented by a, b, and c. Each

input's linguistic variable corresponds to a fuzzy set and has a triangular membership function with various

parameters (i.e., a, b, c). The graph of the triangular membership function is shown in Figure 2.

Figure 1: Triangular Fuzzy Set Membership Function

If the data collected is in the form of linguistic data, each linguistic input must be converted by translating it to

numerical values using the equation (4):

Step 3:Divide the Dataset into Training and Test Datasets: Two datasets, a training set and a test set, are needed

to train the ANFIS model and to evaluate the output of the trained model. These can be found by splitting the

entire dataset into two bits.

Step 4: Train the ANFIS model: This phase is divided into five stages, each of which is required for training the

Sugeno-type FIS, as described below. The rules can be learned by ANFIS using a large amount of training data.

Since the rules are encoded in layer 4 of ANFIS, it is necessary to train the coefficients in this layer in order to

represent the rules in ANFIS. Coefficients in layer 4 are initialized with random numbers and inputs in the dataset

provided to ANFIS to calculate an output to train the ANFIS with the training dataset generated in the previous

phase. The estimated output is then compared to the dataset's ground truth output, and the coefficients are

modified based on the output errors calculated by ANFIS. Many methods for modifying coefficients based on

performance errors have been proposed. The least square method and the back propagation algorithm are the two

most commonly used methods. Forward propagation and least squares estimation are used as learning algorithms

for parameters associated with the input and output membership functions, respectively, in this study.



ISSN 2651-4451 | e-ISSN 2651-446X


Figure 2: The ANFIS architecture with two inputs and one output

Layer 1 – Fuzzification Layer

The input values are fuzzified using membership functions in the first layer of ANFIS. This layer's output is used

as the data for layer 2. Equation (5) is used to measure the contribution of the fuzzification layer:

The membership function for input z and linguistic variable𝑀𝑖is 𝜇𝑀𝑖(𝑧).

Layer 2 – Product Layer

This layer measures the rule's firing power (the weight). The membership function weights (𝑤𝑖) is determined

using the equation (6), as shown in Figure 2.

Where 𝑤𝑖 denotes the rule weights, which are used as layer 3's data. The weights of rules in ANFIS are similar to

the weights of biases in conventional ANN [20].

Layer 3 – Normalization Layer

ANFIS uses Equation (7) to normalize the weight values obtained from layer 2 in this layer:

The aim of normalization is to substitute each weight value in the number of all weights with its ratio. The weight

value ranges can be constrained into [0, 1] by normalization.

Layer 4 – De-Fuzzification Layer

The weighted output is computed in the de-fuzzification layer by multiplying the measured normalized weight

(�̅�𝑖) by the product of the linear regression model associated with the current node as equation (8):

The weighted output and output of ithrule are represented by �̅�𝑖𝑓𝑖and 𝑓𝑖, respectively. 𝑚𝑖, 𝑛𝑖 and 𝑝𝑖 are also

related parameters. These coefficients encode the rules and are obtained via the ANFIS training phase.

Layer 5 – Output Layer



ISSN 2651-4451 | e-ISSN 2651-446X


Equation (9) is used to produce the overall performance of ANFIS in this layer:

The outputs from the previous layer are represented by�̅�𝑖𝑓𝑖 (i.e layer 4).

Step 5: Assess the model: The test dataset generated in Step 3 is used in this step to evaluate ANFIS' performance

by comparing the dataset's ground truth output to the output measured by ANFIS. Since the test dataset is

separate from the training dataset, the risk intensity with the test dataset can be used to assess the fuzzy inference

system's generalization capacity.

Step 6: Examine the model's accuracy: Some output indices, such as RMSE (Root Mean Square Error) and

MAPE (Mean Absolute Percentage Error), are used to further check the accuracy of ANFIS prediction.

IV. RESULT AND DISCUSSION

ANFIS is implemented with MATLAB R2019a for the risk severity prediction of attacks detected in the previous

proposed Hybrid classification method. 18 features are selected from the previous feature selection work [20].

Those features are considered in this paper to find the severity of the attack in the network.

4.1 Input Membership Function

Duration:

This variable Duration represents the length (number of seconds) of the connection in the network. Table 1 gives

the fuzzy table for input variable duration and its membership function has given in the figure 3.

Table 1: Fuzzy Table for Input Variable Duration

Input Field Range Linguistic Representation

Duration

0-10Seconds

11-30 Seconds

>30 Seconds

Time 1

Time 2

Time 3

Figure 3: Membership Function Plot for Input Variable “Duration”.X-axis: Input Variable “Duration”, Y-axis: Membership

Degree of “Duration”

Protocol_type:

This variable protocol_type represents the type of the protocol, e.g. TCP, UDP,ICMPetc that to be used in the

network. Table 2 gives the fuzzy table for the input variable protocol_type and its membership has presented in

the figure 4.

Table 2: Fuzzy Table for Input Variable Protocol_Type


Protocol_Type

0-3

3-6

5-9.5

TCP

UDP

ICMP



ISSN 2651-4451 | e-ISSN 2651-446X


Figure 4: Membership Function Plot for Input Variable “Protocol_Type”.X-axis: Input Variable “Protocol_Type”, Y-axis:

Membership Degree of “Protocol_Type”

Service:

This variable Service represents the network service on the destination, e.g., HTTP, FTP, TELNET, etc. Table 3

depicts the fuzzy table for input variable service and figure 5 gives its representation of the membership function.

Table 3: Fuzzy Table for Input Variable Service


Service

0-2

2-4

4-8

HTTP

FTP

Telnet

Figure 5: Membership Function Plot for Input Variable “Service”.X-axis: Input Variable “Service”, Y-axis: Membership

Degree of “Service”

Flag:

This variable Flag represents the normal or error status of the connection. Table 4 depicts the fuzzy table for

input variable flag and figure 6 gives its representation of the membership function.

Table 4: Fuzzy Table for Input Variable Flag


Flag

0-3

3-6

6-9

Flag1 (Normal)

Flag2 (Abnormal)

Flag3 (Error)



ISSN 2651-4451 | e-ISSN 2651-446X


Figure 6: Membership Function Plot for Input Variable “Flag”.X-axis: Input Variable “Service”, Y-axis: Membership

Degree of “Flag”

Source_Bytes:

This input variable Source_Bytes represents the number of data bytes from source to destination. The following

ranges are used to describe the source_bytes size during transmission in the network. Table 5 gives the fuzzy

table for input variable source_bytes and its membership has represented in the figure 7.

Table 5: Fuzzy Table for Input Variable source_bytes


Source_Bytes

0-15000 bytes

15000-28000 bytes

28000-100000 bytes

Range 1

Range 2

Range 3

Figure 7: Membership Function Plot for Input Variable “src_bytes”.X-axis: Input Variable “Service”, Y-axis: Membership

Degree of “src_bytes”

Destination_Bytes:

This input variable Destination_Bytes is used to represent the number of data bytes from destination to source.

The following ranges are used to describe the destination_bytes size during transmission in the network. Table 6

gives the fuzzy table for the input variable destination_bytes and its representation of membership has depicted in

the figure 8.

Table 6: Fuzzy Table for Input Variable Destination_bytes


Destination_Bytes

0-15000 bytes

15000-28000 bytes

28000-100000 bytes

Range 1

Range 2

Range 3



ISSN 2651-4451 | e-ISSN 2651-446X


Figure 8: Membership Function Plot for Input Variable “dst_bytes”.X-axis: Input Variable “Service”, Y-axis: Membership

Degree of “dst_bytes”

Land:

This input variable Land is used to represent the 1 if connection is from/to the same host/port; 0 otherwise. Table

7 gives the fuzzy table for the input variable Land and its representation of membership has depicted in the figure

9.

.Table 7: Fuzzy Table for Input Variable Land


Land 0

0.1-1

Different host/port

Connection from same host/port

Figure 9: Membership Function Plot for Input Variable “Land”.X-axis: Input Variable “Service”, Y-axis: Membership

Degree of “Land”

Su_attempted:

This input variable Su_attempted is used to represent the 1 if ``su root'' command attempted; 0 otherwise. Table 8

gives the fuzzy table for the input variable su_attempted and its representation of membership has depicted in the

figure 10.

Table 8: Fuzzy Table for Input Variable su_attempted


Su_Attempted 0

0.1-1

No (Su_root command not attempted)

Yes (su_root command attempted



ISSN 2651-4451 | e-ISSN 2651-446X


Figure 10: Membership Function Plot for Input Variable “su_attempted”.X-axis: Input Variable “Service”, Y-axis:

Membership Degree of “su_attempted”

Num_root:

This input variable Num_root is used to represent the number of “root” accesses. Table 9 gives the fuzzy table for

the input variable num_root and its representation of membership has depicted in the figure 11.

Table 9: Fuzzy Table for Input Variable num_root


num_root 0

0.1-1

No (No root access)

Yes (Root access)

Figure 11: Membership Function Plot for Input Variable “num_root”.X-axis: Input Variable “Service”, Y-axis: Membership

Degree of “num_root”

Count:

This input variable Count is used to represent the number of connections to the same host as the current

connection in the past two seconds. Table 10 gives the fuzzy table for the input variable count and its

representation of membership has depicted in the figure 12.

Table 10: Fuzzy Table for Input Variable count


Count

1-150

151-300

301-511

Range1

Range2

Range3



ISSN 2651-4451 | e-ISSN 2651-446X


Figure 12: Membership Function Plot for Input Variable “count”.X-axis: Input Variable “Service”, Y-axis: Membership

Degree of “count”

Synchronization Error Rate (serror_rate):

This input variable Synchronization Error Rate represents that the % of connections that have ``SYN''Errors in

the network. Table 11 presents the fuzzy table for the input variable serror_rate and its membership function has

presented in the figure 13.

Table 11: Fuzzy Table for Input Variable “serror_rate”


serror_rate

0-10%

11-30%

31-100%

Type 1

Type 2

Type 3

Figure 13: Membership Function Plot for Input Variable “serror_rate”. X-axis: Input Variable “serror_rate”, Y-axis:

Membership Degree of “serror_rate”

Srv_count:

This input variable srv_countrepresents that the number of connections to the same service as the current

connection in the past two seconds. Table 12 presents the fuzzy table for the input variable serror_rate and its

membership function has presented in the figure 14.

Table 12: Fuzzy Table for Input Variable “srv_count”


srv_count

1-150

151-300

301-511

Type 1

Type 2

Type 3



ISSN 2651-4451 | e-ISSN 2651-446X


Figure 14: Membership Function Plot for Input Variable “srv_count”. X-axis: Input Variable “srv_count”, Y-axis:

Membership Degree of “srv_count”

rerror_rate(Response Error rate):

This input variable Response Error Rate represents that the % of connections that have “Response''Errors in the

network. Table 13 represents the fuzzy table for input variable error_rate and figure 15 gives the membership

function for the given input variable.

Table 13: Fuzzy Table for Input Variable “rerror_rate”


rerror_rate

0-25%

25-50%

50-100%

Type 1

Type 2

Type 3

Figure 15: Membership Function Plot for Input Variable “rerror_rate”. X-axis: Input Variable “rerror_rate”, Y-axis:

Membership Degree of “rerror_rate”

Diff_srv_count:

This input variable Diff_srv_count represents that the number of connections to different Services. Table 14

represents the fuzzy table for input variable Diff_srv_count and figure 16 gives the membership function for the

given input variable.

Table 14: Fuzzy Table for Input Variable “Diff_srv_count”


Diff_srv_count

1-150

151-300

301-511

Type 1

Type 2

Type 3



ISSN 2651-4451 | e-ISSN 2651-446X


Figure 16: Membership Function Plot for Input Variable “Diff_srv_count”. X-axis: Input Variable “Diff_srv_count”, Y-

axis: Membership Degree of “Diff_srv_count”

Dst_host_count:

This input variable Dst_host_countrepresents that the count for destination host. Table 15 represents the fuzzy

table for input variable Dst_host_count and figure 17 gives the membership function for the given input variable.

Table 15: Fuzzy Table for Input Variable “Dst_host_count”


Dst_host_count

1-75

76-150

151-225

Type 1

Type 2

Type 3

Figure 17: Membership Function Plot for Input Variable “Dst_host_count”. X-axis: Input Variable “Dst_host_count”, Y-

axis: Membership Degree of “Dst_host_count”

Num_file_creations:

This input variable Num_file_creationsrepresents that the number of file creation operations. Table 16 represents

the fuzzy table for input variable num_file_creations and figure 18 gives the membership function for the given

input variable.

Table 16: Fuzzy Table for Input Variable “Num_file_creations”


Num_file_creations 0

0.1-1

No (No files created)

Yes (files created)



ISSN 2651-4451 | e-ISSN 2651-446X


Figure 18: Membership Function Plot for Input Variable “Num_file_creations”. X-axis: Input Variable

“Num_file_creations”, Y-axis: Membership Degree of “Num_file_creations”

Num_access_file:

This input variable Num_access_file represents that the number of operations on access control files. Table 17

represents the fuzzy table for input variable Num_access_file and figure 19 gives the membership function for

the given input variable.

Table 17: Fuzzy Table for Input Variable “Num_access_file”


Num_access_file 0

0.1-1

No (no access on control files)

Yes (access on control files)

Figure 19: Membership Function Plot for Input Variable “Num_access_file”. X-axis: Input Variable “Num_access_file”, Y-

axis: Membership Degree of “Num_access_file”

Num_shell:

This input variable Num_shell represents that the number of shell prompts. Table 18 represents the fuzzy table

for input variable Num_shell and figure 20 gives the membership function for the given input variable.

Table 18: Fuzzy Table for Input Variable “Num_shell”


Num_shell 0

0.1-1

No (No shell prompts)

Yes (shell prompts)



ISSN 2651-4451 | e-ISSN 2651-446X


Figure 20: Membership Function Plot for Input Variable “Num_shell”. X-axis: Input Variable “Num_shell”, Y-axis:

Membership Degree of “Num_shell”

4.2 Output Membership Function

This output variable “Severity” is used to mention the risk severity of the attack in the network. This severity can

be classified into three stages, Low, Mild and High. These stages represent the severity suspicious of the node.

Table 19 gives the fuzzy table for the output variable severity and its membership function has presented in the

figure 21.

Table 19: Fuzzy Table for Output Variable “Severity”


Severity

0-25%

26-40%

41-100%

LOW

MILD

HIGH

Figure 21: Membership Function Plot for Output Variable “Severity”. X-axis: Input Variable “Severity”, Y-axis: Membership

Degree of “Severity”

Figure 22 depicts the graphical representation of the rule view of proposed ANFIS structure. Based on the rule

sets, the severity of the attacks can be predicted. 73 rules are generated with the triangular membership for the

given 18 input features for predicting the attack severity.

Figure 22: Rule View of the proposed ANFIS model for attack severity prediction

V. CONCLUSION

The challenge is to identify a suspicious node severity based on several factors in the KDDCUP 99 dataset, which

contains the attacks data, since these factors can contribute to a node being malicious or not. The results show

that the proposed method can be used to infer fuzzy rules from data while maintaining a reasonable balance of

accuracy and readability. Primary prevention is recommended for encouraging good nodes for routing in

networks by improved knowledge and consciousness, as well as a method to predict the likelihood of a network

cut for prevention. It will consider re-routing based on the severity of the attacks on the node. It will boost the

network's data processing speed, reliability, and service quality.



ISSN 2651-4451 | e-ISSN 2651-446X


REFERENCE

1. Buczak, Anna L., and ErhanGuven. "A survey of data mining and machine learning methods for cyber security intrusion detection." IEEE Communications surveys & tutorials 18.2 (2015): 1153-1176.

2. Buczak, Anna L., and ErhanGuven. "A survey of data mining and machine learning methods for cyber security intrusion detection." IEEE Communications surveys & tutorials 18.2 (2015): 1153-1176.

3. Sahani, Roma, et al. "Classification of intrusion detection using data mining techniques." Progress in computing, analytics and networking.Springer, Singapore, 2018.753-764.

4. Kaja, Nevrus, Adnan Shaout, and Di Ma. "An intelligent intrusion detection system." Applied Intelligence 49.9 (2019): 3235-3247.

5. Depren, Ozgur, et al. "An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks." Expert systems with Applications 29.4 (2005): 713-722.

6. Muthukumar, Balasundaram, and Praveen Kumar Rajendran. "Intelligent intrusion detection system for private cloud environment." International Symposium on Security in Computing and Communication.Springer, Cham, 2015.

7. Bilalli, Besim, et al. "Intelligent assistance for data pre-processing." Computer Standards & Interfaces 57 (2018): 101-109.

8. Jović, Alan, Karla Brkić, and Nikola Bogunović. "A review of feature selection methods with applications." 2015 38th international convention on information and communication technology, electronics and microelectronics (MIPRO).Ieee, 2015.

9. Durairaj, M., and T. S. Poornappriya. "Why Feature Selection in Data Mining Is Prominent? A Survey." International Conference on Artificial Intelligence, Smart Grid and Smart City Applications.Springer, Cham, 2019.

10. Ganapathy, Sannasi, et al. "Intelligent feature selection and classification techniques for intrusion detection in networks: a survey." EURASIP Journal on Wireless Communications and Networking 2013.1 (2013): 1-16.

11. Chauhan, Himadri, et al. "A comparative study of classification techniques for intrusion detection." 2013 International Symposium on Computational and Business Intelligence.IEEE, 2013.

12. Elhag, S., et al. "Evolutionary fuzzy systems: a case study for intrusion detection systems." Evolutionary and swarm intelligence algorithms. Springer, Cham, 2019.169-190.

13. Elhag, Salma, et al. "A multi-objective evolutionary fuzzy system to obtain a broad and accurate set of solutions in intrusion detection systems." Soft Computing 23.4 (2019): 1321-1336.

14. Selvakumar, K., et al. "Intelligent temporal classification and fuzzy rough set-based feature selection algorithm for intrusion detection system in WSNs." Information Sciences 497 (2019): 77-90.

15. Pradeep Mohan Kumar, K., et al. "Intrusion detection system based on GA‐fuzzy classifier for detecting malicious attacks." Concurrency and Computation: Practice and Experience (2019): e5242.

16. Elisa, Noe, et al. "Dendritic cell algorithm enhancement using fuzzy inference system for network intrusion detection." 2019 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE).IEEE, 2019.

17. Sathesh, A. "Enhanced soft computing approaches for intrusion detection schemes in social media networks." Journal of Soft Computing Paradigm (JSCP) 1.02 (2019): 69-79.

18. Senthilnayaki, Balakrishnan, Krishnan Venkatalakshmi, and ArputharajKannan. "Intrusion detection system using fuzzy rough set feature selection and modified KNN classifier." Int. Arab J. Inf. Technol. 16.4 (2019): 746-753.

19. Ali, Ahmed Hussein. "Fuzzy generalized Hebbian algorithm for large-scale intrusion detection system." International Journal of Integrated Engineering 12.1 (2020): 81-90.

20. Durairaj. M, D. Radhika. (2020). A CLASSIFICATION MODEL WITH OPTIMIZATION BASED FEATURE SELECTION METHOD FOR INTRUSION DETECTION SYSTEM. PalArch’s Journal of Archaeology of Egypt / Egyptology, 17(6), 9318-9334.

21. Karaboga, Dervis, and Ebubekir Kaya. "Adaptive network based fuzzy inference system (ANFIS) training approaches: a comprehensive survey." Artificial Intelligence Review 52.4 (2019): 2263-2293.

22. Sushita, K., Shanmugasundaram, N.“Performance and comparative analysis of bldc motor with pi and pid controllers” Annals of the Romanian Society for Cell Biology, 2021, 25(3), pp. 219–228

23. Shanmugasundaram, N., Sushita, K., Kumar, S.P., Ganesh, E.N.“Genetic algorithm-based road network design for optimising the vehicle travel distance” International Journal of Vehicle Information and Communication Systems, 2019, 4(4), pp. 355–374 7

24. Pradeep Kumar, S., Shanmugasundaram, N. “Pin number theft recognition and cash transaction using sixth sense technology in ATM/CDM”International Journal of Engineering and Technology(UAE), 2018, 7(2), pp. 178–180


https://www.scopus.com/authid/detail.uri?authorId=57212193701








Documents

ADAPTIVE NEURO FUZZY INFERENCE SYSTEM FOR ATTACK