Full Text:   <2461>

CLC number: TP393

On-line Access: 

Received: 2003-05-21

Revision Accepted: 2003-07-21

Crosschecked: 0000-00-00

Cited: 16

Clicked: 8448

Citations:  Bibtex RefMan EndNote GB/T7714

-   Go to

Article info.
1. Reference List
Open peer comments

Journal of Zhejiang University SCIENCE A 2004 Vol.5 No.9 P.1076~1086


Intrusion detection using rough set classification

Author(s):  ZHANG Lian-hua, ZHANG Guan-hua, YU Lang, ZHANG Jie, BAI Ying-cai

Affiliation(s):  Department of Computer Science and Engineering, Shanghai Jiaotong University, Shanghai 200030, China; more

Corresponding email(s):   a000309035@21cn.com

Key Words:  Intrusion detection, Rough set classification, Support vector machine, Genetic algorithm

Share this article to: More

ZHANG Lian-hua, ZHANG Guan-hua, YU Lang, ZHANG Jie, BAI Ying-cai. Intrusion detection using rough set classification[J]. Journal of Zhejiang University Science A, 2004, 5(9): 1076~1086.

@article{title="Intrusion detection using rough set classification",
author="ZHANG Lian-hua, ZHANG Guan-hua, YU Lang, ZHANG Jie, BAI Ying-cai",
journal="Journal of Zhejiang University Science A",
publisher="Zhejiang University Press & Springer",

%0 Journal Article
%T Intrusion detection using rough set classification
%A ZHANG Lian-hua
%A ZHANG Guan-hua
%A YU Lang
%A BAI Ying-cai
%J Journal of Zhejiang University SCIENCE A
%V 5
%N 9
%P 1076~1086
%@ 1869-1951
%D 2004
%I Zhejiang University Press & Springer
%DOI 10.1631/jzus.2004.1076

T1 - Intrusion detection using rough set classification
A1 - ZHANG Lian-hua
A1 - ZHANG Guan-hua
A1 - YU Lang
A1 - ZHANG Jie
A1 - BAI Ying-cai
J0 - Journal of Zhejiang University Science A
VL - 5
IS - 9
SP - 1076
EP - 1086
%@ 1869-1951
Y1 - 2004
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/jzus.2004.1076

Recently machine learning-based intrusion detection approaches have been subjected to extensive researches because they can detect both misuse and anomaly. In this paper, rough set classification (RSC), a modern learning algorithm, is used to rank the features extracted for detecting intrusions and generate intrusion detection models. Feature ranking is a very critical step when building the model. RSC performs feature ranking before generating rules, and converts the feature ranking to minimal hitting set problem addressed by using genetic algorithm (GA). This is done in classical approaches using support vector machine (SVM) by executing many iterations, each of which removes one useless feature. Compared with those methods, our method can avoid many iterations. In addition, a hybrid genetic algorithm is proposed to increase the convergence speed and decrease the training time of RSC. The models generated by RSC take the form of “IF-THEN” rules, which have the advantage of explication. Tests and comparison of RSC with SVM on DARPA benchmark data showed that for Probe and DoS attacks both RSC and SVM yielded highly accurate results (greater than 99% accuracy on testing set).

Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article


[1] Aleksander, Ø., 1999. Discernibility and Rough Sets in Medicine: Tools and Applications. PhD Dissertation, http://www.idi.ntnu.no/~aleks/thesis.

[2] Allen, J., Christie, A., Fithen, W., McHugh, J., Pickel, J., Stoner, E., 2000. State of the Practice of Intrusion Detection. Technical Report, http://www.sei.cmu.edu/pub/.

[3] Anders, T.B., 1997. Rough Enough(A System Supporting the Rough Sets Approach. Sixth Scandinavian Conference on Artificial Intelligence SCAI’97.

[4] Bazan, J.G., Skowron, A., Synak, P., 1994. Dynamic Reducts as A Tool for Extracting Laws from Decision Tables. Proceedings of ISMIS’94. Lecture Notes in Artificial Intelligence 869. Springer-Verlag, Berlin, p.346-355.

[5] Chang, C., Lin, J., 2003. LIBSVM, A Library for Support Vector Machines. http://www.csie.ntu.edu.tw/~cjlin/libsvm/.

[6] Goldberg, D.E., 1989. Genetic Algorithms in Search, Optimization, and Machine Learning. Addison-Wesley, Reading, M.A.

[7] James, C., 1998. The Application of Artificial Neural Networks to Misuse Detection: Initial Results. RAID98, Louvain-la-Neuve, Belgium, p.14-16.

[8] KDD, 1999. http://kdd.ics.uci.edu/databases/kddcup99/task.html.

[9] Pawlak, Z., 1982. Rough sets. International Journal of Computer and Information Sciences, 11:341-356.

[10] Srinivas, M., Sung, A., 2002. Feature Ranking and Selection for Intrusion Detection. Proceedings of the International Conference on Information and Knowledge Engineering.

[11] Wang, G.Y., eds, 2001. Rough Set Theory and Knowledge Acquistion. Xi’an Jiaotong University Press, Xi’an (in Chinese).

[12] Wang, J., Tao, Q., 2003. Rough Set Theory and Statistical learning Theory. In: Lu, R.Z., ed., Knowledge Science and Computing Science. Tsinghua University Press, Beijing, p.49 (in Chinese).

[13] Wenke, L., 1999. A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems. PhD dissertation, http://www.cc.gatech.edu/~wenke/.

[14] Wroblewski, J., 1995. Finding Minimal Reducts Using Genetic Algorithms. Proc. of the second Annual Join Conference on Information Sciences. Wrightsvillle Beachm, NC, p.186-189.

Open peer comments: Debate/Discuss/Question/Opinion



2015-01-31 01:03:10

i am a student of phd for research this article is required

Please provide your name, email address and a comment

Journal of Zhejiang University-SCIENCE, 38 Zheda Road, Hangzhou 310027, China
Tel: +86-571-87952783; E-mail: cjzhang@zju.edu.cn
Copyright © 2000 - Journal of Zhejiang University-SCIENCE