Fuzzy Logic

2.3.6.1 Theory

Fuzzy logic is a form of many-valued logic or probabilistic logic; it deals with reasoning that is approximate rather than xed and exact Wikipedia [16]. Com-pared to traditional binary sets (where variables may take on true or false values) fuzzy logic variables may have a truth value that ranges in degree between 0 and 1. Fuzzy logic has been extended to handle the concept of partial truth, where the truth value may range between completely true and completely false.

Furthermore, when linguistic variables are used, these degrees may be managed by specic functions. Irrationality can be described in terms of what is known as the fuzzjective. Classical logic only permits propositions having a value of truth or falsity. The notion of whether 1+1=2 is absolute, immutable, mathe-matical truth. However, there exist certain propositions with variable answers, such as asking various people to identify a color. The notion of truth doesn't fall by the wayside, but rather a means of representing and reasoning over partial knowledge is aorded, by aggregating all possible outcomes into a dimensional spectrum. Both degrees of truth and probabilities range between 0 and 1 and hence may seem similar at rst.

2.3.6.2 Approach

Shanmugavadivu et al. [17] they propose a system which is a designed fuzzy logic-based system for eectively identifying the intrusion activities within a network. The proposed fuzzy logic-based system can be able to detect an intru-sion behaviour of the networks since the rule base contains a better set of rules.

Here, they have used automated strategy for generation of fuzzy rules, which are obtained from the denite rules using frequent items. The experiments and evaluations of the proposed intrusion detection system are performed with the KDD Cup 99 intrusion detection dataset. The experimental results clearly show that the proposed system achieved higher precision in identifying whether the records are normal or attack one.

The dierent steps involved in the proposed system for anomaly-based intrusion detection (shown in gure 2.16) are described as follows:

Figure 2.16: The overall steps of the proposed IDS

Classication of training data: The rst component of the proposed system is of classifying the input data into multiple classes by taking in mind the dier-ent attacks involved in the intrusion detection dataset. The dataset they have taken for analysing the intrusion detection behaviour using the proposed system is KDD-Cup 1999 data. Based on the analysis, the KDD-Cup 1999 data contains four types of attacks and normal behaviour data with 41 attributes that have both continuous and symbolic attributes. The proposed system is designed only for the continuous attributes because the major attributes in KDD-Cup 1999 data are continuous in nature. Therefore, they have taken only the continuous attributes for instance, 34 attributes from the input dataset by removing dis-crete attributes Then, the dataset is divided into ve subsets of classes based on the class label. The class label describes several attacks, which comes under four major attacks (Denial of Service, Remote to Local, U2R and Probe) along with normal data. The ve subsets of data are then used for generating a better set of fuzzy rules automatically so that the fuzzy system can learn the rules eectively.

Strategy for generation of fuzzy rules: In general, the fuzzy rules given to the fuzzy system is done manually or by experts, who are given the rules by analysing intrusion behaviour. But, in their case, it is very dicult to generate fuzzy rules manually due to the fact that the input data is huge and also having more attributes. But, a few of researches are available in the literature for automatically identifying of fuzzy rules in recent times. Motivated by this fact, they make use of mining methods to identify a better set of rules. Here, denite rules obtained from the single length frequent items are used to provide the proper learning of fuzzy system.

Fuzzy decision module: Zadeh in the late 1960s introduced Fuzzy logic and is known as the rediscovery of multivalued logic designed by Lukasiewicz. The designed fuzzy system shown in gure 2.17 contains 34 inputs and one output, where inputs are related to the 34 attributes and output is related to the class label (attack data or normal data). Here, thirty four-input, single-output of Mamdani fuzzy inference system with centroid of area defuzzication strategy was used for this purpose. Here, each input fuzzy set dened in the fuzzy system includes four membership functions (VL, L, M and H) and an output fuzzy set contains two membership functions (L and H). Each membership function used triangular function for fuzzication strategy.

Figure 2.17: The designed Fuzzy system

Finding an appropriate classication for a test input: For testing phase, a test data from the KDD-cup 99 dataset is given to the designed fuzzy logic system. At rst, the test input data containing 34 attributes is applied to fuzzi-er, which converts 34 attributes (numerical variable) into linguistic variable using the triangular membership function. The output of the fuzzier is fed to the inference engine which in turn compares that particular input with the rule base. Rule base is a knowledge base which contains a set of rules obtained from the denite rules. The output of inference engine is one of the linguistic values from the following set Low and High and then, it is converted by the defuzzier as crisp values. The crisp value obtained from the fuzzy inference engine is

varied in between 0 to 2, where "0" denotes that the data is completely normal and "1" species the completely attacked data.

Results: The evaluation metrics are computed for both training and testing dataset in the testing phase and the obtained result for all attacks and normal data are given in gure 2.18, which is the overall classication performance of the proposed system on KDD cup 99 dataset. By analysing the result, the overall performance of the proposed system is improved signicantly and it achieves more than 90

Figure 2.18: The classication performance of the proposed IDS