TY  - JOUR
T1  - Host-Based Intrusion Detection Architecture Based on
Rough Set Theory and Machine Learning
AU - Sever, Hayri AU - Nasser, Ahmed 
JO  - Journal of Engineering and Applied Sciences
VL  - 14
IS  - 2
SP  - 415
EP  - 422
PY  - 2019
DA  - 2001/08/19
SN  - 1816-949x
DO  - jeasci.2019.415.422
UR  - https://makhillpublications.co/view-article.php?doi=jeasci.2019.415.422
KW  - Host-based IDS
KW  -computer security
KW  -machine learning
KW  -rough set theory
KW  -feature selection
KW  -novelty
detection
AB  - Intrusion detection is considered as a remarkable approach used in network and computer security.
In this study, we proposed a host based IDS architecture that exploits the adaptive aspect of machine learning
mechanisms and rough set theory. The proposed IDS architecture involves using new feature extraction method
based on statistical measures which generate a training dataset with less feature space compared to the ones
generated by traditional methods used in literature. The proposed IDS architecture also utilizes the principles
of rough set theory in term of attribute reduction techniques. Two variations of rough set attribute reduction
(Crisp and fuzzy) are considered to reduce the feature space by removing redundant and irrelative attributes
which leads to improving the system performance. Rough Set Classification (RSC) approach is used to generate
the IDS decision model by taking the form of &#147;IF-THEN&#148; rules using MODLEM rule induction algorithm. Our
test and comparison of RSC with four standard classification methods showed that the RSC yielded highly
accurate results in the term of F-score. The test experiments also show the impact of the attribute reduction
method on increasing the classification accuracy.
ER  - 