본문 바로가기
  • Home

A New Association Rule Mining based on Coverage and Exclusion for Network Intrusion Detection

  • Journal of Internet of Things and Convergence
  • Abbr : JKIOTS
  • 2023, 9(1), pp.77-87
  • DOI : 10.20465/KIOTS.2023.9.1.077
  • Publisher : The Korea Internet of Things Society
  • Research Area : Engineering > Computer Science > Internet Information Processing
  • Received : November 6, 2022
  • Accepted : December 18, 2022
  • Published : February 28, 2023

kimtaeyeon 1 KyungHyun Han 2 Seong Oun Hwang 1

1가천대학교
2홍익대학교(세종캠퍼스)

Accredited

ABSTRACT

Applying various association rule mining algorithms to the network intrusion detection task involves two critical issues: too large size of generated rule set which is hard to be utilized for IoT systems and hardness of control of false negative/positive rates. In this research, we propose an association rule mining algorithm based on the newly defined measures called coverage and exclusion. Coverage shows how frequently a pattern is discovered among the transactions of a class and exclusion does how frequently a pattern is not discovered in the transactions of the other classes. We compare our algorithm experimentally with the Apriori algorithm which is the most famous algorithm using the public dataset called KDDcup99. Compared to Apriori, the proposed algorithm reduces the resulting rule set size by up to 93.2 percent while keeping accuracy completely. The proposed algorithm also controls perfectly the false negative/positive rates of the generated rules by parameters. Therefore, network analysts can effectively apply the proposed association rule mining to the network intrusion detection task by solving two issues.

Citation status

* References for papers published after 2023 are currently being built.