Skip to Main Content
The fuzzy association rule has been proven to be effective to present userspsila network behavior offline from a huge amount of collected packets. However, not only effectiveness, efficiency is important as well for Network Intrusion Detection Systems (NIDSs). None of those proposed NIDSs subject to fuzzy association rule can meet the real-time requirement because they all applied static mining approach. In the paper, we propose a real-time NIDS by incremental mining for fuzzy association rules. By consistently comparing the two rule sets, one mined from online packets and the other mined from training attack free packets, our system can make a decision per time unit, 2 seconds in the paper. Experiments have been done to demonstrate its excellent effectiveness and efficiency of the system.
Date of Conference: 17-20 June 2008