| Rough Set theory is a new method for dealing with vague, imprecise, incomplete and uncertain data. This paper introduces the basic concepts in rough set theory, studies attribute reduction and attribute value reduction based on the rough set theory, and applies rough set theory to the field of intrusion detection, and designs a prototype system that is used to mine the security rules based on the rough set theory.Data reduction is one of important research issue in rough set theory. Motivated by the former algorithms, in this paper, a novel algorithm based on extended decision matrices for attribute reduction (EDMAR) is proposed. Its completeness is proved. Compared with algorithms based on discernibility matrix, EDMAR is much less both space complexity and time complexity. In order to providing more information for user, this paper proposes a new algorithm for knowledge reduction based on the niche genetic algorithm. Several different reduction subsets of attribute can be gotten with the algorithm. The algorithm can solve some problems that heuristic algorithm can't do. It can find the different reductions of attribute in the knowledge system. It can provide more information for feature extraction, decision support and data mining.It is to be proved that value reduction is a NP hard problem. So it is too difficult to get the mini value reduction by enumeration. In this paper, we study the general algorithm of value reduction and the heuristic algorithm of value reduction. Furthermore, the paper presents a new algorithm (EDMVR) for value reduction based on decision matrices. And much more concise decision rules can be got with this method.On the basis of the research of rough set theory and the special demand of Intrusion Detection System, a prototype system is implemented for mining security rules from system log audit information within the framework of rough set theory. The usability of the prototype system is shown by the experiment using intrusion data set of KDD CUP 1999.
|
PDF Full Text Request