Hybrid of rough set theory and Artificial Immune Recognition System as a solution to decrease false alarm rate in intrusion detection system

Denial of Service (DoS) attacks is one of the security threats for computer systems and applications. It usually make use of software bugs to crash or freeze a service or network resource or bandwidth limits by making use of a flood attack to saturate all bandwidth. Predicting a potential DOS attacks would be very helpful for an IT departments or managements to optimize the security of intrusion detection system (IDS). Nowadays, false alarm rates and accuracy become the main subject to be addressed in measuring the effectiveness of IDS. Thus, the purpose of this work is to search the classifier that is capable to reduce the false alarm rates and increase the accuracy of the detection system. This study applied Artificial Immune System (AIS) in IDS. However, this study has been improved by using integration of rough set theory (RST) with Artificial Immune Recognition System 1 (AIRS1) algorithm, (Rough-AIRS1) to categorize the DoS samples. RST is expected to be able to reduce the redundant features from huge amount of data that is capable to increase the performance of the classification. Furthermore, AIS is an incremental learning approach that will minimize duplications of cases in a knowledge based. It will be efficient in terms of memory storage and searching for similarities in Intrusion Detection (IDS) attacks patterns. This study use NSL-KDD 20% train dataset to test the classifiers. Then, the performances are compared with single AIRS1 and J48 algorithm. Results from these experiments show that Rough-AIRS1 has lower number of false alarm rate compared to single AIRS but a little bit higher than J48. However, accuracy for this hybrid technique is slightly lower compared to others.