General tool-based approximation framework based on partial approximation of sets
RSFDGrC'11 Proceedings of the 13th international conference on Rough sets, fuzzy sets, data mining and granular computing
Approximation of sets based on partial covering
Transactions on Rough Sets XVI
| Hi-index | 0.00 |
Nowadays, it is already a banality that people run their applications in a complex open computing environment including allsorts of interconnected devices. In order to meet the network security challenge in nonprofessional human environments, Intrusion Detection Systems (IDS) have to be designed. Intrusion detection techniques are categorized into anomaly and misuse detection. To describe the outlined problem, we focus solely on externally observable executions generated by the observed system. Thus, we need some sort of tool being able to discover acceptable and unacceptable patterns in execution traces. Such a tool may be the rough set theory. According to the rough set theory, the vagueness of a subset of a finite universe U is defined by the difference of its upper and lower approximations with respect to a partition of U. In this paper, our starting point will be an arbitrary family of subsets of an arbitrary U, neither that it covers U nor that U is finite will be assumed. This new approach is called the partial approximative set theory. We will apply this theory to build an IDS which is simultaneously able to detect anomaly and misuse intrusions.