Fuzzy rule interpolation (FRI) offers an effective approach for making inference possible in sparse rule-based systems (and also for reducing the complexity of fuzzy models). However, requirements of fuzzy systems may change over time and hence, the use of a static rule base may affect the accuracy of FRI applications. Fortunately, an FRI system in action will produce interpolated rules in abundance during the interpolative reasoning process. While such interpolated results are discarded in existing FRI systems, they can be utilized to facilitate the development of a dynamic rule base in supporting subsequent inference. This is because the otherwise relinquished interpolated rules may contain possibly valuable information, covering regions that were uncovered by the original sparse rule base. This paper presents a dynamic fuzzy rule interpolation (D-FRI) approach by exploiting such interpolated rules in order to improve the overall system's coverage and efficacy. The resulting D-FRI system is able to select, combine, and generalize informative, frequently used interpolated rules for merging with the existing rule base while performing interpolative reasoning. Systematic experimental investigations demonstrate that D-FRI outperforms conventional FRI techniques, with increased accuracy and robustness. Furthermore, D-FRI is herein applied for network security analysis, in devising a dynamic intrusion detection system (IDS) through integration with the Snort software, one of the most popular open source IDSs. This integration, denoted as D-FRI-Snort hereafter, delivers an extra amount of intelligence to predict the level of potential threats. Experimental results show that with the inclusion of a dynamic rule base, by generalising newly interpolated rules based on the current network traffic conditions, D-FRI-Snort helps reduce both false positives and false negatives in intrusion detection.

中文翻译：

---

动态模糊规则插值及其在入侵检测中的应用

模糊规则插值 (FRI) 提供了一种有效的方法，可以在基于稀疏规则的系统中进行推理（以及降低模糊模型的复杂性）。然而，模糊系统的要求可能会随着时间而改变，因此，静态规则库的使用可能会影响 FRI 应用程序的准确性。幸运的是，一个正在运行的 FRI 系统将在插值推理过程中产生大量的插值规则。虽然这种内插结果在现有 FRI 系统中被丢弃，但它们可用于促进动态规则库的开发，以支持后续推理。这是因为否则放弃的插值规则可能包含可能有价值的信息，覆盖原始稀疏规则库未覆盖的区域。本文提出了一种动态模糊规则插值 (D-FRI) 方法，它利用这种插值规则来提高整个系统的覆盖率和效率。由此产生的 D-FRI 系统能够选择、组合和概括信息丰富的、常用的内插规则，以便在执行内插推理时与现有规则库合并。系统的实验研究表明，D-FRI 优于传统的 FRI 技术，具有更高的准确性和鲁棒性。此外，这里将 D-FRI 应用于网络安全分析，通过与 Snort 软件（最流行的开源 IDS 之一）集成来设计动态入侵检测系统 (IDS)。这种集成，以下称为 D-FRI-Snort，提供额外的情报来预测潜在威胁的级别。实验结果表明，通过包含动态规则库，通过基于当前网络流量条件概括新插入的规则，D-FRI-Snort 有助于减少入侵检测中的误报和漏报。