Authors - Qing Li Abstract - Intrusion Detection Systems (IDS) are critical for cybersecurity, yet conventional approaches based on machine learning often suffer from limited explainability, high computational cost, and scalability issues. We introduce Recommendation-Driven IDS (RD-IDS), a novel framework that models security events and detection rules as a hypergraph, reformulating intrusion detection as a structured recommendation problem. Detection is achieved through the computation of minimal transversals, identifying minimal and actionable sets of security measures. RD-IDS is formally defined with hypergraph representations, recommendation semantics, and UML-based architecture, ensuring traceability and modularity. Algorithmically, we leverage minimal transversal enumeration, including the Fredman–Khachiyan dualization method, and analyze temporal and spatial complexity, demonstrating that structural reductions and active set optimizations mitigate overhead. RD-IDS offers deterministic, explainable, and scalable detection by construction, providing a principled alternative to machine learning-centric IDS. This work establishes the formal and algorithmic foundations of RD-IDS, laying the groundwork for practical implementation and experimental validation in a companion study.
Open Zoom