Conference Paper

Fuzzy intrusion detection

Dept. of Electr. & Comput. Eng., Iowa State Univ., Ames, IA
DOI: 10.1109/NAFIPS.2001.943772 Conference: IFSA World Congress and 20th NAFIPS International Conference, 2001. Joint 9th, Volume: 3
Source: IEEE Xplore

ABSTRACT The Fuzzy Intrusion Recognition Engine (FIRE) is a network
intrusion detection system that uses fuzzy systems to assess malicious
activity against computer networks. The system uses an agent-based
approach to separate monitoring tasks. Individual agents perform their
own fuzzification of input data sources. All agents communicate with a
fuzzy evaluation engine that combines the results of individual agents
using fuzzy rules to produce alerts that are true to a degree. Several
intrusion scenarios are presented along with the fuzzy systems for
detecting the intrusions. The fuzzy systems are tested using data
obtained from networks under simulated attacks. The results show that
fuzzy systems can easily identify port scanning and denial of service
attacks. The system can be effective at detecting some types of backdoor
and Trojan horse attacks

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Distributed denial of service (DDoS) attacks represent a significant threat for companies, affecting them on a regular basis, as reported in the 2013 Information Security Breaches Survey (Technical Report. The most common target is web services, the downtime of which could lead to significant monetary costs and loss of reputation. IP spoofing is often used in DDoS attacks not only to protect the identity of offending bots but also to overcome IP-based filtering controls. This paper aims to propose a new multi-layer IP Spoofing detection mechanism, called fuzzy hybrid spoofing detector (FHSD), which is based on source MAC address, hop count, GeoIP, OS passive fingerprinting and web browser user agent. The hop count algorithm has been optimized to limit the need for continuous traceroute requests, by querying the subnet IP Address and GeoIP information instead of individual IP addresses. FHSD uses fuzzy empirical rules and fuzzy largest of maximum operator to identify offensive IPs and mitigate offending traffic. The proposed system was developed and tested against the BoNeSi DDoS emulator with encouraging results in terms of detection and performance. Specifically, FHSD analysed 10 000 packets, and correctly identified 99.99% of spoofed traffic in <5 s. It also reduced the need for traceroute requests by 97%.
    The Computer Journal 02/2014; · 0.76 Impact Factor
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture.
    The Scientific World Journal 01/2014; 2014:178937. · 1.73 Impact Factor
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper represents a system, which detects malicious HTTP request and obtains the lowest false-positive rate with high detection rate. For this purpose, each extracted feature of a HTTP request is modeled by multiple hidden Markov models as a classifier ensemble. HMMs outputs of an ensemble are fused to product a probabilistic value that showing normalcy of corresponding feature. In this system, instead of a threshold, a fuzzy inference is applied to produce a flexible decision boundary. So, fuzzy sets and rules of decision module are formed manually, next, output of each HMM ensemble is converted to a fuzzy value with respect to fuzzy sets. Finally, a fuzzy inference engine uses these values to produce output that indicates whether the HTTP request is normal or abnormal. Experiments show that this approach is flexible and has acceptable accuracy in detecting requests close to the decision boundary, and false-positive rate is 0.79%.
    Intelligent Systems, Modelling and Simulation (ISMS), 2012 Third International Conference on; 01/2012

Full-text (2 Sources)

Available from
May 21, 2014