Conference Paper

Fuzzy intrusion detection

Dept. of Electr. & Comput. Eng., Iowa State Univ., Ames, IA
DOI: 10.1109/NAFIPS.2001.943772 Conference: IFSA World Congress and 20th NAFIPS International Conference, 2001. Joint 9th, Volume: 3
Source: IEEE Xplore

ABSTRACT The Fuzzy Intrusion Recognition Engine (FIRE) is a network
intrusion detection system that uses fuzzy systems to assess malicious
activity against computer networks. The system uses an agent-based
approach to separate monitoring tasks. Individual agents perform their
own fuzzification of input data sources. All agents communicate with a
fuzzy evaluation engine that combines the results of individual agents
using fuzzy rules to produce alerts that are true to a degree. Several
intrusion scenarios are presented along with the fuzzy systems for
detecting the intrusions. The fuzzy systems are tested using data
obtained from networks under simulated attacks. The results show that
fuzzy systems can easily identify port scanning and denial of service
attacks. The system can be effective at detecting some types of backdoor
and Trojan horse attacks

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network's existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter's inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture.
    The Scientific World Journal 01/2014; 2014:178937. · 1.73 Impact Factor
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The deployment of wireless sensor networks and mobile ad-hoc networks in applications such as emergency services, warfare and health monitoring poses the threat of various cyber hazards, intrusions and attacks as a consequence of these networks’ openness. Among the most significant research difficulties in such networks safety is intrusion detection, whose target is to distinguish between misuse and abnormal behavior so as to ensure secure, reliable network operations and services. Intrusion detection is best delivered by multi-agent system technologies and advanced computing techniques. To date, diverse soft computing and machine learning techniques in terms of computational intelligence have been utilized to create Intrusion Detection and Prevention Systems (IDPS), yet the literature does not report any state-of-the-art reviews investigating the performance and consequences of such techniques solving wireless environment intrusion recognition issues as they gain entry into cloud computing. The principal contribution of this paper is a review and categorization of existing IDPS schemes in terms of traditional artificial computational intelligence with a multi-agent support. The significance of the techniques and methodologies and their performance and limitations are additionally analyzed in this study, and the limitations are addressed as challenges to obtain a set of requirements for IDPS in establishing a collaborative-based wireless IDPS (Co-WIDPS) architectural design. It amalgamates a fuzzy reinforcement learning knowledge management by creating a far superior technological platform that is far more accurate in detecting attacks. In conclusion, we elaborate on several key future research topics with the potential to accelerate the progress and deployment of computational intelligence based Co-WIDPSs.
    Engineering Applications of Artificial Intelligence 05/2013; 26(9):2105–2127. · 1.96 Impact Factor
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Distributed denial of service (DDoS) attacks represent a significant threat for companies, affecting them on a regular basis, as reported in the 2013 Information Security Breaches Survey (Technical Report. The most common target is web services, the downtime of which could lead to significant monetary costs and loss of reputation. IP spoofing is often used in DDoS attacks not only to protect the identity of offending bots but also to overcome IP-based filtering controls. This paper aims to propose a new multi-layer IP Spoofing detection mechanism, called fuzzy hybrid spoofing detector (FHSD), which is based on source MAC address, hop count, GeoIP, OS passive fingerprinting and web browser user agent. The hop count algorithm has been optimized to limit the need for continuous traceroute requests, by querying the subnet IP Address and GeoIP information instead of individual IP addresses. FHSD uses fuzzy empirical rules and fuzzy largest of maximum operator to identify offensive IPs and mitigate offending traffic. The proposed system was developed and tested against the BoNeSi DDoS emulator with encouraging results in terms of detection and performance. Specifically, FHSD analysed 10 000 packets, and correctly identified 99.99% of spoofed traffic in <5 s. It also reduced the need for traceroute requests by 97%.
    The Computer Journal 02/2014; · 0.76 Impact Factor

Full-text (2 Sources)

Available from
May 21, 2014