Conference Paper

Fuzzy intrusion detection

Dept. of Electr. & Comput. Eng., Iowa State Univ., Ames, IA
DOI: 10.1109/NAFIPS.2001.943772 Conference: IFSA World Congress and 20th NAFIPS International Conference, 2001. Joint 9th, Volume: 3
Source: IEEE Xplore

ABSTRACT The Fuzzy Intrusion Recognition Engine (FIRE) is a network
intrusion detection system that uses fuzzy systems to assess malicious
activity against computer networks. The system uses an agent-based
approach to separate monitoring tasks. Individual agents perform their
own fuzzification of input data sources. All agents communicate with a
fuzzy evaluation engine that combines the results of individual agents
using fuzzy rules to produce alerts that are true to a degree. Several
intrusion scenarios are presented along with the fuzzy systems for
detecting the intrusions. The fuzzy systems are tested using data
obtained from networks under simulated attacks. The results show that
fuzzy systems can easily identify port scanning and denial of service
attacks. The system can be effective at detecting some types of backdoor
and Trojan horse attacks

0 Bookmarks
 · 
95 Views
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: One of the goals of terrorist organizations is to attack critical infrastructures such as power plants, telecommunication companies etc. Since many critical infrastructures employ various Information and Communication Technologies (ICTs), such an attack may be carried out by using dedicated Electronic Threats (eThreats) such as worms, viruses, Trojans, and spywares. The goal of the attack is to interrupt the normal operation of the critical infrastructure in order to cause economic damages and social chaos. Current state-of– the-art technologies, such as antivirus and intrusion detection systems, are aimed at coping with known eThreats that were encountered before. However, terrorists may write dedicated eThreats that will not be identified by the existing tools. Thus, there is a need to develop generic technologies to identify eThreats based on their behavior, especially over time, and not only based on their unique signature. In many cases, identifying that the computer is infected may be sufficient to stop the attack. In this article, we propose a new approach for early detection of the presence of unknown eThreats, based on their behavior within the target computer. First, an agent extracts various time-stamped data, such as number of active processes at each time-point, from the target computer. Then, by using the Knowledge-Based Temporal Abstraction (KBTA) method, we integrate the continuously measured data (e.g., the number of running processes) and events (e.g., installation) with a security-domain temporal-abstraction knowledge base (i.e., a security ontology specialized for abstraction of meaningful patterns from time-oriented security data), to create higher-level time-oriented concepts and patterns, also known as temporal abstractions. Detected temporal abstractions and the data they are derived from can be explored by visual means, and assist security experts in detecting suspicious patterns compatible with a set of predefined classes of temporal patterns, each defined by a set of time and value constraints, previously specified by a security expert. The temporal abstractions can also be automatically monitored to detect new patterns that match the behavior of known classes of eThreat.
  • [Show abstract] [Hide abstract]
    ABSTRACT: Feature selection is one of the most important techniques for data preprocessing in classification problems. In this paper, fuzzy grids–based association rules mining, as an effective data mining technique, is used for feature selection in misuse detection application in computer networks. The main idea of this algorithm is to find the relationships between items in large datasets so that it detects correlations between inputs of the system and then eliminates the redundant inputs. To classify the attacks, a fuzzy ARTMAP neural network is employed whose training parameters are optimized by gravitational search algorithm. The performance of the proposed system is compared with some other machine learning methods in the same application. Experimental results show that the proposed system, when choosing optimum “feature subset size-adjustment” parameter, performs better in terms of detection rate, false alarm rate, and cost per example in classification problems. In addition, employing the reduced-size feature set results in more than 8.4 percent reduction in computational complexity.
    Neural Computing and Applications 01/2013; · 1.76 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: Network intrusion detection systems (NIDSs) are pattern recognition problems that classify network traffic patterns as either ‘normal’ or ‘abnormal’. Precisely, the main aim of intrusion detection is to identify unauthorized use, misuse, and abuse of computers by detecting malicious network activities such as port scans, denial of service or other attempts to crack computer network environments. Even though the incorporation of conventional Soft Computing techniques in NIDSs has yielded to good solutions, the strong dynamism characterizing network intrusion patterns tend to invalidate the usability of existing framework. To tackle this issue, our proposal performs an adaptive supervised learning on a collection of time series that characterizes the network behavior to create a so-called timed automata-based fuzzy controller (TAFC), i.e. an evolvable fuzzy controller whose dynamic features allow to design an advanced network intrusion detection system able to directly deal with computer network dynamism and support networks’ administrators to prevent eventual damages coming from unauthorized network intrusion. As will be shown in experiments, where our approach has been compared with a conventional Mamdani fuzzy controller, the proposed system reduces the detection error and, as consequence, improves the computer network robustness.
    Soft Computing 07/2012; 16(7). · 1.30 Impact Factor

Full-text (2 Sources)

View
21 Downloads
Available from
May 21, 2014