Conference Paper

Intrusion detection system based on fuzzy default logic

Dept. of Comput. Sci. & Technol., Southeast Univ., Nanjing, China
DOI: 10.1109/FUZZ.2003.1206627 Conference: Fuzzy Systems, 2003. FUZZ '03. The 12th IEEE International Conference on, Volume: 2
Source: IEEE Xplore

ABSTRACT Current IDSs usually have several shortcomings. First, the speed and sensitivity of detection are not so ideal. Secondly, the response system lacks the ability to correct errors. Thirdly, the cost of intrusion detection is not considered, that is, the response policy is static. This paper applies fuzzy default theory to transform reasoning and response engine of IDS, based on the proving of IDS as non-monotonic, and set up an intelligent IDS-FDL-IDS. The experiment result showed that FDL-IDS increased the detection speed and sensitivity and decreased the cumulative cost as compared with traditional intrusion detection expert system.

0 Bookmarks
 · 
65 Views
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The slow port scan attack detection is the one of the important topics in the network security. We suggest an abnormal traffic control framework to detect slow port scan attacks using fuzzy rules. The abnormal traffic control framework acts as an intrusion prevention system to suspicious network traffic. It manages traffic with a stepwise policy: first decreasing network bandwidth and then discarding traffic. In this paper, we show that our abnormal traffic control framework effectively detects slow port scan attacks traffic using fuzzy rules and a stepwise policy.
    Intelligent Environments, 2008 IET 4th International Conference on; 08/2008
  • [Show abstract] [Hide abstract]
    ABSTRACT: Intrusion Detection Systems (IDSs) deal with large amount of data containing irrelevant and redundant features, which leads to slow training and testing processes, heavy computational resources and low detection accuracy. Therefore, the features selection is an important issue in intrusion detection. Reducing the features set improves the system accuracy and speeds up the training and testing phases considerably. In this paper, we improve the Enhancing Support Vector Decision Function (ESVDF) approach by integrate it with a fuzzy inferencing model. The fuzzy inferencing model is used to accommodate the learning approximation and the small differences in the decision making steps of the ESVDF approach. It simplifies the design complexity and reduces the execution time of the ESVDF, which speeds up the features selection processing and facilitates any modification or changes in the features selection process that may happen later. In addition, it improves the overall performance of the ESVDF. We have examined the feasibility of our approach by conducting several experiments using the DARPA dataset. The experimental results indicate that the proposed algorithm can deliver a satisfactory performance in terms of classification accuracy, training and testing time.
    The IEEE 23rd International Conference on Advanced Information Networking and Applications, AINA 2009, Bradford, United Kingdom, May 26-29, 2009; 01/2009
  • [Show abstract] [Hide abstract]
    ABSTRACT: Intrusion detection systems (EDSs) deal with large amounts of data containing irrelevant and/or redundant features. These features result in a slow training and testing process, heavy computational resources, and low detection accuracy. Features selection, therefore, is an important issue in EDSs. A reduced features set improves system accuracy and speeds up the training and testing process considerably. In this paper, we propose a novel and simple method - enhanced support vector decision function (ESVDF)-for features selection. This method selects features based on two important factors: the feature's rank (weight), which is calculated using support vector decision function (SVDF), and the correlation between the features, which is determined by either the forward selection ranking (FSR) or backward elimination ranking (BER) algorithm. Our method significantly decreases training and testing times without loss in detection accuracy. Moreover, it selects the features set independently of the classifier used. We have examined the feasibility of our approach by conducting several experiments using the DARPA dataset. The experimental results indicate that the proposed algorithms can deliver satisfactory results in terms of classification accuracy, training time, and testing time.
    Consumer Communications and Networking Conference, 2009. CCNC 2009. 6th IEEE; 02/2009

Full-text

View
1 Download
Available from