Conference Paper

Fuzzy intrusion detection

Dept. of Electr. & Comput. Eng., Iowa State Univ., Ames, IA
DOI: 10.1109/NAFIPS.2001.943772 Conference: IFSA World Congress and 20th NAFIPS International Conference, 2001. Joint 9th, Volume: 3
Source: IEEE Xplore


The Fuzzy Intrusion Recognition Engine (FIRE) is a network
intrusion detection system that uses fuzzy systems to assess malicious
activity against computer networks. The system uses an agent-based
approach to separate monitoring tasks. Individual agents perform their
own fuzzification of input data sources. All agents communicate with a
fuzzy evaluation engine that combines the results of individual agents
using fuzzy rules to produce alerts that are true to a degree. Several
intrusion scenarios are presented along with the fuzzy systems for
detecting the intrusions. The fuzzy systems are tested using data
obtained from networks under simulated attacks. The results show that
fuzzy systems can easily identify port scanning and denial of service
attacks. The system can be effective at detecting some types of backdoor
and Trojan horse attacks

Download full-text


Available from: Julie A Dickerson
  • Source
    • "3.1.1. Fuzzy set (FS) Fuzzy set-oriented WIDPSs correspond to an audit data related to a set of rules which identifies different attributes from the training data as a fuzzy rule base (Dickerson et al., 2001). The fuzzy rule base is beneficial in instances of misuse but is impractical when dealing with unknown behavior. "
    [Show abstract] [Hide abstract]
    ABSTRACT: The deployment of wireless sensor networks and mobile ad-hoc networks in applications such as emergency services, warfare and health monitoring poses the threat of various cyber hazards, intrusions and attacks as a consequence of these networks’ openness. Among the most significant research difficulties in such networks safety is intrusion detection, whose target is to distinguish between misuse and abnormal behavior so as to ensure secure, reliable network operations and services. Intrusion detection is best delivered by multi-agent system technologies and advanced computing techniques. To date, diverse soft computing and machine learning techniques in terms of computational intelligence have been utilized to create Intrusion Detection and Prevention Systems (IDPS), yet the literature does not report any state-of-the-art reviews investigating the performance and consequences of such techniques solving wireless environment intrusion recognition issues as they gain entry into cloud computing. The principal contribution of this paper is a review and categorization of existing IDPS schemes in terms of traditional artificial computational intelligence with a multi-agent support. The significance of the techniques and methodologies and their performance and limitations are additionally analyzed in this study, and the limitations are addressed as challenges to obtain a set of requirements for IDPS in establishing a collaborative-based wireless IDPS (Co-WIDPS) architectural design. It amalgamates a fuzzy reinforcement learning knowledge management by creating a far superior technological platform that is far more accurate in detecting attacks. In conclusion, we elaborate on several key future research topics with the potential to accelerate the progress and deployment of computational intelligence based Co-WIDPSs.
    Full-text · Article · May 2013 · Engineering Applications of Artificial Intelligence
  • Source
    • "Their tests showed that the FIRE could detect a wide range of common attacks. Later, Dickerson et al. [19] further explored the performance of the FIRE and pointed out this system could easily identify port scanning and denial of service attacks. Some other work that is related to the applications of fuzzy in intrusion detection can be referred to [20], [21], [22] and [25]. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Nowadays, network intrusion detection systems (NIDSs) have become an essential part for the network security infrastructure. However, the large number of false alarms is a big problem for these detection systems which greatly reduces their effectiveness and efficiency. To mitigate this problem, we have developed an intelligent false alarm filter to help filter out false alarms by adaptively and periodically selecting the most appropriate machine learning algorithms (e.g., support vector machine, decision tree, k-nearest neighbor) that conduct the best single-algorithm performance. Therefore, our intelligent false alarm filter can keep reducing the number of false alarms at a high and stable level. In this paper, we aim to conduct a case study in exploring the performance of our developed false alarm filter by implementing a fuzzy classifier based on if-then rules. By comparing with other algorithms that have been implemented in our false alarm filter, the experimental results show that the if-then rules based fuzzy algorithm performs a bit better than the baseline algorithm and can be improved by selecting an appropriate fuzzy partition.
    Full-text · Conference Paper · May 2012
  • Source
    • "Here, it is important to study the features of the process for separation of the overlap between normal and abnormal activities. Fuzzy systems have several important features which make them suitable for IDS [4]. Most fuzzy systems make use of human expert knowledge to create their own fuzzy rule base. "
    [Show abstract] [Hide abstract]
    ABSTRACT: An Intrusion Detection System (IDS) is one of the widely used tools for defending computer networks. Its main goal is to classify activities into two major categories: (1) normal activities and (2) intrusive activities. Both types of activities are hard to predict as the boundaries cannot be well defined and a prediction process may generate false alarms. Many anomaly-based intrusion detection systems have experienced this. However, with fuzzy logic, the false alarm rate in determining intrusive activities can be reduced. This paper proposes a One-rule Genetic-Fuzzy classifier system to generate the fuzzy rules that are capable of detecting intrusive activities by using Genetic Algorithms (GA). GA is now a viable alternative for the detection of malicious intrusions. They tune the fuzzy membership functions and select an appropriate set of features. After that they generate a proper discrimination rule. Typically, a set of fuzzy rules (fuzzy classifiers) is used to define the normal and abnormal behavior in a computer network. The main goal of this work is to (1) evolve comprehensible rule(s) that improves the classification rate, (2) produce shorter rules, and (3) perform automatic feature selection according to the complexity of data. The proposed system combines both anomaly-based intrusion detection and misuse detection. A series of experimental results on the well-known KDD Cup 1999 data set [12] demonstrate that the proposed method is feasible. In the paper a performance of the evolved fuzzy classifiers with a classification accuracy of 92% is presented.
    Full-text · Conference Paper · May 2012
Show more