Techniques Applied to High Performance Computing Intrusion Detection

This paper describes a prototype intelligent intrusion detection system (IIDS) that is being developed to demonstrate the effectiveness of specific artificial intelligence approaches to intrusion detection within a high performance computing (HPC) architecture. It is an update of previously reported research. The techniques being investigated include both neural networks and data mining techniques that use fuzzy logic including fuzzy association rules, fuzzy frequent episodes, and fuzzy cognitive maps. The system under development combines both anomaly and misuse detection mechanisms and uses both network traffic and system audit data as inputs. Suspected intrusions are reported to a decisionmaking module for analysis and action. Fuzzy cognitive maps (FCMs) and fuzzy rule-bases are used for the causal knowledge acquisition and to support the causal knowledge reasoning process in the decision-making module. Preliminary results dealing with detection of intrusions unique to an HPC environment are presented.

[1]  C.E. Pelaez,et al.  Applying fuzzy cognitive-maps knowledge-representation to failure modes effects analysis , 1995, Annual Reliability and Maintainability Symposium 1995 Proceedings.

[2]  H. S. Teng,et al.  Adaptive real-time anomaly detection using inductively generated sequential patterns , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  S. Bridges,et al.  Genetic Algorithm Optimization of Membership Functions for Mining Fuzzy Association Rules , 2000 .

[4]  Zhen Liu,et al.  A comparison of input representations in neural networks: a case study in intrusion detection , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[5]  Rod Taber,et al.  Knowledge processing with Fuzzy Cognitive Maps , 1991 .

[6]  Kun Chang Lee,et al.  A causal knowledge-driven inference engine for expert system , 1998, Proceedings of the Thirty-First Hawaii International Conference on System Sciences.

[7]  P. P. Groumpos,et al.  Fuzzy cognitive maps: a soft computing technique for intelligent control , 2000, Proceedings of the 2000 IEEE International Symposium on Intelligent Control. Held jointly with the 8th IEEE Mediterranean Conference on Control and Automation (Cat. No.00CH37147).

[8]  Jianxiong Luo INTEGRATING FUZZY LOGIC WITH DATA MINING METHODS FOR INTRUSION DETECTION , 1999 .

[9]  Aurobindo Sundaram,et al.  An introduction to intrusion detection , 1996, CROS.

[10]  Jan H. P. Eloff,et al.  Cognitive Fuzzy Modeling for Enhanced Risk Assessment in a Health Care Institution , 2000, IEEE Intell. Syst..

[11]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[12]  Susan M. Bridges,et al.  Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection , 2000, Int. J. Intell. Syst..

[13]  Bart Kosko,et al.  Neural networks and fuzzy systems: a dynamical systems approach to machine intelligence , 1991 .

[14]  Takashi Okuda,et al.  Computational intelligence for distributed fault management in networks using fuzzy cognitive maps , 1996, Proceedings of ICC/SUPERCOMM '96 - International Conference on Communications.

[15]  Rayford B. Vaughn,et al.  An improved algorithm for fuzzy data mining for intrusion detection , 2002, 2002 Annual Meeting of the North American Fuzzy Information Processing Society Proceedings. NAFIPS-FLINT 2002 (Cat. No. 02TH8622).

[16]  J.A.B. Tome,et al.  Rule based fuzzy cognitive maps and fuzzy cognitive maps-a comparative study , 1999, 18th International Conference of the North American Fuzzy Information Processing Society - NAFIPS (Cat. No.99TH8397).

[17]  Man Hon Wong,et al.  Mining fuzzy association rules in databases , 1998, SGMD.

[18]  Bart Kosko,et al.  Fuzzy Cognitive Maps , 1986, Int. J. Man Mach. Stud..

[19]  Bob Orchard,et al.  FuzzyCLIPS Version 6.10d User's Guide , 2004 .

[20]  Heikki Mannila,et al.  Discovering Generalized Episodes Using Minimal Occurrences , 1996, KDD.

[21]  Alfonso Valdes,et al.  Live Traffic Analysis of TCP/IP Gateways , 1998, NDSS.

[22]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[23]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[24]  R. Agarwal Fast Algorithms for Mining Association Rules , 1994, VLDB 1994.

[25]  S. Bridges INTRUSION DETECTION VIA FUZZY DATA MINING , 2000 .

[26]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[27]  Salvatore J. Stolfo,et al.  Mining Audit Data to Build Intrusion Detection Models , 1998, KDD.