A comparative study of different fuzzy classifiers for Cloud Intrusion Detection Systems' alerts

The use of Internet has been increasing day by day and the internet traffic is exponentially increasing. The services providers such as web services providers, email services providers, and cloud service providers have to deal with millions of users per second; and thus, the level of threats to their growing networks is also very high. To deal with this much number of users is a big challenge but detection and prevention of such kinds of threats is even more challenging and vital. This is due to the fact that those threats might cause a severe loss to the service providers in terms of privacy leakage or unavailability of the services to the users. To incorporate this issue, several Intrusion Detections Systems (IDS) have been developed that differ in their detection capabilities, performance and accuracy. In this study, we have used SNORT and SURICATA as well-known IDS systems that are used worldwide. The aim of this paper is to analytically compare the functionality, working and the capability of these two IDS systems in order to detect the intrusions and different kinds of cyber-attacks within MyCloud network. Furthermore, this study also proposes a Fuzzy-Logic engine based on these two IDSs in order to enhances the performance and accuracy of these two systems in terms of increased accuracy, specificity, sensitivity and reduced false alarms. Several experiments in this compatrative study have been conducted by using and testing ISCX dataset, which results that fuzzy logic based IDS outperforms IDS alone whereas FL-SnortIDS system outperforms FL-SuricataIDS.

[1]  Terrence P. Fries,et al.  A fuzzy-genetic approach to network intrusion detection , 2008, GECCO '08.

[2]  Lee Garber,et al.  Denial-of-Service Attacks Rip the Internet , 2000, Computer.

[3]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[4]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[5]  Steven Levy,et al.  Hackers: Heroes of the Computer Revolution , 1984 .

[6]  Siegfried Gottwald,et al.  Fuzzy Sets and Fuzzy Logic , 1993 .

[7]  Matthew C. Waxman,et al.  Cyber-Attacks and the Use of Force: Back to the Future of Article 2(4) , 2011 .

[8]  Oona A. Hathaway,et al.  The Law of Cyber-Attack , 2012 .

[9]  Ronald L. Rivest,et al.  ON DATA BANKS AND PRIVACY HOMOMORPHISMS , 1978 .

[10]  M. Augustin,et al.  Intrusion detection with early recognition of encrypted application , 2011, 2011 15th IEEE International Conference on Intelligent Engineering Systems.

[11]  G. P. Ramesh Kumar,et al.  Intrusion Detection Analysis by Implementing Fuzzy Logic , 2016 .

[12]  Roger Larsen,et al.  BRO - an Intrusion Detection System , 2011 .

[13]  Sergey Bezborodov Intrusion Detection Systems and Intrusion Prevention System with Snort provided by Security Onion. , 2016 .

[14]  Calvin Ko,et al.  Challenges in intrusion detection for wireless ad-hoc networks , 2003, 2003 Symposium on Applications and the Internet Workshops, 2003. Proceedings..

[15]  Paul M. Schwartz,et al.  Internet Privacy and the State , 2000 .

[16]  Vipin Kumar,et al.  A Comparative Study of Classification Techniques for Intrusion Detection , 2013, 2013 International Symposium on Computational and Business Intelligence.

[17]  Scott J. Shackelford From Nuclear War to Net War: Analogizing Cyber Attacks in International Law , 2009 .

[18]  Khatuna Burkadze Cyber Security and International Law , 2016 .

[19]  Andrew Hay,et al.  OSSEC Host-Based Intrusion Detection Guide , 2008 .

[20]  Oriol Solà Campillo Security issues in Internet of Things , 2017 .

[21]  Colin Tankard,et al.  The security issues of the Internet of Things , 2015 .

[22]  K. Alagarsamy,et al.  A FUZZY MATHEMATICAL MODEL FOR PEFORMANCE TESTING IN CLOUD COMPUTING USING USER DEFINED PARAMETERS , 2013 .

[23]  Kai Hwang,et al.  Cloud Security with Virtualized Defense and Reputation-Based Trust Mangement , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[24]  Dimitar P. Filev,et al.  Fuzzy SETS AND FUZZY LOGIC , 1996 .