Improved Intrusion Detection System Using Fuzzy Logic for Detecting Anamoly and Misuse Type of Attacks

Currently available intrusion detection systems focus mainly on determining uncharacteristic system events in distributed networks using signature based approach. Due to its limitation of finding novel attacks, we propose a hybrid model based on improved fuzzy and data mining techniques, which can detect both misuse and anomaly attacks. The aim of our research is to reduce the amount of data retained for processing i.e., attribute selection process and also to improve the detection rate of the existing IDS using data mining technique. We then use improved Kuok fuzzy data mining algorithm, which in turn a modified version of APRIORI algorithm, for implementing fuzzy rules, which allows us to construct if-then rules that reflect common ways of describing security attacks. We applied fuzzy inference engine using mamdani inference mechanism with three variable inputs for faster decision making. The proposed model has been tested and benchmarked against DARPA 1999 data set for its efficiency and also tested against the “live” networking environment inside the campus and the results has been discussed.

[1]  Wenke Lee,et al.  A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems , 1999 .

[2]  Rossouw von Solms,et al.  The utilization of artificial intelligence in a hybrid intrusion detection system , 2002 .

[3]  Ali A. Ghorbani,et al.  Research on Intrusion Detection and Response: A Survey , 2005, Int. J. Netw. Secur..

[4]  Shahrin Sahib,et al.  Intrusion Alert Correlation Technique Analysis for Heterogeneous Log , 2008 .

[5]  A. El-Semary,et al.  Applying Data Mining of Fuzzy Association Rules to Network Intrusion Detection , 2006, 2006 IEEE Information Assurance Workshop.

[6]  Stefanos Manganaris,et al.  A Data Mining Analysis of RTID Alarms , 2000, Recent Advances in Intrusion Detection.

[7]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[8]  Salvatore J. Stolfo,et al.  Data mining-based intrusion detectors: an overview of the columbia IDS project , 2001, SGMD.

[9]  Arthur B. Maccabe,et al.  The architecture of a network level intrusion detection system , 1990 .

[10]  Abdolreza Mirzaei,et al.  Intrusion detection using fuzzy association rules , 2009, Appl. Soft Comput..

[11]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[12]  Julie A. Dickerson,et al.  Fuzzy network profiling for intrusion detection , 2000, PeachFuzz 2000. 19th International Conference of the North American Fuzzy Information Processing Society - NAFIPS (Cat. No.00TH8500).

[13]  Hervé Debar,et al.  A serial combination of anomaly and misuse IDSes applied to HTTP traffic , 2004, 20th Annual Computer Security Applications Conference.

[14]  Robert Orchard,et al.  Fuzzy Reasoning in JESS: The Fuzzyj Toolkit and Fuzzyjess , 2001, ICEIS.

[15]  Siti Mariyam Shamsuddin,et al.  Ensemble classifiers for network intrusion detection system , 2009 .

[16]  R.K. Cunningham,et al.  Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[17]  Man Hon Wong,et al.  Mining fuzzy association rules in databases , 1998, SGMD.

[18]  Ajith Abraham,et al.  Ensemble of One-Class Classifiers for Network Intrusion Detection System , 2008, 2008 The Fourth International Conference on Information Assurance and Security.

[19]  Mohammad Zulkernine,et al.  A hybrid network intrusion detection technique using random forests , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[20]  Lotfi A. Zadeh,et al.  Outline of a New Approach to the Analysis of Complex Systems and Decision Processes , 1973, IEEE Trans. Syst. Man Cybern..

[21]  Monis Akhlaq,et al.  Evaluating Intrusion Detection Systems in High Speed Networks , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[22]  Joseph B. Evans,et al.  Wireless networking security: open issues in trust, management, interoperation and measurement , 2006, Int. J. Secur. Networks.