Decision Making For Network Health Assessment In An Intelligent Intrusion Detection System Architecture

This paper describes the use of artificial intelligence techniques in the creation of a network-based decision engine for decision support in an Intelligent Intrusion Detection System (IIDS). In order to assess overall network health, the decision engine fuses outputs from different intrusion detection sensors serving as "experts" and then analyzes the integrated information to present an overall security view of the system for the security administrator. This paper reports on the workings of a decision engine that has been successfully embedded into the IIDS architecture being built at the Center for Computer Security Research, Mississippi State University. The decision engine uses Fuzzy Cognitive Maps (FCM)s and fuzzy rule-bases for causal knowledge acquisition and to support the causal knowledge reasoning process.

[1]  Julie A. Dickerson,et al.  Fuzzy intrusion detection , 2001, Proceedings Joint 9th IFSA World Congress and 20th NAFIPS International Conference (Cat. No. 01TH8569).

[2]  Rayford B. Vaughn,et al.  An improved algorithm for fuzzy data mining for intrusion detection , 2002, 2002 Annual Meeting of the North American Fuzzy Information Processing Society Proceedings. NAFIPS-FLINT 2002 (Cat. No. 02TH8622).

[3]  C.E. Pelaez,et al.  Applying fuzzy cognitive-maps knowledge-representation to failure modes effects analysis , 1995, Annual Reliability and Maintainability Symposium 1995 Proceedings.

[4]  Susan M. Bridges,et al.  Mining fuzzy association rules and fuzzy frequency episodes for intrusion detection , 2000, Int. J. Intell. Syst..

[5]  Julie A. Dickerson,et al.  Fuzzy feature extraction and visualization for intrusion detection , 2003, The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03..

[6]  Takashi Okuda,et al.  Computational intelligence for distributed fault management in networks using fuzzy cognitive maps , 1996, Proceedings of ICC/SUPERCOMM '96 - International Conference on Communications.

[7]  Bart Kosko,et al.  Neural networks and fuzzy systems: a dynamical systems approach to machine intelligence , 1991 .

[8]  Jan H. P. Eloff,et al.  Cognitive Fuzzy Modeling for Enhanced Risk Assessment in a Health Care Institution , 2000, IEEE Intell. Syst..

[9]  Julie A. Dickerson,et al.  Creating metabolic and regulatory network models using fuzzy cognitive maps , 2001, Proceedings Joint 9th IFSA World Congress and 20th NAFIPS International Conference (Cat. No. 01TH8569).

[10]  Wei Li,et al.  The Integration of Security Sensors into Intelligent Intrusion Detection System in a Cluster Environment , 2002 .

[11]  Maureen Caudill Using neural nets, part 3: fuzzy cognitive maps , 1990 .

[12]  Julie A. Dickerson,et al.  Fuzzy network profiling for intrusion detection , 2000, PeachFuzz 2000. 19th International Conference of the North American Fuzzy Information Processing Society - NAFIPS (Cat. No.00TH8500).

[13]  Mohammed Ismail,et al.  Virtual Worlds as Fuzzy Dynamical Systems , 1998 .

[14]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[15]  Eulalia Szmidt,et al.  Fuzzy thinking. The new science of fuzzy logic , 1996 .

[16]  Rod Taber,et al.  Knowledge processing with Fuzzy Cognitive Maps , 1991 .

[17]  Vasant Dhar,et al.  Seven Methods for Transforming Corporate Data Into Business Intelligence , 1996 .

[18]  Bart Kosko,et al.  Virtual Worlds as Fuzzy Dynamical Systems , 1996 .

[19]  Aurobindo Sundaram,et al.  An introduction to intrusion detection , 1996, CROS.

[20]  Rayford B. Vaughn,et al.  Fuzzy cognitive maps for decision support in an intelligent intrusion detection system , 2001, Proceedings Joint 9th IFSA World Congress and 20th NAFIPS International Conference (Cat. No. 01TH8569).

[21]  S. Bridges INTRUSION DETECTION VIA FUZZY DATA MINING , 2000 .

[22]  Rayford B. Vaughn,et al.  Techniques Applied to High Performance Computing Intrusion Detection , 2002 .

[23]  Zhen Liu,et al.  Attacking a High Performance Computer Cluster , 2004 .

[24]  Bart Kosko,et al.  Fuzzy Cognitive Maps , 1986, Int. J. Man Mach. Stud..

[25]  Jianxiong Luo INTEGRATING FUZZY LOGIC WITH DATA MINING METHODS FOR INTRUSION DETECTION , 1999 .

[26]  Chrysostomos D. Stylios,et al.  A Soft Computing Approach for Modelling the Supervisor of Manufacturing Systems , 1999, J. Intell. Robotic Syst..

[27]  Jonatan Gómez,et al.  Evolving Fuzzy Classifiers for Intrusion Detection , 2002 .

[28]  Z. Liu A Lightweight Intrusion Detection System for the Cluster Environment , 2003 .