Fuzzy logic on decision model for IDS

Nowadays one of the main problems of Intrusion Detection Systems (IDS) is the high rate of false positives that they show. The number of alerts that an IDS launches are clearly higher than the number of real attacks. This paper tries to introduce a measure of the IDS prediction skill in close relationship with these false positives. So the prediction skill of an IDS is then computed according to the false positives produced. The problem faced is how to make an accurate prediction from the results of different IDS. The fraction of IDS over the total number of them that predicts a given event will determine whether such event is predicted or not. The performance obtained from the application of fuzzy thresholds over such fraction is compared with the corresponding crisp thresholds. The results of these comparisons allow us to conclude a relevant improvement when fuzzy thresholds are involved.