NETWORK INTRUSION DETECTION SYSTEM USING FUZZY LOGIC

2014

With the rapid expansion of computer networks during the past few years, security has become a crucial issue for modern computer systems. A good way to detect illegitimate use is through monitoring unusual user activity. The solution is an Intrusion Detection System (IDS) which is used to identify attacks and to react by generating an alert or blocking the unwanted data. For IDS, use of genetic algorithm gives huge number of rules which are required for anomaly intrusion detection. These rules will work with highquality accuracy for detecting the Denial of Service and Probe type of attacks connections and with appreciable accuracy for identifying the U2R and R2L connections. After getting huge rules we apply fuzzy data mining techniques to security system and build a fuzzy data mining based intrusion detection model. These findings from this experiment have given promising results towards applying GA and Fuzzy data mining for Network Intrusion Detection. Performance of the proposed ...

2018 2nd Cyber Security in Networking Conference (CSNet), 2018

IJSRD, 2013

In this paper, we present an efficient intrusion detection technique. The intrusion detection plays an important role in network security. However, many current intrusion detection systems (IDSs) are signature based systems. The signature based IDS also known as misuse detection looks for a specific signature to match, signaling an intrusion. Provided with the signatures or patterns, they can detect many or all known attack patterns, but they are of little use for as yet unknown attacks. The rate of false positives is close to nil but these types of systems are poor at detecting new attacks, variation of known attacks or attacks that can be masked as normal behavior. Our proposed solution, overcomes most of the limitations of the existing methods. The field of intrusion detection has received increasing attention in recent years. One reason is the explosive growth of the internet and the large number of networked systems that exist in all types of organizations. Intrusion detection techniques using data mining have attracted more and more interests in recent years. As an important application area of data mining, they aim to meliorate the great burden of analyzing huge volumes of audit data and realizing performance optimization of detection rules. The objective of this dissertation is to try out the intrusion detection on large dataset by classification algorithms binary class support vector machine and improved its learning time and detection rate in the field of Network based IDS.

Applied Soft Computing, 2009

Vulnerabilities in common security components such as firewalls are inevitable. Intrusion Detection Systems (IDS) are used as another wall to protect computer systems and to identify corresponding vulnerabilities. In this paper a novel framework based on data mining techniques is proposed for designing an IDS. In this framework, the classification engine, which is actually the core of the IDS, uses Association Based Classification (ABC). The proposed classification algorithm uses fuzzy association rules for building classifiers. Particularly, the fuzzy association rulesets are exploited as descriptive models of different classes. The compatibility of any new sample (which is to be classified) with different class rulesets is assessed by the use of some matching measures and the class corresponding to the best matched ruleset is declared as the label of the sample. A new method is also proposed to speed up the rule induction algorithm via reducing items that may be included in extracted rules.

2015

An intrusion detection system (IDS) is used to manage network traffic and monitors for suspicious activity and alerts the system or network administrator. One of the major properties of IDS is to respond for anomalous or malicious traffic by taking action such as blocking the user or source IP address from accessing the network. IDS can identify threats in various ways: 1) it detects specific signatures of known threats and protects against malware 2) it detects based on comparing traffic patterns against a baseline and looking for anomalies. 3) There are some IDS that simply generate an alert and 4) Some IDS perform an action or actions in response to a detected threat. In this paper, we have studied different fuzzy approaches for intrusion detection system specifically for anomaly detection system using Fuzzy set theory and we analyze Fuzzy rule and the fitness function of Genetic algorithm for anomaly based attack detection.

Proceedings of the Postgraduate Annual Research …, 2005

Intrusion Detection Systems are increasingly a key part of systems defense. Various approaches to Intrusion Detection are currently being used, but they are relatively ineffective. Artificial Intelligence plays a driving role in security services. This paper proposes a dynamic model Intelligent Intrusion Detection System, based on specific AI approach for intrusion detection. The techniques that are being investigated includes neural networks and fuzzy logic with network profiling, that uses simple data mining techniques to process the network data. The proposed system is a hybrid system that combines anomaly, misuse and host based detection. Simple Fuzzy rules allow us to construct if-then rules that reflect common ways of describing security attacks. For host based intrusion detection we use neural-networks along with self organizing maps. Suspicious intrusions can be traced back to its original source path and any traffic from that particular source will be redirected back to them in future.

Expert Systems With Applications, 2005

In this paper, we propose a novel Intrusion Detection System (IDS) architecture utilizing both anomaly and misuse detection approaches. This hybrid Intrusion Detection System architecture consists of an anomaly detection module, a misuse detection module and a decision support system combining the results of these two detection modules. The proposed anomaly detection module uses a Self-Organizing Map (SOM) structure to model normal behavior. Deviation from the normal behavior is classified as an attack. The proposed misuse detection module uses J.48 decision tree algorithm to classify various types of attacks. The principle interest of this work is to benchmark the performance of the proposed hybrid IDS architecture by using KDD Cup 99 Data Set, the benchmark dataset used by IDS researchers. A rule-based Decision Support System (DSS) is also developed for interpreting the results of both anomaly and misuse detection modules. Simulation results of both anomaly and misuse detection modules based on the KDD 99 Data Set are given. It is observed that the proposed hybrid approach gives better performance over individual approaches.

… Processing Society, 2002. …, 2002

We have been using fuzzy data mining techniques to extract patterns that represent normal behavior for intrusion detection. In this paper we describe a variety of modifications that we have made to the data mining algorithms in order to improve accuracy and efficiency. We use sets of fuzzy association rules that are mined from network audit data as models of "normal behavior." To detect anomalous behavior, we generate fuzzy association rules from new audit data and compute the similarity with sets mined from "normal" data. If the similarity values are below a threshold value, an alarm is issued. In this paper we describe an algorithm for computing fuzzy association rules based on Borgelt's prefix trees, modifications to the computation of support and confidence of fuzzy rules, a new method for computing the similarity of two fuzzy rule sets, and feature selection and optimization with genetic algorithms. Experimental results demonstrate that we can achieve better running time and accuracy with these modifications.

JOURNAL OF COMPUTER AND INFORMATION TECHNOLOGY, 2018

Network security is of primary concerned now days for large organizations. The intrusion detection systems (IDS) are becoming indispensable for effective protection against attacks that are constantly changing in magnitude and complexity. With data integrity, confidentiality and availability, they must be reliable, easy to manage and with low maintenance cost. Various modifications are being applied to IDS regularly to detect new attacks and handle them. This paper proposes a fuzzy genetic algorithm (FGA) for intrusion detection. The FGA system is a fuzzy classifier, whose knowledge base is modelled as a fuzzy rule such as "if-then" and improved by a genetic algorithm. The reasons for introducing fuzzy logic is twofold, the first being the involvement of many quantitative features where there is no separation between normal operations and anomalies. Thus fuzzy association rules can be mined to find the abstract correlation among different security features. The method is tested on the benchmark KDD'99 intrusion dataset and compared with other existing techniques available in the literature. The results are encouraging and demonstrate the benefits of the proposed approach.