Fuzzy clustering for intrusion detection

H. Shah, J. Undercoffer, A. Joshi
The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03.  
The newly formed Department of Homeland Security has been mandated to reduce America's vulnerability to terrorism. In addition to being charged with physical protection, this newly formed department is also responsible for protecting the nation's critical infrastructure. Protecting computer systems from intrusions is an important aspect of securing the nation's infrastructure. We are exploring how fuzzy data mining and concepts introduced by the semantic web can operate in synergy to perform
more » ... nergy to perform Distributed Intrusion Detection. The underlying premise of our intrusion detection model is to describe attacks as instances of an ontology using a semantically rich language, reason over them and subsequently classify them as instances of an attack of a specific type. However, before an abnormality can be specified as an instance of the ontology, it first needs to be detected. Hence, our intrusion detection model is two phased, where the first phase uses data mining techniques to analyze low level data streams that capture process, system and network states and to detect anomalous behavior. The second phase reasons over instances of anomalous behavior specified according to our ontology. This paper focuses on the initial phase of our model: outlier detection within low level data streams. Accordingly, we present the preliminary results of the use of fuzzy clustering to detect anomalies within low level kernel data streams.
doi:10.1109/fuzz.2003.1206614 dblp:conf/fuzzIEEE/ShahUJ03 fatcat:i4zmc4gidzbpfkutyywghff56i