An Adaptive Fuzzy Framework based on Optimized Fuzzy Contexts for Detecting Network Intrusions

Habib Ullah Baig, Mahmood Ahmad Sheikh, Farrukh KAMRAN
2010 Mehran University Research Journal of Engineering and Technology  
Anomaly based Intrusion Detection System (AIDS) is one of the key component of a reliable security infrastructure. Working at second line of defense, detection accuracy is the key objective that largely depends upon the precision of its normal profile. Due to existence of vague boundaries between normal and anomalous classes and dynamic network behavior, building accurate and generalize normal profile is very difficult. Based on the assumption that intruder?s behavior can be grouped into
more » ... nt phases active at different times, this article proposes to evolve and use ?short-term fuzzy profiles/contexts? for each such individual intrusion phase resulting in enhanced detection accuracy for low-level attacks. The result is a context-driven, adaptable implementation framework based on a double layer hierarchy of fuzzy sensors. The framework adapts to network conditions by switching between different contexts, according to network traffic patterns, anomaly conditions and organization?s security policies. These contexts are evolved in incremental fashion with genetic algorithm using real-time network traces. The framework is tested using DARPA 98/99 dataset showing accurate detection of low-level DoS attack.
doaj:eca7baf33ae34d24bd12417aaf468b64 fatcat:2tgdkx3f3fglzfxpycin32kxi4