Download Fuzzy Alerts

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
Document related concepts

Nonlinear dimensionality reduction wikipedia , lookup

Transcript 
Fuzzy Network Profiling for
Intrusion Detection
Dickerson, J.E.; Dickerson, J.A.
Fuzzy Information Processing Society, 2000.
NAFIPS. 19th International Conference of the
North American , 2000
Reporter : Chien-Chung Su
Agenda

Introduction
 System Architecture
 Implementation example
 Conclusion
Introduction

Intrusion Detection System
– A process to identifying network activity that
can lead to the compromise of a security policy

Two primary form
– Misuse Detection
 Matching known patterns of hostile activity against
database of past attacks
– Anomaly Detection
 Applying statistical measures or artificial knowledge
to compare current activity against historical
knowledge of network utilization
System Architecture (1/5)

Fuzzy Intrusion Recognition Engine(FIRE)
– Anomaly-based intrusion detection system
– Applying Fuzzy Theory
– Applying simple data mining technique
System Architecture (2/5)
A Local Area Local
Network Data
Collector
(NDC)
Fuzzy Alerts
Raw data
Network Data
Processor
(NDP)
Fuzzy Threat
Analyzer
(FTA)
Mined data
System Architecture (3/5)

Network Data Collector(NDC)
– Grab all packets that cross the wire and stores
them to disk
– To help avoid packet loss in the data collection
system, it is important that the tasks performed
by the NDC be very limited
System Architecture (4/5)

Network Data Processor(NDP)
– Perform a kind of data mining on the collected
packets
– Compare the current data with the historical
mined data to create the “normalized” value
that reflect how the new data differs from what
was observed in the past
System Architecture (5/5)

Fuzzy Threat Analyzer(FTA)
– A fuzzy rules can incorporate one or more
fuzzy inputs
– Depending on the fuzzy values, the fuzzy rules
designer can make the types of intrusions they
can detect either very general or very specific
Implementation example (1/4)

What metrics we wants?
– SrcIP , DstIP , SrcPort , DstPort
– TCP flags , data length
– Data content
– Time the packet was sent

Example
– sdp = (SrcIP , DstIP ,SrcPort , DstPort)
– Represents the existence of a TCP channel(whether
successful or not) between two IP end points
Implementation example (2/4)

Define fuzzy variables
– COUNT
– UNIQUENESS
– VARIANCE

Membership Function
LOW
MED-LOW
MED
10
25
MED-HIGH
HIGH
1
2
5
50
100
Implementation example (3/4)

Design fuzzy rules
– Scenario : Network scan
– Rules examples




If (COUNT == LOW) && (UNIQUENESS == MED)
Then “Network Scan” = MED-LOW
If (COUNT == MED) && (UNIQUENESS == LOW)
Then “Network Scan” = LOW
If (COUNT == MED) && (UNIQUENESS == HIGH)
Then “Network Scan” = HIGH
If (COUNT of ForeignHosts == HIGH) &&
(UNIQUENESS of DNS == HIGH)
Then “DNS Scan” == HIGH
Implementation example (4/4)

System issues
– Data collection interval
– Define fuzzy variables
– Data mining techniques
– Fuzzy rules
Conclusion

Intrusion detection with a part of fuzziness
 Expert system should be supported
 Real-time data mining issues
Related documents
M.Tech. IN ADVANCED INFORMATION TECHNOLOGY - INTELLIGENT SYSTEMS AND ROBOTICS (MTECHSR) Term-End Examination
M.Tech. IN ADVANCED INFORMATION TECHNOLOGY - INTELLIGENT SYSTEMS AND ROBOTICS (MTECHSR) Term-End Examination
Overview of Part II, CMSC5707 Advanced Topics in Artificial
Overview of Part II, CMSC5707 Advanced Topics in Artificial
customized Microsoft Word 2007 chapter abstract template
customized Microsoft Word 2007 chapter abstract template
Anomaly Detection Using GAs
Anomaly Detection Using GAs
Tutorial Details
Tutorial Details
3Jain-Agarwal
3Jain-Agarwal
Document
Document
Some Applications of Fuzzy Logic in Data Mining and Information
Some Applications of Fuzzy Logic in Data Mining and Information
Bölüm
Bölüm
CS607_Current_Subjective
CS607_Current_Subjective
WYDZIAŁ
WYDZIAŁ
Artificial Intelligence and Expert Systems (CB711) Lecturer: Dr
Artificial Intelligence and Expert Systems (CB711) Lecturer: Dr
Intrusion Detection using Genetic Programming
Intrusion Detection using Genetic Programming
A Simple Fuzzy Excitation Control System for Synchronous Generator
A Simple Fuzzy Excitation Control System for Synchronous Generator
ppt - Princeton University
ppt - Princeton University
chapter 2 - UniMAP Portal
chapter 2 - UniMAP Portal
The First Computational Intelligence Reading of IEEE SMC Student
The First Computational Intelligence Reading of IEEE SMC Student
Ethics: A Lost Concept in the 21st Century
Ethics: A Lost Concept in the 21st Century
PPT
PPT
Diagnosis of Pulmonary Embolism Using Fuzzy Inference System
Diagnosis of Pulmonary Embolism Using Fuzzy Inference System
Fuzzy Set Approaches
Fuzzy Set Approaches
Fuzzy arithmetic is not a conservative way to do risk analysis
Fuzzy arithmetic is not a conservative way to do risk analysis