Application of Type-2 Fuzzy Logic to Rule-based Intrusion Alert Correlation Detection
نویسندگان
چکیده
An intrusion detection system (IDS) is a security layer that is used to discover ongoing intrusive attacks and anomalous activities in information systems, which means usually working in a dynamically changing environment. Although increasing attention to IDSs is evident in the literature, network security administrators are still faced with the task of analyzing enormous numbers of alerts produced from different event streams. The intrusion detection model therefore needs to be continuously tuned, in order to reduce correlative alerts and help the administrator to accurately determine critical attacks. In this work, an alert correlation detection module is proposed to analyze the alerts produced by IDSs, providing a more succinct and comprehensive view of intrusions. An automatically-tuned IDS rule-generation module that is based on a type-2 fuzzy logic technique is used to block highly correlative alerts. The experimental results reveal that the proposed model is effective in achieving alert reduction and abstraction.
منابع مشابه
Real-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach
Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...
متن کاملTitle : Alert Correlation in Collaborative Intelligent Intrusion
As complete prevention of computer attacks is not possible, intrusion detection systems (IDSs) play a very important role in minimizing the damage caused by different computer attacks. There are two intrusion detection methods: namely misuseand anomaly-based. A collaborative intelligent intrusion detection system (CIIDS) is proposed to include both methods, since it is concluded from recent res...
متن کاملInternational Journal of Computer Application Issue 4, Volume 1 (February 2014) Available online on http://www.rspublication.com/ijca/ijca_index.htm ISSN: 2250-1797
By increasing use of computer network and internet using Intrusion Detection System has become more popular. The main drawback of IDS is to generate alert to system administrator based on malicious activities that violates security policies. Recently fuzzy logic plays a vital role in detecting attacks using various rule generation technique. This paper proposed a new concept of using various fu...
متن کاملUsing Artificial Immune System and Fuzzy Logic for Alert Correlation
One of the most important challenges facing the intrusion detection systems (IDSs) is the huge number of generated alerts. A system administrator will be overwhelmed by these alerts in such a way that she/he cannot manage and use the alerts. The best-known solution is to correlate low-level alerts into a higher level attack and then produce a high-level alert for them. In this paper a new autom...
متن کاملEntropy Based Fuzzy Rule Weighting for Hierarchical Intrusion Detection
Predicting different behaviors in computer networks is the subject of many data mining researches. Providing a balanced Intrusion Detection System (IDS) that directly addresses the trade-off between the ability to detect new attack types and providing low false detection rate is a fundamental challenge. Many of the proposed methods perform well in one of the two aspects, and concentrate on a su...
متن کامل