Incorporating soft computing techniques into a probabilistic intrusion detection system

There are a lot of industrial applications that can be solved competitively by hard computing, while still requiring the tolerance for imprecision and uncertainty that can be exploited by soft computing. This paper presents a novel intrusion detection system (IDS) that models normal behaviors with hidden Markov models (HMM) and attempts to detect intrusions by noting significant deviations from the models. Among several soft computing techniques neural network and fuzzy logic are incorporated into the system to achieve robustness and flexibility. Self-organizing map (SOM) determines the optimal measures of audit data and reduces them into appropriate size for efficient modeling by HMM. Based on several models with different measures, fuzzy logic makes the final decision of whether current behavior is abnormal or not. Experimental results with some real audit data show that the proposed fusion produces a viable intrusion detection system. Fuzzy rules that utilize the models based on the measures of system call, file access, and the combination of them produce more reliable performance.