Abstract:
AIDS (Anomaly based Intrusion Detection System) is one of the key component of a reliable security infra-structure. Working at second line of defense, detection accuracy is the key objective that largely depends upon the precision of its normal profile. Due to existence of vague boundaries between normal and anomalous classes and dynamic network behavior, building accurate and generalize normal profile is very difficult. Based on the assumption that intruder’s behavior can be grouped into different phases active at different times, this article proposes to evolve and use short-term fuzzy profiles/contexts for each such individual intrusion phase resulting in enhanced detection accuracy for low-level attacks. The result is a context-driven, adaptable implementation framework based on a double layer hierarchy of fuzzy sensors. The framework adapts to network conditions by switching between different contexts, according to network traffic patterns, anomaly conditions and organization’s security policies. These contexts are evolved in incremental fashion with GA (Genetic Algorithm) using real-time network traces. The framework is tested using DARPA 98/99 dataset showing accurate detection of low-level DoS attack.
Page(s):
569-580
DOI:
DOI not available
Published:
Journal: Mehran University Research Journal of Engineering and Technology, Volume: 29, Issue: 4, Year: 2010