1 / 13

Fuzzy Network Profiling for Intrusion Detection

Fuzzy Network Profiling for Intrusion Detection. Dickerson, J.E.; Dickerson, J.A. Fuzzy Information Processing Society, 2000. NAFIPS. 19th International Conference of the North American , 2000 Reporter : Chien-Chung Su. Agenda. Introduction System Architecture Implementation example

stacey-lee
Download Presentation

Fuzzy Network Profiling for Intrusion Detection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Fuzzy Network Profiling for Intrusion Detection Dickerson, J.E.; Dickerson, J.A.Fuzzy Information Processing Society, 2000. NAFIPS. 19th International Conference of the North American , 2000 Reporter : Chien-Chung Su

  2. Agenda • Introduction • System Architecture • Implementation example • Conclusion

  3. Introduction • Intrusion Detection System • A process to identifying network activity that can lead to the compromise of a security policy • Two primary form • Misuse Detection • Matching known patterns of hostile activity against database of past attacks • Anomaly Detection • Applying statistical measures or artificial knowledge to compare current activity against historical knowledge of network utilization

  4. System Architecture (1/5) • Fuzzy Intrusion Recognition Engine(FIRE) • Anomaly-based intrusion detection system • Applying Fuzzy Theory • Applying simple data mining technique

  5. Raw data Mined data Fuzzy Alerts System Architecture (2/5) A Local Area Local Network Data Collector (NDC) Network Data Processor (NDP) Fuzzy Threat Analyzer (FTA)

  6. System Architecture (3/5) • Network Data Collector(NDC) • Grab all packets that cross the wire and stores them to disk • To help avoid packet loss in the data collection system, it is important that the tasks performed by the NDC be very limited

  7. System Architecture (4/5) • Network Data Processor(NDP) • Perform a kind of data mining on the collected packets • Compare the current data with the historical mined data to create the “normalized” value that reflect how the new data differs from what was observed in the past

  8. System Architecture (5/5) • Fuzzy Threat Analyzer(FTA) • A fuzzy rules can incorporate one or more fuzzy inputs • Depending on the fuzzy values, the fuzzy rules designer can make the types of intrusions they can detect either very general or very specific

  9. Implementation example (1/4) • What metrics we wants? • SrcIP , DstIP , SrcPort , DstPort • TCP flags , data length • Data content • Time the packet was sent • Example • sdp = (SrcIP , DstIP ,SrcPort , DstPort) • Represents the existence of a TCP channel(whether successful or not) between two IP end points

  10. LOW MED-LOW MED MED-HIGH HIGH 1 2 5 10 25 50 100 Implementation example (2/4) • Define fuzzy variables • COUNT • UNIQUENESS • VARIANCE • Membership Function

  11. Implementation example (3/4) • Design fuzzy rules • Scenario : Network scan • Rules examples • If (COUNT == LOW) && (UNIQUENESS == MED)Then “Network Scan” = MED-LOW • If (COUNT == MED) && (UNIQUENESS == LOW)Then “Network Scan” = LOW • If (COUNT == MED) && (UNIQUENESS == HIGH)Then “Network Scan” = HIGH • If (COUNT of ForeignHosts == HIGH) && (UNIQUENESS of DNS == HIGH)Then “DNS Scan” == HIGH

  12. Implementation example (4/4) • System issues • Data collection interval • Define fuzzy variables • Data mining techniques • Fuzzy rules

  13. Conclusion • Intrusion detection with a part of fuzziness • Expert system should be supported • Real-time data mining issues

More Related