Scientific and Technical Journal


ISSN Print 2221-3937
ISSN Online 2221-3805

The aim of this work is the development and improvement of methods of the intrusion detection based on the use of adaptive fuzzy logic model of decision-making methods in conjunction with AIS . Setting up and testing of the model is performed on the basis of analysis of the information obtained in the processing of real IP-traffic, details of which are presented in a public samples network traffic KDD Cup 1999.

While developing the model takes into account that the classification of the events, which are happening in the shortage of a priori information about the source properties of the stochastic nature of the intrusion and classified events. Intrusion detection system contains modules of adaption, modify rules, the formation of dynamic ratings for events classification rules, decision-making, which offer more efficiency in the sense of Pareto solutions of problems of intrusion detection.

As an acceptable solution it is proposed to form dynamically the basis of such decision rules Rj, each of which has a value of the function of quality fj above given threshold fα, which is defined by the decision maker depending on the criticality of the controlled object. Fuzzy decision rules Rj, for which fj> fα, a subset of effective rules are Rα. Through the use of the classification of the states included in the network of rules Rα provided higher value of the likelihood of intrusion detection , as well as the minimum number of false alarms. This is true in terms of stationary processes occurring in the network. When qualitative changes it is advisable to adjust the composition of traffic rules subset Rα with the new values ​​fj.

There are the results of experiments, which are conducted to investigate the effect on the level of the likelihood of different volumes of test samples, adaptively changing values ​​fj, at varying thresholds CFα, fα , influence the frequency modification of the rule base and others. Usage of  the adaptation mode significantly increases the likelihood classification of network conditions. Thus, with increasing sample sizes the length of the confidence interval level and the likelihood of false positives is well approximated by a power function of the square root of the ratio magnification scope.  This is caused by fi quality function productive correction and increases its evaluation.As it turned out, the proposed model is locally stable within the classes of attacks, as well as sensitive to the adjustable parameters a,b,c of fuzzy rules and thresholds CFα, fα  forming a subset of effective rules  Rα . This moment allows to the decision maker to make decisions taking into account the specific features of the administration of computer networks, including earlier detection of the facts of these classes of attacks.

In a further refinement of the proposed approach it is promised to consider the multidimensional problem of classification on a set of alternative characters, the development of approximation Pareto approach for multidimensional optimization problems, as well as the feasibility of using the advance filter traffic.

  1. Dasgupta D. (ed.), (2006),Iskusstvennye immunnye sistemy i ikh primenenie [Artificial Immune Systems and Applications], Fizmatlit, Moscow,Russian Federation,344 p. (In Russian).
  2. Skatkov A.V. (ed.),     Informacionnye tehnologii dlja kriticheskih infrastruktur: monogr, [Information Technology for Critical Infrastructures: Monograph], (2012), SevNTU, Sevastopol,306 p. (In Russian).
  3. Varghese S.M., and Jacob K.P., (2007), Anomaly Detection Using System call Sequence sets, Journal of software, pp. 14 –21.
  4. Yeung D.Y., and Ding Y., (2003), Host-Based Intrusion Detection Using Dynamic and Static Behavioral Models, Journal of Pattern Recognition, pp.229 – 243.
  5. Shon T., and Moon J., (2007), A Hybrid Machine Learning Approach to Network Anomaly Detection, Journal of Information Sciences, pp. 3799 – 3821.
  6. Kabiri P., and Ghorbani A., (2005), Research in Intrusion Detection and Response, International Journal of Network Security, pp. 84 – 102.
  7. Khanna R., and Liu H., (2006), System Approach to Intrusion Detection Using HiddenMarkov Model, IWCMC, July 3 – 6, Vancouver, British Columbia, Canada, pp. 349 – 354.
  8. Castro P.A., Coelho G.P., and Von Zuben F.J., (2005), Designing Ensembles of Fuzzy Classification Systems: An Immune-Inspired Approach, 4th International Conference on Artificial Immune Systems (ICARIS), Springer-Verlag, Berlin, pp. 469 – 482.
  9. Beghdad R., (2008), Critical Study of Neural Networks in Detecting Intrusions, Journal of Computers and Security, pp. 168 –175.
  10. Sheikhan М., and Jadidi Z., (2009), Misuse Detection Using Hybrid of Association Rule Mining and Connectionist Modeling, World Appl. Sci. J., Vol.7 (Special Issue of Computer & IT), pp. 31 – 37.
  11. Chen Y., Abraham A., and Yang B., (2007), Hybrid Flexible Neural-Tree-Based Intrusion Detection Systems, International Journal of Intelligent Systems, pp. 337 – 352.
  12. Abraham A., and Jain R., (2005), Soft Computing Models for Network Intrusion Detection Systems. Classification and Clustering for Knowledge Discovery Studies, Journal Computational Intelligence, pp. 191 – 207.
  13. Bryukhovetskyi A.A., and Skatkov A.V. Adaptivnaja model' obnaruzhenija vtorzhenij v komp'juternyh setjah na osnove iskusstvennyh immunnyh system, [An Adaptive Model of Intrusion Detection in Computer Networks base on Artificial Immune System], (2013),Journal Electrotechnic and Computer Systems, Odessa, Ukraine, Vol. 12 (88), pp. 102 – 111.
  14. Hansen J.V., Lowry P.B., Meservy R.D., and McDonald D.M., (2007), Genetic Programming for Prevention of Cyber terrorism through Dynamic and Evolving Intrusion Detection, Journal of Decision Support Systems, Vol. 43,pp. 1362 –1374.
  15. Irvine CA 92697-3425, (1999), KDD cup 99 Intrusion Detection data set, Available at: /http:// /databases/kddcup99/ (accessed 17 March 2013) .
  16. Bryukhovetskyi A.A., Skatkov A.V., and Berezenko P.O., Obnaruzhenie ujazvimostej v kriticheskih prilozhenijah na osnove reshajushhih derev'ev, [The Discovery of Vulnerabilities in Critical Applications Based on Decision trees], (2013), Journal Electronic and Computer Systems, Kharkov, Vol. 5 (64), pp. 18 – 23.
  17. Zainal A., Maarof M., Shamsuddin S. et al., (2009), Ensemble Classifiers for Network Intrusion Detection System, Journal of Information Assurance and Security, vol. 4, pp. 217 – 222.
Last download:
15 Jan 2020

[ © KarelWintersky ] [ All articles ] [ All authors ]
[ © Odessa National Polytechnic University, 2014-2018. Any use of information from the site is possible only under the condition that the source link! ]