• DocumentCode
    2542377
  • Title

    Fuzzy network profiling for intrusion detection

  • Author

    Dickerson, John E. ; Dickerson, Julie A.

  • Author_Institution
    Dept. of Electr. Eng. & Comput. Eng., Iowa State Univ., Ames, IA, USA
  • fYear
    2000
  • fDate
    2000
  • Firstpage
    301
  • Lastpage
    306
  • Abstract
    The Fuzzy Intrusion Recognition Engine (FIRE) is an anomaly-based intrusion detection system that uses fuzzy logic to assess whether malicious activity is taking place on a network. It uses simple data mining techniques to process the network input data and help expose metrics that are particularly significant to anomaly detection. These metrics are then evaluated as fuzzy sets. FIRE uses a fuzzy analysis engine to evaluate the fuzzy inputs and trigger alert levels for the security administrator. This paper describes the components in the FIRE architecture and explains their roles. Particular attention is given to explaining the benefits of data mining and how this can improve the meaningfulness of the fuzzy sets. Fuzzy rules are developed for some common intrusion detection scenarios. The results of tests with actual network data and actual malicious attacks are described. The FIRE IDS can detect a wide-range of common attack types
  • Keywords
    data mining; fuzzy logic; safety systems; security of data; data mining; fuzzy analysis engine; fuzzy intrusion recognition engine; fuzzy logic; fuzzy network profiling; fuzzy rules; fuzzy sets; intrusion detection; Computer crime; Data mining; Data security; Fires; Fuzzy logic; Fuzzy sets; Fuzzy systems; Information security; Intrusion detection; Search engines;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Fuzzy Information Processing Society, 2000. NAFIPS. 19th International Conference of the North American
  • Conference_Location
    Atlanta, GA
  • Print_ISBN
    0-7803-6274-8
  • Type

    conf

  • DOI
    10.1109/NAFIPS.2000.877441
  • Filename
    877441