A Knowledge-Based System Implementation of Intrusion Detection Rules

Author

Flior, Eric ; Anaya, Tychy ; Moody, Cory ; Beheshti, Mohsen ; Han, Jianchao ; Kowalski, Kazimierz

Author_Institution

Comput. Sci. Dept., California State Univ. Dominguez Hills, Carson, CA, USA

fYear

2010

fDate

12-14 April 2010

Firstpage

738

Lastpage

742

Abstract

This research determines the feasibility of using an Exsys Corvid based expert system to detect and respond to network threats and appropriately administrate a Linux-based iptables firewall in real-time. In our implementation, we attempt to replace the human domain expert required for creating the expert system knowledge base with intrusion detection rules created by data-mining on network traffic. Our expert system will be used in conjunction with intrusion detection classification rules provided by the See5 data-mining tool, which have, in turn, been created based on the data fusion of normal and malicious network traffic from multiple network sensors.

Keywords

Linux; data mining; expert systems; security of data; sensor fusion; telecommunication traffic; Exsys Corvid based expert system; Linux-based iptables firewall; See5 data-mining tool; data fusion; intrusion detection rules; knowledge-based system implementation; multiple network sensors; network traffic; Databases; Expert systems; Humans; Information analysis; Information technology; Intrusion detection; Knowledge based systems; Real time systems; Sensor systems; Telecommunication traffic; Corvid; Expert System; Linux; See5; iptables;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Technology: New Generations (ITNG), 2010 Seventh International Conference on

Conference_Location

Las Vegas, NV

Print_ISBN

978-1-4244-6270-4

Type

conf

DOI

10.1109/ITNG.2010.251

Filename

5501643