3,009 research outputs found
Adding Contextual Information to Intrusion Detection Systems Using Fuzzy Cognitive Maps
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.In the last few years there has been considerable increase in the efficiency of Intrusion Detection Systems (IDSs). However, networks are still the victim of attacks. As the complexity of these attacks keeps increasing, new and more robust detection mechanisms need to be developed. The next generation of IDSs should be designed incorporating reasoning engines supported by contextual information about the network, cognitive information and situational awareness to improve their detection results. In this paper, we propose the use of a Fuzzy Cognitive Map (FCM) in conjunction with an IDS to incorporate contextual information into the detection process. We have evaluated the use of FCMs to adjust the Basic Probability Assignment (BPA) values defined prior to the data fusion process, which is crucial for the IDS that we have developed. The experimental results that we present verify that FCMs can improve the efficiency of our IDS by reducing the number of false alarms, while not affecting the number of correct detections
AI Solutions for MDS: Artificial Intelligence Techniques for Misuse Detection and Localisation in Telecommunication Environments
This report considers the application of Articial Intelligence (AI) techniques to
the problem of misuse detection and misuse localisation within telecommunications
environments. A broad survey of techniques is provided, that covers inter alia
rule based systems, model-based systems, case based reasoning, pattern matching,
clustering and feature extraction, articial neural networks, genetic algorithms, arti
cial immune systems, agent based systems, data mining and a variety of hybrid
approaches. The report then considers the central issue of event correlation, that
is at the heart of many misuse detection and localisation systems. The notion of
being able to infer misuse by the correlation of individual temporally distributed
events within a multiple data stream environment is explored, and a range of techniques,
covering model based approaches, `programmed' AI and machine learning
paradigms. It is found that, in general, correlation is best achieved via rule based approaches,
but that these suffer from a number of drawbacks, such as the difculty of
developing and maintaining an appropriate knowledge base, and the lack of ability
to generalise from known misuses to new unseen misuses. Two distinct approaches
are evident. One attempts to encode knowledge of known misuses, typically within
rules, and use this to screen events. This approach cannot generally detect misuses
for which it has not been programmed, i.e. it is prone to issuing false negatives.
The other attempts to `learn' the features of event patterns that constitute normal
behaviour, and, by observing patterns that do not match expected behaviour, detect
when a misuse has occurred. This approach is prone to issuing false positives,
i.e. inferring misuse from innocent patterns of behaviour that the system was not
trained to recognise. Contemporary approaches are seen to favour hybridisation,
often combining detection or localisation mechanisms for both abnormal and normal
behaviour, the former to capture known cases of misuse, the latter to capture
unknown cases. In some systems, these mechanisms even work together to update
each other to increase detection rates and lower false positive rates. It is concluded
that hybridisation offers the most promising future direction, but that a rule or state
based component is likely to remain, being the most natural approach to the correlation
of complex events. The challenge, then, is to mitigate the weaknesses of
canonical programmed systems such that learning, generalisation and adaptation
are more readily facilitated
Analysis of Hybrid Soft Computing Techniques for Intrusion Detection on Network
Intrusion detection is an action towards security of a network when a system or network is being used inappropriately or without authorization. The use of Soft Computing Approaches in intrusion detection is an Appealing co ncept for two reasons: firstly, the Soft Computing Approaches achieve tractability, robustness, low solution cost, and better report with reality. Secondly, current techniques used in network security from intrusion are not able to cope with the dynamic and increasingly complex nature of network and their security. It is hoped that Soft Computing inspired approaches in this area will be able to meet this challenge. Here we analyze the approaches including the examination of efforts in hybrid system of SC su ch as neuro - fuzzy, fuzzy - genetic, neuro - genetic, and neuro - fuzzy - genetic used the development of the systems and outcome their implementation. It provides an introduction and review of the key developments within this field, in addition to making suggestio ns for future research
An Agent-Based Intrusion Detection System for Local Area Networks
Since it is impossible to predict and identify all the vulnerabilities of a
network beforehand, and penetration into a system by malicious intruders cannot
always be prevented, intrusion detection systems (IDSs) are essential entities
to ensure the security of a networked system. To be effective in carrying out
their functions, the IDSs need to be accurate, adaptive, and extensible. Given
these stringent requirements and the high level of vulnerabilities of the
current days' networks, the design of an IDS has become a very challenging
task. Although, an extensive research has been done on intrusion detection in a
distributed environment, distributed IDSs suffer from a number of drawbacks
e.g., high rates of false positives, low detection efficiency etc. In this
paper, the design of a distributed IDS is proposed that consists of a group of
autonomous and cooperating agents. In addition to its ability to detect
attacks, the system is capable of identifying and isolating compromised nodes
in the network thereby introducing fault-tolerance in its operations. The
experiments conducted on the system have shown that it has a high detection
efficiency and low false positives compared to some of the currently existing
systems.Comment: 13 pages, 5 figures, 2 table
Adding contextual information to intrusion detection systems using fuzzy cognitive maps
In the last few years there has been considerable increase in the efficiency of Intrusion Detection Systems (IDSs). However, networks are still the victim of attacks. As the complexity of these attacks keeps increasing, new and more robust detection mechanisms need to be developed. The next generation of IDSs should be designed incorporating reasoning
engines supported by contextual information about the network, cognitive information from the network users and situational awareness to improve their detection results. In this paper, we propose the use of a Fuzzy Cognitive Map (FCM) in conjunction with an IDS to incorporate contextual information into the detection process. We have evaluated the use of FCMs to adjust the Basic Probability Assignment (BPA) values defined prior to the data fusion process, which is crucial for the IDS that we have
developed. The results that we present verify that FCMs can improve the efficiency of our IDS by reducing the number of false alarms, while not affecting the number of correct detections
Using Pattern-of-Life as Contextual Information for Anomaly-based Intrusion Detection Systems
open access articleAs the complexity of cyber-attacks keeps increasing, new robust detection mechanisms need to be developed. The next generation of Intrusion Detection Systems (IDSs) should be able to adapt their detection characteristics based not only on the measurable network traffic, but also on the available highlevel information related to the protected network. To this end, we make use of the Pattern-of-Life (PoL) of a computer network as the main source of high-level information. We propose two novel approaches that make use of a Fuzzy Cognitive Map (FCM) to incorporate the PoL into the detection process. There are four main aims of the work. First, to evaluate the efficiency of the proposed approaches in identifying the presence of attacks. Second, to identify which of the proposed approaches to integrate an FCM into the IDS framework produces the best results. Third, to identify which of the metrics used in the design of the FCM produces the best detection results. Fourth, to evidence the improved detection performance that contextual information can offer in IDSs. The results that we present verify that the proposed approaches improve the effectiveness of our IDS by reducing the total number of false alarms; providing almost perfect detection rate (i.e., 99.76%) and only 6.33% false positive rate, depending on the particular metric combination
MINIMIZATION OF MOBILE AD HOC NETWORKS ROUTING ATTACKS USING DS MATHEMATICAL THEORY
Mobile Ad hoc Networks (MANET) have been highly vulnerable to attacks due to the dynamic nature of its network infrastructure. Among these attacks, routing attacks have received considerable attention since it could cause the most devastating damage to MANET. Even though there exist several intrusion response techniques to mitigate such critical attacks, existing solutions typically attempt to isolate malicious nodes based on binary or naı¨ve fuzzy response decisions. However, binary responses may result in the unexpected network partition, causing additional damages to the network infrastructure, and naı¨ve fuzzy responses could lead to uncertainty in countering routing attacks in MANET. In this paper, we propose a risk-aware response mechanism to systematically cope with the identified routing attacks. Our risk-aware approach is based on an extended Dempster-Shafer mathematical theory of evidence introducing a notion of importance factors. In addition, our experiments demonstrate the effectiveness of our approach with the consideration of several performance metric
Shallow and deep networks intrusion detection system : a taxonomy and survey
Intrusion detection has attracted a considerable interest from researchers and industries. The community, after many years of research, still faces the problem of building reliable and efficient IDS that are capable of handling large quantities of data, with changing patterns in real time situations. The work presented in this manuscript classifies intrusion detection systems (IDS). Moreover, a taxonomy and survey of shallow and deep networks intrusion detection systems is presented based on previous and current works. This taxonomy and survey reviews machine learning techniques and their performance in detecting anomalies. Feature selection which influences the effectiveness of machine learning (ML) IDS is discussed to explain the role of feature selection in the classification and training phase of ML IDS. Finally, a discussion of the false and true positive alarm rates is presented to help researchers model reliable and efficient machine learning based intrusion detection systems
- …