An Anomaly Based Adaptive Fuzzy Framework For Detecting Network Intrusions

Habib Ullah, Baig (2012) An Anomaly Based Adaptive Fuzzy Framework For Detecting Network Intrusions. Doctoral thesis, University Of Engineering And Technology, Taxila.

[img] Text

Download (14kB)


Anomaly based Intrusion detection systems have proved their worth by detecting zero age intrusions but suffers from large number of false alarms mainly because of imprecise definitions of their normal profile or detection models.Building accurate and precise normal profiles or detection models for intrusion detection is a complex process. It is because it involves highly dynamic network behavior, concept drift phenomenon and evolving intrusion patterns.To accommodate these network dynamics in intrusion detection models, we require extensive training data-sets.These data sets must contain a uniform distribution of theoretically possible intrusion patterns and normal network traffic instances.Deviation in training data-set with real time network data and skewed class distribution in training data set will result in a biased detection model.Concept drift phenomenon, huge network data, highly imbalance traffic distribution, addition of new applications and abstract boundaries between normal and abnormal behavior has limited the accuracy of generalized detection models or shortened their detection models useful life. Due to these limitations and complexities in building long term intrusion detection models, it is proposed in this thesis that instead of building a generalized profile responsible for detecting all the intrusions it is more helpful if short-term profiles are used to detect an intrusion or even a phase of an intrusion active in certain time space. These short term profiles are evolved by changing cost functions according to changed anomaly conditions, current network traffic patterns and security policies.The evolved profiles remain valid for a short period of time in which network dynamics can be assumed as piece-wise linear. In this thesis an anomaly based Adaptive SEmi-supervised Evolutionary Security (ASEES) fuzzy framework is proposed.It is based on adaptive distributed and cooperative fuzzy agents which use evolved short-term profiles.These profiles are evolved for different objectives to detect specific intrusions. Evolved profiles are switched and activated according to current network and anomaly conditions, network security policies and based on forecasted attacks. The ASEES fuzzy framework is tested under two different attacksDoS attack and reconnaissance attack i.e. port scan.The results show good detection times and high detection rate due to similarity of the training and testing data-set. The results also shows a performance increase in using short term profiles along with generalize normal profiles for denial of service attacks. viii

Item Type: Thesis (Doctoral)
Uncontrolled Keywords: Intrusions, Anomaly, Network, Based, Framework, Adaptive, Fuzzy
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Depositing User: Muhammad Khan Khan
Date Deposited: 07 Sep 2016 05:03
Last Modified: 07 Sep 2016 05:03

Actions (login required)

View Item View Item