Using Adaptive Neuro-Fuzzy Inference System in Alert Management of Intrusion Detection Systems

Full Text (PDF, 399KB), PP.32-38

Views: 0 Downloads: 0

Author(s)

Zahra Atashbar Orang 1,* Ezzat Moradpour 2 Ahmad Habibizad Navin 3 Amir Azimi Alasti Ahrabi 2 Mir Kamal Mirnia 4

1. Islamic Azad University, Tabriz Branch, Tabriz, Iran

2. Islamic Azad University, Shabestar Branch, Shabestar, Iran

3. Islamic Azad University, Science and Research, Tabriz, Iran

4. Islamic Azad University, Science and Research Branch, Tabriz, Iran

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2012.11.04

Received: 4 Feb. 2012 / Revised: 16 Jun. 2012 / Accepted: 9 Aug. 2012 / Published: 8 Oct. 2012

Index Terms

Intrusion detection system, alert classification, ANFIS, false positive alert reduction

Abstract

By ever increase in using computer network and internet, using Intrusion Detection Systems (IDS) has been more important. Main problems of IDS are the number of generated alerts, alert failure as well as identifying the attack type of alerts. In this paper a system is proposed that uses Adaptive Neuro-Fuzzy Inference System to classify IDS alerts reducing false positive alerts and also identifying attack types of true positive ones. By the experimental results on DARPA KDD cup 98, the system can classify alerts, leading a reduction of false positive alerts considerably and identifying attack types of alerts in low slice of time.

Cite This Paper

Zahra Atashbar Orang, Ezzat Moradpour, Ahmad Habibizad Navin, Amir Azimi Alasti Ahrabim, Mir Kamal Mirnia, "Using Adaptive Neuro-Fuzzy Inference System in Alert Management of Intrusion Detection Systems", International Journal of Computer Network and Information Security(IJCNIS), vol.4, no.11, pp.32-38, 2012. DOI:10.5815/ijcnis.2012.11.04

Reference

[1]H. Debar, M. Dacier, and A. Wespi. Towards a taxonomy of intrusion-detection systems. COMPUT. NETWORKS, Vol.: 31, Issue: 8, pp.: 805-822, 1999.
[2]Jang J., "ANFIS: Adaptive-Network-Based Fuzzy Inference System", IEEE Transactions on Systems, Man, and Cybernetics, Vol.: 23, Issue: 3, pp: 665-685, 1993.
[3]K. Julisch, "Clustering intrusion detection alarms to support root cause analysis", ACM Trans. on Information and System Security, Vol.: 6, Issue: 4, pp.: 443 – 471, 2003.
[4]F. Cuppens., "Managing alerts in a multi-intrusion detection environment", Proceedings of the 17th Annual Computer Security Applications Conference on, pp.: 22-31, 2001.
[5]E. MIRADOR. Mirador: a cooperative approach of IDS. European Symposium on Research in Computer Security (ESORICS). Toulouse, France, 2000.
[6]Wang, J., Wang, H., Zhao, G., A GA-based Solution to an NP-hard Problem of Clustering Security Events. IEEE, pp.: 2093- 2097, 2006.
[7]Jianxin Wang, Baojiang Cui, "Clustering IDS Alarms with an IGA-based Approach", ICCCAS, pp.: 586-591, 2009.
[8]Amir Azimi Alasti Ahrabi, Ahmad Habibizad Navin, Hadi Bahrbegi, Mir Kamal Mirnia, Mehdi Bahrbegi, Elnaz Safarzadeh, Ali Ebrahimi, "A New System for Clustering and Classification of Intrusion Detection System Alerts Using Self-Organizing Maps", International Journal of Computer Science and Security (IJCSS), Vol.: 4, Issue: 6, pp.: 589 – 597, 2010.
[9]Bahrbegi H., Navin A.H., Ahrabi A.A.A., Mirnia M. K., Mollanejad A., "A new system to evaluate GA-based clustering algorithms in Intrusion Detection alert management system", Nature and Biologically Inspired Computing (NaBIC), Second World Congress on, pp.: 115 – 120, 2010.
[10]MIT Lincoln Lab., DARPA 1998 Intrusion Detection Evaluation Datasets. Available: http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1998data.html, 1998.
[11]Snort: The open source network intrusion detection system. Available: http://www.snort.org/.
[12]S Terry Brugger and Jedidiah Chow, "An Assessment of the DARPA IDS Evaluation Dataset Using Snort", UC Davis Technical Report CSE-2007-1, Davis, CA, 2007.
[13]Snort Manual, www.snort.org/assets/82/snort_manual.pdf.
[14]Fuzzy Toolbox, "Fuzzy Toolbox for Matlab", www.mathworks.com/products/fuzzy-logic/index.html, 2011.
[15]Matlab Software, http://www.mathworks.com.
[16]Maheyzah, M. S., Mohd Aizaini, M., and Siti Zaiton, M. H. (2009), "Intelligent Alert Clustering Model for Network Intrusion Analysis.", Int. Jurnal in Advances Soft Computing and Its Applications (IJASCA), Vol.: 1, Issue: 1, pp. 33 – 48, 2009.
[17]Amir Azimi Alasti Ahrabi, Hadi Bahrbegi, Elnaz Safarzadeh, Mehdi Bahrbegi, "Using Learning Vector Quantization in Alert Management of Intrusion Detection System", International Journal of Computer Science and Security (IJCSS), Vol.: 6, Issue: 2, unpublished, 2012.
[18]Kohonen, T, "Self-Organized Maps", Springer series in information. Science Berlin Heidelberg: 1997.