A DOS and Network Probe Attack Detection based on HMM using Fuzzy Inference

Full Text (PDF, 588KB), PP.35-42

Views: 0 Downloads: 0

Author(s)

Mohsen Salehi 1,* Jamal Karimian 1 Majid Vafaei Jahan 2

1. Imam Reza International University, Mashhad, Iran

2. Islamic Azad University, Mashhad Branch, Iran

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2019.04.05

Received: 12 Aug. 2018 / Revised: 25 Aug. 2018 / Accepted: 5 Sep. 2018 / Published: 8 Apr. 2019

Index Terms

DOS, Probe, HMM, Fuzzy inferences, Attack detection

Abstract

This paper aims to provide an intrusion detection system for network traffic that achieves to the low false positive rate with having high attack detection rate. This system will identify anomalies by monitoring network traffic. So, Features extracted from the network traffic by the number of HMM, are modeled as a Classifier ensemble. Then by integrating the outputs of the HMM within a group, probability value is generated. In this system each feature receives a weight and rather than a threshold value, using the fuzzy inference to decide between normal and abnormal network traffic. So at first, the fuzzy rules of decide module are formed manually and based on the value of the security of extraction feature. Then probability output of each HMM groups converted to fuzzy values according to fuzzy rules. These values are applied by a fuzzy inference engine and converted to an output indicating the being normal or abnormal of network traffic. Experiments show that the proposed system in detecting attacks that are the main candidate error is working well. Also, measures recall, precision and F1-measure respectively with 100%, 99.38% and 99.69% will pass. Finally, attack detection rate close to 100% and false positive rate of 0.62%, showing that the proposed system is improved compared to previous systems.

Cite This Paper

Mohsen Salehi, Jamal Karimian, Majid Vafaei Jahan, "A DOS and Network Probe Attack Detection based on HMM using Fuzzy Inference", International Journal of Computer Network and Information Security(IJCNIS), Vol.11, No.4, pp.35-42, 2019. DOI:10.5815/ijcnis.2019.04.05

Reference

[1]Aljawarneh, S., Aldwairi, M. and Yassein, M.B., Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. Journal of Computational Science, 25, pp.152-160, 2018.
[2]Salehi, M. and Karimian, J., A Trust-based Security Approach in Hierarchical Wireless Sensor Networks. Ad Hoc Netw, 7(6), pp.58-67, 2017.
[3]Viegas, E., Santin, A.O., Franca, A., Jasinski, R., Pedroni, V.A. and Oliveira, L.S., Towards an energy-efficient anomaly-based intrusion detection engine for embedded systems. IEEE Transactions on Computers, 66(1), pp.163-177, 2017.
[4]Li, Q., Tan, Z., Jamdagni, A., Nanda, P., He, X. and Han, W., An Intrusion Detection System Based on Polynomial Feature Correlation Technique. 2017 IEEE Trustcom/BigDataSE/ICESS, 2017.
[5]Yong zhong Li, Yang Ge, Xu Jing, and Zhao Bo, “A New Intrusion Detection Method Based on Fuzzy HMM,” ICIEA, IEEE Conference on, 3rd, pp. 36-39, 2008.
[6]Ruchi Jain, Nasser S. Abouzakhar. "A Comparative Study of Hidden Markov Model and Support Vector Machine in Anomaly Intrusion Detection." Journal of Internet Technology and Secured Transactions (JITST), Volume 2, Issues 1/2/3/4, 2013.
[7]Annachhatre, C., Austin, T.H. and Stamp, M., Hidden Markov models for malware classification. Journal of Computer Virology and Hacking Techniques, 11(2), pp.59-73, 2015.
[8]Cahyanto, T.A., 2015. BAUM-WELCH Algorithm Implementation For Knowing Data Characteristics Related Attacks On Web Server Log. PROCEEDING IC-ITECHS 2014.
[9]C. Kruegel, G. Vigna, and W. Robertson, “A multi-model approach to the detection of web-based attacks,” Computer Networks, Vol. 48, Issue 5, pp. 717–738, 2005.
[10]Dau Xuan Hoang, and Minh Ngoc Nguyen, “A program-based anomaly intrusion detection scheme using multiple detection engines and fuzzy inference,” Journal of Network and Computer Applications, Vol. 32, Issue 6, November 2009.
[11]Estevez Tapiador, Garcia Teodoro, and Diaz Verdejo, “Detection of Web-based Attacks through Markovian Protocol Parsing”, 10th IEEE Symposium on Computers and Communications, pp. 457-462, 2005.
[12]R.O. Duda, P.E. Hart, and D.G. Stork, “Pattern Classi?cation,” Wiley, pp. 10-40, 2000.
[13]Ajith Abraham, Ravi Jain, “Soft Computing Models for Network Intrusion Detection Systems”, Classification and Clustering for Knowledge Discovery Studies in Computational Intelligence, Vol. 4, pp. 191-207, 2005.
[14]Ji-yao An, G. Y.-f. Intrusion Detection Based on Fuzzy Neural Networks. In Z. Y.-L. Jun Wang, Advances in Neural Networks - ISNN 2006 (pp. 231-239). Berlin, Heidelberg: Springer Berlin Heidelberg. 2006
[15]J.E. Dickerson, J. Juslin, O. Koukousoula, and J.A. Dickerson, “Fuzzy Intrusion Detection,” IFSA World Congress and 20th NAFIPS International Conference on, Vol. 3, pp. 1506-1510, Vancouver, Canada, 2001.
[16]J. Gomez, F. Gonzalez, and D. Dasgupta, “An Immuno-Fuzzy Approach to Anomaly Detection,” Fuzzy Systems, 12th IEEE International Conference on, Vol. 2, pp. 1219-1224, 2003.
[17]Bazara I. A. Barry, H. Anthony Chan. "Intrusion Detection Systems." In Handbook of Information and Communication Security, 193-205. Springer Berlin Heidelberg, 2010.
[18]Tang, T.A., Mhamdi, L., McLernon, D., Zaidi, S.A.R. and Ghogho, M., October. Deep learning approach for network intrusion detection in software defined networking. In Wireless Networks and Mobile Communications (WINCOM), International Conference on (pp. 258-263). IEEE, 2016.
[19]KDD Cup 1999 Data. 1999. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.