An Architecture for Host-based Intrusion Detection Systems using Fuzzy Logic
Published: 2014
Author(s) Name: Maryam Rostamipour, Babak Sadeghiyan |
Author(s) Affiliation: Dept of Computer Engg and Information Tech, Amirkabir University of Technology, Tehran, Iran.
Locked
Subscribed
Available for All
Abstract
Intrusion Detection Systems (IDSs) are key parts of computer system defences used to detect malicious activities or policy violations and produce reports to a management station. In this paper, we propose a host-based
IDS to detect with a fuzzy logic approach. The
novelty of our proposed system is that multiple features are extracted for each session in order to identify attacks, and then fuzzy inference expert systems are used to detect intrusion. Selected features are extracted based on system call arguments and used to detect the buffer overflow attack in UNIX system. Because of the difficulty of specifying the exact amounts of them, fuzzy inference expert system is used to detect intrusion. The extracted features from audit trail are related to the different stages of attack scenario, so the output of proposed system is suitable for forensic investigation. Our Host-based Intrusion Detection System (HIDS) is tested experimentally against DARPA 98 and 99 intrusion detection datasets. A comparison with other learning-based approaches is performed. The final results show that our system is efficient.
Keywords: Network Security, Buffer Overflow Attack, Host-based IDS, Fuzzy Intrusion Detection, Fuzzy Logic
View PDF