Journal of Network and Information Security

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

An Architecture for Host-Based Intrusion Detection Systems using Fuzzy Logic


Affiliations
1 Department of Computer Engineering and Information Technology, Amirkabir University of Technology, Tehran, Iran, Islamic Republic of
     

   Subscribe/Renew Journal


Intrusion Detection Systems (IDSs) are key parts of computer system defences used to detect malicious activities or policy violations and produce reports to a management station. In this paper, we propose a hostbased IDS to detect with a fuzzy logic approach. The novelty of our proposed system is that multiple features are extracted for each session in order to identify attacks, and then fuzzy inference expert systems are used to detect intrusion. Selected features are extracted based on system call arguments and used to detect the buffer overflow attack in UNIX system. Because of the difficulty of specifying the exact amounts of them, fuzzy inference expert system is used to detect intrusion. The extracted features from audit trail are related to the different stages of attack scenario, so the output of proposed system is suitable for forensic investigation. Our Host-based Intrusion Detection System (HIDS) is tested experimentally against DARPA 98 and 99 intrusion detection datasets. A comparison with other learning-based approaches is performed. The final results show that our system is efficient.

Keywords

Network Security, Buffer Overflow Attack, Host-Based IDS, Fuzzy Intrusion Detection, Fuzzy Logic.
Subscription Login to verify subscription
User
Notifications
Font Size


Abstract Views: 270

PDF Views: 1




  • An Architecture for Host-Based Intrusion Detection Systems using Fuzzy Logic

Abstract Views: 270  |  PDF Views: 1

Authors

Maryam Rostamipour
Department of Computer Engineering and Information Technology, Amirkabir University of Technology, Tehran, Iran, Islamic Republic of
Babak Sadeghiyan
Department of Computer Engineering and Information Technology, Amirkabir University of Technology, Tehran, Iran, Islamic Republic of

Abstract


Intrusion Detection Systems (IDSs) are key parts of computer system defences used to detect malicious activities or policy violations and produce reports to a management station. In this paper, we propose a hostbased IDS to detect with a fuzzy logic approach. The novelty of our proposed system is that multiple features are extracted for each session in order to identify attacks, and then fuzzy inference expert systems are used to detect intrusion. Selected features are extracted based on system call arguments and used to detect the buffer overflow attack in UNIX system. Because of the difficulty of specifying the exact amounts of them, fuzzy inference expert system is used to detect intrusion. The extracted features from audit trail are related to the different stages of attack scenario, so the output of proposed system is suitable for forensic investigation. Our Host-based Intrusion Detection System (HIDS) is tested experimentally against DARPA 98 and 99 intrusion detection datasets. A comparison with other learning-based approaches is performed. The final results show that our system is efficient.

Keywords


Network Security, Buffer Overflow Attack, Host-Based IDS, Fuzzy Intrusion Detection, Fuzzy Logic.