APPLICATION OF TYPE-2 FUZZY LOGIC TO RULE-BASED INTRUSION ALERT CORRELATION DETECTION

被引：0

作者：

Huang, Chenn-Jung ^{[1
]}

Hu, Kai-Wen ^{[1
]}

Chen, Heng-Ming ^{[2
]}

Chang, Tao-Ku ^{[1
]}

Luo, Yun-Cheng ^{[4
]}

Lien, Yih-Jhe ^{[3
]}

机构：

[1] Natl Dong Hwa Univ, Dept Comp Sci & Informat Engn, Shoufeng 97401, Hualien, Taiwan

[2] Natl Dong Hwa Univ, Dept Elect Engn, Shoufeng 97401, Hualien, Taiwan

[3] Natl Dong Hwa Univ, Inst Elect Engn, Shoufeng 97401, Hualien, Taiwan

[4] Natl Tsing Hua Univ, Dept Comp Sci & Informat Engn, Hsinchu 30013, Taiwan

来源：

INTERNATIONAL JOURNAL OF INNOVATIVE COMPUTING INFORMATION AND CONTROL | 2012年 / 8卷 / 04期

关键词：

Intrusion detection system; Intrusion correlation; Alert reduction; IDS rule tuning; Adaptive tuning; SYSTEMS; SETS;

D O I：

暂无

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

An intrusion detection system (IDS) is a security layer that is used to discover ongoing intrusive attacks and anomalous activities in information systems, which means usually working in a dynamically changing environment. Although increasing attention to IDSs is evident in the literature, network security administrators are still faced with the task of analyzing enormous numbers of alerts produced from different event streams, The intrusion detection model therefore needs to be continuously tuned, in order to reduce correlative alerts and help the administrator to accurately determine critical attacks. In this work, an alert correlation detection module is proposed to analyze the alerts produced by IDSs, providing a more succinct and comprehensive view of intrusions. An automatically-tuned IDS rule-generation module that is based on a type-2 fuzzy logic technique is used to block highly correlative alerts. The experimental results reveal that the proposed model is effective in achieving alert reduction and abstraction.

引用

页码：2865 / 2874

页数：10

共 50 条

[1] A rule-based intrusion alert correlation system for integrated security management
Lee, SH
Lee, HH
Noh, BN
[J]. COMPUTATIONAL SCIENCE - ICCS 2004, PT 1, PROCEEDINGS, 2004, 3036 : 365 - 372
[2] Type-2 interval fuzzy rule-based systems in spatial analysis
Di Martino, Ferdinando
Sessa, Salvatore
[J]. INFORMATION SCIENCES, 2014, 279 : 199 - 212
[3] A Fuzzy Rule-Based Classification System Using Interval Type-2 Fuzzy Sets
Tang, Min
Chen, Xia
Hu, Weidong
Yu, Wenxian
[J]. INTEGRATED UNCERTAINTY IN KNOWLEDGE MODELLING AND DECISION MAKING, 2011, 7027 : 72 - +
[4] A logic-based model to support alert correlation in intrusion detection
Morin, Benjamin
Me, Ludovic
Debar, Herve
Ducasse, Mireille
[J]. INFORMATION FUSION, 2009, 10 (04) : 285 - 299
[5] A type-2 fuzzy rule-based model for diagnosis of COVID-19
Sahin, Ihsan
Akdogan, Erhan
Aktan, Mehmet Emin
[J]. TURKISH JOURNAL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCES, 2023, 31 (01) : 39 - 52
[6] Type-2 Fuzzy Rule-based Expert System for Ankylosing spondylitis Diagnosis
Maftouni, Maede
Zarandi, M. H. Fazel
Turksen, I. B.
Roshani, Faezeh
[J]. 2015 Annual Meeting of the North American Fuzzy Information Processing Society DigiPen NAFIPS 2015, 2015,
[7] Learning Type-2 Fuzzy Rule-Based Systems through Memetic Algorithms
Acampora, Giovanni
D'Alterio, Pasquale
Vitiello, Autilia
[J]. 2018 IEEE INTERNATIONAL CONFERENCE ON FUZZY SYSTEMS (FUZZ-IEEE), 2018,
[8] A Type-2 Fuzzy Rule-Based Expert System Model for Portfolio Selection
Zarandi, M. H. Fazel
Yazdi, E. Hajigol
[J]. PROCEEDINGS OF THE 11TH JOINT CONFERENCE ON INFORMATION SCIENCES, 2008,
[9] Detection of PIV Outliers using Rule-based Fuzzy Logic
Sapkota, Achyut
Ohmi, Kazuo
[J]. 2008 IEEE INTERNATIONAL CONFERENCE ON FUZZY SYSTEMS, VOLS 1-5, 2008, : 1657 - +
[10] Fuzzy interpolative reasoning for sparse fuzzy rule-based systems based on interval type-2 fuzzy sets
Chen, Shyi-Ming
Lee, Li-Wei
[J]. EXPERT SYSTEMS WITH APPLICATIONS, 2011, 38 (08) : 9947 - 9957

← 1 2 3 4 5 →