Fuzzy Intrusion Recognition Engine (FIRE)


Description

Network intrusion detection (NID) is the process of identifying network activity that can lead to the compromise of a security policy. Most commercial NID systems use a form of intrusion detection called “misuse detection” that compares data in the network stream against a database of known attack signatures. These systems are usually only effective when prior knowledge of the detailed characteristics about various intrusion techniques is available.  We would prefer to be able to identify potentially malicious activity without prior knowledge of what form the attacks will take. 

Anomaly detection attempts to spot malicious activity by looking for unusual events in the data being monitored.  The difficulty in anomaly detection is knowing what features in the input to monitor.  Some features may be irrelevant to certain intrusion detection scenarios.  Some types of attacks are difficult to identify unless inputs from multiple monitors are combined.  The next generation of intrusion detection tools will need to be able to perform correlation analysis of  multiple inputs. 

This research explores using fuzzy systems as the correlation engine for an intrusion detection system.  Fuzzy systems have several important characteristics that suit intrusion detection very well.

  • Fuzzy systems can readily combine inputs from widely varying sources.
  • Many types of intrusions are cannot be crisply defined (e.g. at what threshold should an alarm be set?) 
  • The degree of alert that can occur with intrusions is often fuzzy.

Publications

  • J.E. Dickerson, J. Juslin*, O. Koukousoula*, J.A. Dickerson, "Fuzzy intrusion detection," IFSA World Congress and 20th North American Fuzzy Information Processing Society (NAFIPS) International Conference, Vancouver, British Columbia, Volume 3, 1506-1510, July, 2001.
  • J.E. Dickerson, J.A. Dickerson, "Fuzzy Network Profiling for Intrusion Detection." Proceedings of NAFIPS 19th International Conference of the North American Fuzzy Information Processing Society, Atlanta, July, 301-306, 2000. 

Current Project Personnel

  • Julie A Dickerson (PI) Electrical and Computer Engineering
  • John E. Dickerson Engineering Computer Support Services
  • Jianqiang Xin (MS Student) Electrical Engineering
  • Chris Kirk (MS student) Computer Engineering

Funding Source:

National Science Foundation.

 

Copyright © 2002
Page last updated 09/24/2002
Webmaster: julied@vrac.iastate.edu