Skip to main content
SpringerLink
Log in

Fuzzy Model Tuning for Intrusion Detection Systems

  • Conference paper
Autonomic and Trusted Computing (ATC 2006)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 4158))

Included in the following conference series:

Abstract

Intrusion Detection System (IDS) detects ongoing intrusive activities in information systems. However, an IDS usually suffers high false alarm especially in a dynamically changing environment, which forces continuous tuning on its detection model to maintain sufficient performance. Currently, the manually tuning work greatly depends on the user to work out and integrate the tuning solution. We have developed an automatically tuning intrusion detection system (ATIDS). The experimental results show that when tuning is not delayed too long, the system can achieve about 20% improvement compared with the system without model tuner. But the user can only control whether the tuning should be performed by sending/blocking feedbacks. To give the user more powerful but intuitive control on the tuning, we develop a fuzzy model tuner, through which the user can tune the model fuzzily but yield much appropriate tuning. The results show the system can achieve about 23% improvement.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Brbara, D., et al.: ADAM: Detecting Intrusions by Data Mining. In: Proceedings of the 2001 IEEE Workshop on Information Assurance and Security (June 2001)

    Google Scholar 

  2. Ertoz, L., et al.: The MINDS - Minnesota Intrusion Detection System. In: Next Generation Data Mining. MIT Press, Cambridge (2004)

    Google Scholar 

  3. Lee, W., Stolfo, S.: 1998. In: Proceedings of the 7th USENIX Security Symposium (SECURITY 1998) (January 1998)

    Google Scholar 

  4. Lee, W., Stolfo, S., Mok, K.: A Data Mining Framework for Building Intrusion Detection Models. In: Proceedings of the IEEE Symposium on Security and Privacy (1999)

    Google Scholar 

  5. Lee, W., Stolfo, S.: A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security 3(4) (November 2000)

    Google Scholar 

  6. Ye, N., et al.: Statistical Process Control for Computer Intrusion Detection. In: Proceedings of DARPA Information Survivability Conference and Exposition (DISCEX II), vol. 1 (June 2001)

    Google Scholar 

  7. Ye, N.: Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection. IEEE Transactions on Computers 51(7) (July 2002)

    Google Scholar 

  8. Ye, N., Vilbert, S., Chen, Q.: Computer Intrusion Detection through EWMA for Auto correlated and Uncorrelated Data. IEEE Transactions on Reliability 52(1) (March 2003)

    Google Scholar 

  9. Julish, K.: Data Mining for Intrusion Detection: A Critical Review. In: IBM Research Report (#93450) (February 2002)

    Google Scholar 

  10. Dubrawsky, I., Saville, R.: SAFE: IDS Deployment, Tuning, and Logging in Depth. CISCO SAFE White paper, http://www.cisco.com/go/safe

  11. Lee, K., Stolfo, S., Chan, P.: Real Time Data Mining-Based Intrusion Detection. In: Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX II), Anaheim, CA, pp. 12–14 (June 2001)

    Google Scholar 

  12. Eskin, E., et al.: Adaptive Model Generation for Intrusion Detection Systems. In: Proceedings of the Workshop on Intrusion Detection and Prevention. 7th ACM Conference on Computer Security (November 2000)

    Google Scholar 

  13. Honig, A., et al.: Adaptive Model Generation: An Architecture for the Deployment of Data Mining-based Intrusion Detection Systems. In: Data Mining for Security Application (2002)

    Google Scholar 

  14. Hossian, M., Bridges, S.: A Framework for an Adaptive Intrusion Detection System with Data Mining. In: Proceedings of the 13th annual Canadian Information Technology Security Symposium (June 2001)

    Google Scholar 

  15. Kumar, S., Spafford, E.: A Pattern Matching Model for Misuse Intrusion Detection. In: Proceedings of the 17th National Computer Security Conference (1994)

    Google Scholar 

  16. Li, X., Ye, N.: Decision Tree Classifiers for Computer Intrusion Detection. Journal of Parallel and Distributed Computing Practices 4(2) (2003)

    Google Scholar 

  17. Ryan, J., Lin, M.J., Miikkulainen, R.: Intrusion Detection with Neural Network. In: Advances in Neural Information Processing Systems, pp. 943–949. MIT Press, Cambridge (1998)

    Google Scholar 

  18. Yu, Z., Tsai, J.: A Multi-Class SLIPPER System for Intrusion Detection. In: Proceedings of the 28th IEEE Annual International Computer Software and Applications Conference (September 2004)

    Google Scholar 

  19. Cohen, W.W., Singer, Y.: A Simple, Fast, and Effective Rule Learner. In: Proceedings of Annual Conference of American Association for Artificial Intelligence (1999)

    Google Scholar 

  20. Robert, S., Yoram, S.: Improved Boosting Algorithms using Confidence-rated Predictions. Machine Learning 37(3), 297–336 (1999)

    Article  MATH  Google Scholar 

  21. Mukaidono, M.: Fuzzy Logic for Beginners. World Scientific Publishing Co., Ltd, Singapore (2001)

    MATH  Google Scholar 

  22. Wang, L.X.: A Course in Fuzzy Systems and Control, 1st edn. Prentice Hall, Englewood Cliffs (1996)

    Google Scholar 

  23. Pfahringer, B.: Winning the KDD 1999 Classification Cup: Bagged Boosting. ACM SIGKDD Explorations 1(2), 65–66

    Google Scholar 

  24. Elkan, C.: Results of the KDD 1999 Classifier Learning. ACM SIGKDD Explorations (January 2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Illinois, 851 S. Morgan Street, Chicago, IL, 60607, USA

    Zhenwei Yu & Jeffrey J. P. Tsai

Authors
  1. Zhenwei Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jeffrey J. P. Tsai
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, St. Francis Xavier University, Antigonish, Canada

    Laurence T. Yang

  2. Services Computing Technology and System Lab Cluster and Grid Computing Lab School of Computer Science and Technology, Huazhong University of Science and Technology, 430074, Wuhan, China

    Hai Jin

  3. Hosei University, 184-8584, Tokyo, Japan

    Jianhua Ma

  4. Department of Computer Science, University of Augsburg, 86135, Augsburg, Germany

    Theo Ungerer

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yu, Z., Tsai, J.J.P. (2006). Fuzzy Model Tuning for Intrusion Detection Systems. In: Yang, L.T., Jin, H., Ma, J., Ungerer, T. (eds) Autonomic and Trusted Computing. ATC 2006. Lecture Notes in Computer Science, vol 4158. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11839569_19

Download citation

  • DOI: https://doi.org/10.1007/11839569_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-38619-3

  • Online ISBN: 978-3-540-38622-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation