Abstract
The performance of an intrusion detector depends on several factors, like its internal architecture and the algorithms it uses. Thus, distinct detectors can behave distinctly when submitted to the same inputs. The project diversity theory has been successfully used in the fault tolerance domain, and can also bring benefits to the intrusion detection area. The objective of this paper is to propose and evaluate a mathematical model, based on the fuzzy set theory, for the composition of heterogeneous intrusion detectors analyzing the same event flow. This model intends to combine the individual detectors’ results into a more accurate global result. Experimental results show the usefulness of this approach.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
A. Avizienis and J. P. Kelly. Fault tolerance by design diversity: Concepts and experiments. IEEE Computer, pages 67–80, August 1984.
S. Bachi, Y. Mei, B. Boo B, and Y Wu. Collaborative intrusion detection system (CIDS): A framework for accurate and efficient IDS. In Annual Computer Security Applications Conference, 2003.
N. Carey, A. Clark, and G. Mohay. IDS interoperability and correlation using IDMEF and commodity systems. In Intl Conference on Information and Communications Security, 2002.
O. Dain and R. Cunningham. Fusing heterogeneous alert streams into scenarios. In ACM Conference on Computer and Communications Security, 2001.
F. Cuppens F. and Mi‘ege. Alert correlation in a cooperative intrusion detection framework. In IEEE Symposium on Security and Privacy, 2002.
K. Julisch. Clustering intrusion detection alarms to support root cause analysis. ACM Transactions on Information and System Security, November 2003.
C. Kahn, P. Porras, S. Staniford-Chen, and B. Tung. A common intrusion detection framework, 1998.
G. Klir and B. Yuan. Fuzzy Sets and Fuzzy Logic: Theory and Applications. Prentice Hall PTR, 1995.
K. Ko, T. Fraser, L. Badger, and D. Kilpatrick. Detecting and countering system intrusions using software wrappers. In USENIX Security Symposium, 2000.
C. Kreibich and R. Sommer. Policy-controlled event management for distributed intrusion detection. In Intl Workshop on Distributed Event-Based Systems, June 2005.
T. Leckie and A. Yasinsac. Metadata for anomaly-based security protocol attack deduction. IEEE Transactions on Knowledge and Data Engineering, 16(9):1157–1168, September 2004.
R. Lippmann, J. Haines, D. Fried, J. Korba, and K. Das. The 1999 DARPA off-line intrusion detection evaluation. Computer Networks, 34(4):579–595, 2000.
B. Littlewood and Stringini. Redundancy and diversity in security. In European Symposium on Research in Computer Security, France, 2004.
R. Maxion and K. Tan. The effects of algorithmic diversity on anomaly detector performance. In IEEE/IFIP Intl Conference on Dependable Systems and Networks, July 2005.
P. Mell, V. Hu, R. Lippmann, J. Haines, and M. Zissman. An overview of issues in testing intrusion detection systems. Technical Report Interagency Report 7007, National Institute of Standards and Technologies, June 2003.
C. E. Metz. Basic principles of ROC analysis. Seminars in Nuclear Medicine, 8(4):283–298, 1978.
J. Ulvila and J. Gaffney Jr. Evaluation of intrusion detection systems. NIST Journal of Research, 108(6), November 2003.
G. Vert, D. Frincke, and J. McConnell. A visual mathematical model for intrusion detection. In 21st NIST-NCSC National Information Systems Security Conference, 1998.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Raguenet, I., Maziero, C. (2008). A Fuzzy Model for the Composition of Intrusion Detectors. In: Jajodia, S., Samarati, P., Cimato, S. (eds) Proceedings of The Ifip Tc 11 23rd International Information Security Conference. SEC 2008. IFIP – The International Federation for Information Processing, vol 278. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-09699-5_16
Download citation
DOI: https://doi.org/10.1007/978-0-387-09699-5_16
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-09698-8
Online ISBN: 978-0-387-09699-5
eBook Packages: Computer ScienceComputer Science (R0)