Abstract
The objective of this paper is to develop a Fuzzy Rule-Base Based Intrusion Detection System on Application Layer which works in the application layer of the network stack. FASIDS consist of semantic IDS and Fuzzy based IDS. Rule based IDS looks for the specific pattern which is defined as malicious. A non-intrusive regular pattern can be malicious if it occurs several times with a short time interval. At application layer, HTTP traffic’s header and payload are analyzed for possible intrusion. In the proposed misuse detection module, the semantic intrusion detection system works on the basis of rules that define various application layer misuses that are found in the network. An attack identified by the IDS is based on a corresponding rule in the rule-base. An event that doesn’t make a ‘hit’ on the rule-base is given to a Fuzzy Intrusion Detection System (FIDS) for further analysis.
In a Rule-based intrusion detection system, an attack can either be detected if a rule is found in the rule base or goes undetected if not found. If this is combined with FIDS, the intrusions went undetected by RIDS can further be detected. These non-intrusive patterns are checked by the fuzzy IDS for a possible attack. The non-intrusive patterns are normalized and converted as linguistic variable in fuzzy sets. These values are given to Fuzzy Cognitive Mapping (FCM). If there is any suspicious event, then it generates an alarm to the client/ server. Results show better performance in terms of the detection rate and the time taken to detect. The detection rate is increased with reduction in false positive rate for a specific attack.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abbes, T., Bouhoula, A., Rusinowitch, M.: Protocol Analysis in Intrusion Detection Using Decision Tree. In: The Proceedings of International Conference on Information Technology: Coding and Computing (ITCC 2004). IEEE, Los Alamitos (2004)
Siraj, A., Bridges, S.M., Vaughn, R.B.: Fuzzy Cognitive Maps For Decision Support in an Intelligent Intrusion Detection System. In: The Proceedings of 20th International Conference of North American Fuzzy Information (NAFIPS), vol. 4, pp. 2165–2170 (2001)
Brubaker, D.: Fuzzy cognitive maps, EDN access (1996)
Carvalho, J.P., Tome, J.A.B.: Rule-based fuzzy cognitive maps and fuzzy cognitive maps – a comparative study. In: The Proceedings of the 18th International Conference of the North American Fuzzy Information (NAFIPS), pp. 115–119 (1999)
Sangeetha, S., Vaidehi, V., Srinivasan, N.: Implementation of Application Layer Intrusion Detection System using Protocol Analysis. In: Proceedings of International Conference on Signal Processing, Networking and Communications, ICSCN 2008, pp. 279–284 (2008)
Bellamy Jr., W.: TCP Port 80 - HyperText Transfer Protocol (HTTP) Header Exploitation (2002), http://Cgisecurity.com
Hallaraker, O., Vigna, G.: Detecting malicious JavaScript code in Mozilla. In: The Proceedings of the 10th International Conference on Engineering of Complex Computer Systems (ICECCS 2005), pp. 85–94 (2005)
Krugel, C., Toth, T.: Using decision trees to improve signature-based intrusion detection. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 173–191. Springer, Heidelberg (2003)
Bridges, S.M., Vaughn, R.B., Siraj, A.: AI Techniques Applied to High Performance Computing Intrusion Detection. In: Proceeding of the Tenth International Conference on Telecommunication Systems, Modeling and Analysis, Monterey CA, vol. 2, pp. 100–114 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sangeetha, S., Haripriya, S., Mohana Priya, S.G., Vaidehi, V., Srinivasan, N. (2010). Fuzzy Rule-Base Based Intrusion Detection System on Application Layer. In: Meghanathan, N., Boumerdassi, S., Chaki, N., Nagamalai, D. (eds) Recent Trends in Network Security and Applications. CNSA 2010. Communications in Computer and Information Science, vol 89. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14478-3_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-14478-3_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14477-6
Online ISBN: 978-3-642-14478-3
eBook Packages: Computer ScienceComputer Science (R0)