A Framework for Hybrid Fuzzy Logic Intrusion Detection Systems

El-Semary, Aly Mohamed; Edmonds, J.; González, Juan R.; Papa, Mauricio

doi:10.1109/fuzzy.2005.1452414

Cited by 18 publications

(13 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Commonly employed methods are generating rules based on the histogram of attribute values [10,11], or based on partition of overlapping areas [10,11,184], or based on fuzzy implication tables [291], or by fuzzy decision trees [194], or by association rules [84] or by SVMs [279]. Due to the rapid development of computational intelligence, approaches with learning and adaptive capabilities have been widely used to automatically construct fuzzy rules.…”

Section: Fuzzy Misuse Detectionmentioning

confidence: 99%

See 1 more Smart Citation

The use of computational intelligence in intrusion detection systems: A review

Banzhaf

2010

Applied Soft Computing

568

248

View full text Add to dashboard Cite

Intrusion detection based upon computational intelligence is currently attracting considerable interest from the research community. Characteristics of computational intelligence (CI) systems, such as adaptation, fault tolerance, high computational speed and error resilience in the face of noisy information fit the requirements of building a good intrusion detection model. Here we want to provide an overview of the research progress in applying CI methods to the problem of intrusion detection. The scope of this review will be on core methods of CI, including artificial neural networks, fuzzy systems, evolutionary computation, artificial immune systems, swarm intelligence, and soft computing. The research contributions in each field are systematically summarized and compared, allowing us to clearly define existing research challenges, and to highlight promising new research directions. The findings of this review should provide useful insights into the current IDS literature and be a good source for anyone who is interested in the application of CI approaches to IDSs or related fields.

show abstract

Section: Fuzzy Misuse Detectionmentioning

confidence: 99%

“…Florez et al [94] later described an algorithm for computing the similarity between two fuzzy association rules based on prefix trees, so better running time and accuracy were achieved. El-Semary et al compared the test data samples against fuzzy association rules directly by a fuzzy inference engine [84].…”

Section: Fuzzy Anomaly Detectionmentioning

confidence: 99%

The use of computational intelligence in intrusion detection systems: A review

Banzhaf

2010

Applied Soft Computing

568

248

View full text Add to dashboard Cite

show abstract

“…Since 1995 several classification techniques have been adopted for intrusion detection, including neural networks [8], genetic algorithms [9], state transition [10], immune system [11], Bayesian network [12], fuzzy logic [13], hidden Markov models [8], decision tree [14]. A comprehensive study on anomaly-based IDS has been provided in [26].…”

Section: Related Workmentioning

confidence: 99%

Smart Grid Cyber Security Challenges: Overview and Classification

Mendel¹

2017

e-mentor

View full text Add to dashboard Cite

In this paper we present a model-based intrusion detection system (IDS) for home area networks (HANs) within the smart grid. Considering that ZigBee is the dominant technology in future HAN, the proposed IDS is designed to target ZigBee standard. Our focus is on the physical and medium access control (MAC) layers of ZigBee technology, which are defined in IEEE 802.15.4 standard. In the proposed IDS, normal behavior of the network is modeled through specifications extracted from the IEEE 802.15.4 standard as well as features of wireless network traffic. Deviations from normal behavior can be a sign of malicious activities. We use Bayesian network as a classifier to distinguish the normal and malicious behavior of the network according to extracted features. We further investigate the physical and MAC layer attacks in IEEE 802.15.4 networks that have been introduced in literature. In order to evaluate the performance of the proposed method we simulate a HAN network as well as some attack scenarios, in NS-2 simulation environment. We evaluate the performance of the proposed IDS against these attacks. Analysis and simulation results demonstrate that the proposed IDS provides good detection performance against known attacks, and since this is an IDS based on anomalous event detection, we expect the same for unknown attacks. KeywordsHAN, IDS, smart grid I TRODUCTIOSmart grid is a vision to modernize the electricity transmission and distribution systems. Smart grid incorporates computer intelligence into the power system, and provides two way energy flow and data communication. Unlocking the tremendous potential of the smart grid such as resilience, high power quality, and consumer participation, strongly depends on the security of this system. Integration of a data layer to the power grid can expose the system to many cyber security threats. Smart grid is an infrastructure that many other utilities rely on; without strong security measures, not only the smart grid will inherit the vulnerabilities of the legacy power system, but also new vulnerabilities will be added due to the proliferation of new technologies.In the 2009 White House Cyberspace Policy Review, federal government was asked to "ensure that security standards are developed and adopted to avoid creating unexpected opportunists to penetrate these systems or conduct large-scale attacks" [1]. The US National Institute of Standards and Technology (NIST) has provided guidelines for developers and policy makers, covering cyber security requirements of the smart grid that should be included from the beginning of the development process [2]. Along with the security mechanisms that should be designed into the smart grid with the goal of reducing the vulnerabilities and mitigating their consequences, such as cryptographic algorithms and secure protocols, appropriate intrusion detection systems (IDSs) are also required. The need for research on intrusion detection for embedded processors has been emphasized in "NIST guidelines for smart grid cyber security", ...

show abstract

“…Qin [17] used data mining to profile normal network behavior. Bridges and Vaughn [18], Dickerson et al [10,11], Luo and Bridges [16] used fuzzy logic and data mining to model normal network behavior, and Elsemary et al [13][14][15] use fuzzy association rules to model both network behavior and attack signature but their model is neither scalable nor distributed. Last, but not least, Ming-Yang Su [19] uses the frequency episode rules implemented by finite state machines to design a real-time network-based intrusion prevention system for Probe/Exploit intrusion.…”

Section: Introductionmentioning

confidence: 99%

“…Anomaly-based systems employ various techniques including artificial intelligence [3], statistical analysis [2], machine learning [7] and data mining [8,9]. Recently, fuzzy logic together with data mining IDSs [10][11][12][13][14][15][16] have been successfully used to identify anomalies. Anomaly detection systems are capable of detecting attacks for which well-defined patterns do not exist (such as new attacks or variations of existing attacks).…”

Section: Introductionmentioning

confidence: 99%

Distributed and Scalable Intrusion Detection System Based on Agents and Intelligent Techniques

El-Semary¹,

Mostafa²

2010

Journal of Information Processing Systems

View full text Add to dashboard Cite

Abstract-The Internet explosion and the increase in crucial web applications such as ebanking and e-commerce, make essential the need for network security tools. One of such tools is an Intrusion detection system which can be classified based on detection approachs as being signature-based or anomaly-based. Even though intrusion detection systems are well defined, their cooperation with each other to detect attacks needs to be addressed. Consequently, a new architecture that allows them to cooperate in detecting attacks is proposed. The architecture uses Software Agents to provide scalability and distributability. It works in two modes: learning and detection. During learning mode, it generates a profile for each individual system using a fuzzy data mining algorithm. During detection mode, each system uses the FuzzyJess to match network traffic against its profile. The architecture was tested against a standard data set produced by MIT's Lincoln Laboratory and the primary results show its efficiency and capability to detect attacks. Finally, two new methods, the memory-window and memoryless-window, were developed for extracting useful parameters from raw packets. The parameters are used as detection metrics.

show abstract

A Framework for Hybrid Fuzzy Logic Intrusion Detection Systems

Cited by 18 publications

References 16 publications

The use of computational intelligence in intrusion detection systems: A review

The use of computational intelligence in intrusion detection systems: A review

Smart Grid Cyber Security Challenges: Overview and Classification

Distributed and Scalable Intrusion Detection System Based on Agents and Intelligent Techniques

Contact Info

Product

Resources

About