Design of Hybrid Network Probe Intrusion Detector using FCM

  • Kim, Chang-Su (Department of Internet, Chungwoon University) ;
  • Lee, Se-Yul (Department of Computer Science at Chungwoon University)
  • Published : 2009.03.30

Abstract

The advanced computer network and Internet technology enables connectivity of computers through an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and can not detect new hacking patterns, making it vulnerable to previously unidentified attack patterns and variations in attack and increasing false negatives. Intrusion detection and prevention technologies are thus required. We proposed a network based hybrid Probe Intrusion Detection model using Fuzzy cognitive maps (PIDuF) that detects intrusion by DoS (DDoS and PDoS) attack detection using packet analysis. A DoS attack typically appears as a probe and SYN flooding attack. SYN flooding using FCM model captures and analyzes packet information to detect SYN flooding attacks. Using the result of decision module analysis, which used FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. For the performance evaluation, the "IDS Evaluation Data Set" created by MIT was used. From the simulation we obtained the max-average true positive rate of 97.064% and the max-average false negative rate of 2.936%. The true positive error rate of the PIDuF is similar to that of Bernhard's true positive error rate.

Keywords

References

  1. Solar, "Designing and Attacking Port Scan Detection Tools," Phrack Magazine, Vol. 8, Issue 53, pp. 13-18, 1998
  2. "Real-Time Scan Detector in real time network," http://www .krcert.or.kr
  3. S. Staniford, J. A. Hoagland, and J. M. Mcalerney, "Practical Automated Detection of Stealthy Portscans," http://silicondefense.com/software/spice/index.ht ml
  4. R. Axelrod, "Structure of Decision: The cognitive maps of Political Elites," Princeton, NJ:Princeton University Press, 1976
  5. J. Cannady, "Applying Neural Networks to Misuse Detection," In Proceedings of the 21st National Information System Security Conference, 1998
  6. STRC, Intrusion Detection System and Detection Rates Report, KISA, 2008
  7. L. Feinstein, D. Schnackenberg, R. Balupari, D. Kindred, "Statistical Approaches to DDoS Attack Detection and Response," DARPA Information Survivability Conference and Exposition, 2003
  8. S. Y. Lee, "An Adaptive Probe Detection Model using Fuzzy Cognitive Maps," Ph. D. Dissertation, Daejeon University, 2003
  9. S. Gibson, "The Strange Tale of the Denial of Service Attacks Agent GRC.COM," http://grc.com/dos/grcdos .htm
  10. S. A. Hofmeyr, S. Forrest, and A. Somayaji, "Intrusion detection using sequences of system calls," Journal of Computer Security, Vol. 6, pp.151-180,1998
  11. S. Y. Lee, C. S. Kim, and H. K. Jung, "A Study of a Secure Mobile Agent Services Based on Grid Proxy Gateway," Journal of KIMICS, Vol. 6, No. 3, Dec. 2008
  12. S. Savage, D. Wetherall, A. Karlin, "Pratical Network Support for IP Trace back," In Proceedings of ACM/SIG COMM, 2000
  13. S. Y. Lee and Y. S. Kim, "Design and analysis of probe detection systems for TCP networks," International Journal of Advanced Computational Intelligence and Intelligent Informatics, Vol. 8, pp. 368-380,2004