The method of development of basic detection rules for intrusion detection systems
DOI:
https://doi.org/10.18372/2410-7840.17.9790Keywords:
detection rules, attacks, cyber attacks, anomalies, intrusion detection systems, anomaly detection systemsAbstract
Due to the intensive development of digital business, malicious software and other cyber threats become more and more common. To increase the security level there is a need of relevant special control, which can remain effective when new types of threats are appeared and allows to detect the cyber attacks in fuzzy conditions targeting on many different resources of information systems. The various attacking effects on appropriate resources, generate different sets of anomalies in the heterogeneous parametric environment. It is also known the tuple model of set formation of basic components allowing us to detect cyber attacks. For its effective use it is required a formal approach implementation towards the sets formation of basic detection rules. With this objective the method focused on cyber attacks detection in computer systems was developed. This method is realized through three basic stages: formation of subsets of the anomalous IDs; the formation of critical functions; formation of a conditional detection expression. Using this method, it is possible to generate the necessary set of detection rules that determine the level of abnormal condition of values in the heterogeneous parametric environment. The implementation of this method in building intrusion detection systems will expand their functionality with respect to the cyber attacks detection in the weakly-formalized fuzzy environment.References
Корченко А.А. Кортежная модель формирования набора базовых компонент для выявления кибератак / А.А. Корченко // Правове, нормативне та метрологічне забезпечення системи захисту ін-формації в Україні. – 2014. – В.2 (28). – С. 29-36.
Yao J.T., Zhao S.L., Saxton L.V. «A study on fuzzy intrusion detection» Proc. of SPIE Data Mining, In-trusion Detection, Information Assurance, And Data Networks Security, Orlando, Florida, USA, Vol. 5812, 2005, pp. 23-30.
Fries P. «A Fuzzy-Genetic Approach to Network In-trusion Detection Terrence» Genetic and Evolution-ary Computation Conference, GECCO (Companion) July 12-16, 2008, рр. 2141-2146.
Wijayasekara D., Linda O., Manic M., Rieger C.G. Mining Building Energy Management System Data Using Fuzzy Anomaly Detection and Linguistic De-scriptions. IEEE Trans. Industrial Informatics. Vol. 10, № 3, 2014, pp. 1829-1840.
Shanmugavadivu R., Nagarajan N. «Network Intru-sion Detection System Using Fuzzy Logic», Indian Journal of Computer Science and Engineering (IJCSE), Vol. 2, No. 1, pp. 101-111, 2011.
Linda O., Vollmer T., Wright J., Manic M. «Fuzzy Logic Based Anomaly Detection for Embedded Net-work Security Cyber Sensor», in Proc. IEEE Sympo-sium Series on Computational Intelligence, Paris, France, April, 2011, pp. 202-209.
Bridges S.M., Vaughn R.B. «Fuzzy data mining and genetic algorithms applied to intrusion detection». In: Proceedings of the 23rd National Information Sys-tems Security Conference. October 2000, pp. 13-31.
Shahaboddin Shamshirband, Nor Badrul Anuar, Miss Laiha, Mat Kiah, Sanjay Misra «Anomaly Detection using Fuzzy Q-learning Algorithm» Acta Polytechnica Hungarica. Vol. 11, № 8, 2014, pp. 5-28.
John E. Dickerson, Jukka Juslin, Ourania Koukousoula, Julie A. Dickerson «Fuzzy Intrusion Detection» IFSA World Congress and 20th NAFIPS International Con-ference, 2001. Joint 9th. Vol. 3, pp. 1506-1510.
Chi-Ho Tsang, Sam Kwong, Hanli Wang « Genetic-Fuzzy Rule Mining Approach and Evaluation of Fea-ture Selection Techniques for Anomaly Intrusion De-tection » Pattern Recognition, Vol. 40, №. 9, Sept. 2007, pp. 2373-2391.
Zadeh L.A. «Outline of a New Approach to the Anal-ysis of Complex Systems and Decision Processes» IEEE Transactions on Systems, Man, and Cybernet-ics, Vol. SMC-3, №. 1, January 1973, рр. 28-44.
Gómez J., González F., Dasgupta D. «An Immuno-Fuzzy Approach to Anomaly Detection» The 12th IEEE International Conference on Fuzzy Systems, FUZZ-IEEE 25-28 May 2003, рр. 1219-1224.
A Fuzzy Approach For Detecting Anomalous Behav-iour in E-mail Traffic [Electronic resource] / Mark JynHuey Lim, Michael Negnevitsky, Jacky Hartnett // About Research Online @ ECU. – Electronic data. – Perth Western Australia] : Edith Cowan University, 2006. – Mode of access: World Wide Web. – URL: http://ro.ecu.edu.au/adf/29/. – Title from title screen. – Description based on home page (viewed on May 26, 2015).
Корченко А.А. Модель эвристических правил на логико-лингвистических связках для обнаружения аномалий в компьютерных системах / А.А. Корченко // Захист інформації. – 2012. – № 4 (57). – С. 112-118.
Стасюк А.И. Базовая модель параметров для построения систем выявления атак / А.И. Стасюк, А.А. Корченко // Захист інформації. – 2012. – № 2 (55). – С. 47-51.
Модели эталонов лингвистических переменных для систем выявления атак / М.Г. Луцкий, А.А. Корченко, А.В. Гавриленко, А.А Охрименко // Захист інформації. – 2012. – № 2 (55). – С. 71-78.
Стасюк А.И. Метод выявления аномалий порожденных кибератаками в компьютерных сетях / А.И. Стасюк, А.А. Корченко // Захист інформації. – 2012. – №4 (57). – С. 129-134.
Корченко А.А. Метод формирования лингвистических эталонов для систем выявления вторжений / А.А. Корченко // Захист інформації. – Т.16, №1. – 2014. – С. 5-12.
Корченко А.А. Метод фаззификации параметров на лингвистических эталонах для систем выявления кибератак / А.А. Корченко // Безпека інформації. – 2014. – № 1 (20). – С. 21-28.
Корченко А.А. Метод α-уровневой номинализации нечетких чисел для систем обнаружения вторжений / А.А. Корченко // Захист інформації. – Т.16, №4. – 2014. – С. 292-304.
Корченко А.А. Метод определения идентифицирующих термов для систем обнаружения вторжений / А.А. Корченко // Безпека інформації. – Т.20, № 3. – 2014. – С. 217-223.
Корченко А.А. Система выявления аномального состояния в компьютерных сетях / А.А. Корченко // Безпека інформації. – 2012. – № 2 (18). – С. 80-84.
Корченко А.А. Система формирования нечетких эталонов сетевых параметров / А.А. Корченко // Захист інформації. – 2013. – Т.15, №3. – С. 240-246.
Корченко А.А. Система формирования эвристи-ческих правил для оценивания сетевой активности / А.А. Корченко // Захист інформації. – 2013. – №4. Т.15. – С. 353-359.
Корченко А.Г. Построение систем защиты ин-формации на нечетких множествах [Текст] : Теория и практические решения / А.Г. Корченко. – К. : МК-Пресс, 2006. – 320 с.
Anna Korchenko, Kornel Warwas, Aleksandra Kłos-Witkowska. The Tupel Model of Basic Components' Set Formation for Cyberattacks // Proceedings of the 2015 IEEE 8th International Conference on «Intelli-gent Data Acquisition and Advanced Computing Sys-tems: Technology and Applications» (IDAACS’2015), Warsaw, Poland, September 24-26, 2015: Vol. 1. – pp. 478-483.
Downloads
Published
Issue
Section
License
Authors who publish with this journal agree to the following terms:- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
