Detection of attacks in the corporate network using the rules of fuzzy logic
DOI:
https://doi.org/10.18372/2310-5461.48.15125Keywords:
information security, intrusion, corporate network, data mining, fuzzy logic, fuzzy systemAbstract
The problem of identifying possible attacks on corporate network resources is considered. An analysis of approaches to the detection of information security violations using fuzzy set theory is performed. It is shown that in order to increase the efficiency of detecting situations related to a possible invasion, it is necessary to use modern technologies of intellectual analysis using the rules and methods of fuzzy logic. A block diagram of a fuzzy system for detecting abnormal traffic in a network segment is proposed. In the expert system, the knowledge of experts is formalized in the form of a set of rules that allow you to make decisions in difficult situations. The analyst (knowledge engineer) is structuring the knowledge of experts in the form of a knowledge base. The rules-based expert system consists of a knowledge base, a inference mechanism, a result explanation unit and a user interface. For a particular corporate network there are characteristic traffic parameters that can be determined by accumulating statistical information on network behavior for any period of operation. The most important point in the procedure of fuzzy system synthesis is the selection and compilation of rules, or in other words, the synthesis of the table of linguistic rules of the system. The linguistic rules of the system are heuristically compiled by the developer, who is well informed about the technological features of the object. In the analytical description of the object, machine modeling of the developed system with iterative correction of linguistic rules is performed. In the absence of an analytical description of the object, the rules were adjusted immediately after the implementation of the system. According to the scheme, the analyzer performs diagnostics and filtering of the input data, the fafifier translates from numerical to linguistic form the corresponding data. The classifier analyzes the received input information determines the relevant situation in which the knowledge base, activating certain production rules. The defasifier translates from linguistic to digital form and generates a corresponding ruleReferences
Motro A., Smet, P. Uncertainty Management in Information Systems: From Needs to Solutions. Springer, 1997. 464 p.
Parsons S. Current Approaches to Handling Imperfect Information in Data and Knowledge Bases. Knowledge and Data Engineering IEEE. 1996. Vol.8. №3. P. 483-488.
Sugeno M., Takagi T. Fuzzy Identification of Systems and It’s Applications to Modeling and Control. IEEE Trans. On Systems, Man, and Cybernetics. 1985. №15. P. 116-132.
Ishibuchi H., Nojima Y. Pattern Classification with Linguistic Rules. Fuzzy Sets and Their Extensions: Representation, Aggregation and Models Studies in Fuzziness and Soft Computing. 2008. Vol. 220. P. 377-395.
Толюпа С. В., Штаненко С. С., Берестовенко Г. Класифікаційні ознаки систем виявлення атак та напрямки їх побудови. Збірник наукових праць Військового інституту телекомунікацій та інформатизації імені Героїв Крут. 2018. Вип. 3. С. 56-66.
Пархоменко І. І. Автоматизоване управління ділянкою очищення дифузійного соку на базі нечіткої логіки. Автоматизація виробничих процесів. 2001. №1(12). С. 36-44
Zadeh L. A. Fuzzy Sets. Information and Control. 1965. Vol.8. P. 338-353.
Заде Л. А. Понятие лингвистической переменной: и ее применение к принятию приближенных решений. М.: Мир, 1976. 167 с.
Yang H., Xie F., Lu Y. Clustering and classification based anomaly detection. Fuzzy Systems and Knowledge Discovery. 2006. Vol. 4223. P. 1082–1091.
Bhattacharyya D. K., Kalita J. K. Network Anomaly Detection. A Machine Learning Perspective. CRC Press, 2014. 364 p.
Tajbakhsh A., Rahmati M., Mirzaei A. Intrusion detection using fuzzy association rules. Applied Soft Computing. 2009. Vol. 9. No. 2. P. 462.
Takagi T., Sugeno M. Fuzzy Identification of Systems and Its Applications to Modeling and Control. IEEE Transactions on Systems. Man and Cybernetics. 1985. Vol. SМС-15. №1. pp. 11.6-132.
Popat D., Sherda H., Taniar D. Classification of Fuzzy Data in Database Management System. Proceedings of 8th International KES Conference (Wellington, New Zealand). 2004. P. 691-697.
Blanco I. J., Marin N., Martinez Cruz C., Vila M.A. About the Use of Ontologies for Fuzzy Knowledge Representation. Proceedings of the Joint 4th Conference of the European Society for Fuzzy Logic and Technology (Barcelona, Spain, 2005). 2005. P. 106-111.
Гнатчук Є. Г. Моделювання нечіткого логічного висновку процесу діагностування комп’ютерних засобів. Вісник Вінницького політехнічного інституту. 2005. №6 (63). С. 220-224.
Ma Z.M., Yan, L. A Literature Overview of Fuzzy Database Models. J. Inf. Sci. Eng. 2008. №24. P. 189-202.
Кравець П., Киркало Р. Системи прийняття рішень з нечіткою логікою. Вісник Національного університету “Львівська політехніка”. Львів. 2009. №650. С. 116-123