Abstract
Intrusion Detection System (IDS) detects ongoing intrusive activities in information systems. However, an IDS usually suffers high false alarm especially in a dynamically changing environment, which forces continuous tuning on its detection model to maintain sufficient performance. Currently, the manually tuning work greatly depends on the user to work out and integrate the tuning solution. We have developed an automatically tuning intrusion detection system (ATIDS). The experimental results show that when tuning is not delayed too long, the system can achieve about 20% improvement compared with the system without model tuner. But the user can only control whether the tuning should be performed by sending/blocking feedbacks. To give the user more powerful but intuitive control on the tuning, we develop a fuzzy model tuner, through which the user can tune the model fuzzily but yield much appropriate tuning. The results show the system can achieve about 23% improvement.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Brbara, D., et al.: ADAM: Detecting Intrusions by Data Mining. In: Proceedings of the 2001 IEEE Workshop on Information Assurance and Security (June 2001)
Ertoz, L., et al.: The MINDS - Minnesota Intrusion Detection System. In: Next Generation Data Mining. MIT Press, Cambridge (2004)
Lee, W., Stolfo, S.: 1998. In: Proceedings of the 7th USENIX Security Symposium (SECURITY 1998) (January 1998)
Lee, W., Stolfo, S., Mok, K.: A Data Mining Framework for Building Intrusion Detection Models. In: Proceedings of the IEEE Symposium on Security and Privacy (1999)
Lee, W., Stolfo, S.: A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security 3(4) (November 2000)
Ye, N., et al.: Statistical Process Control for Computer Intrusion Detection. In: Proceedings of DARPA Information Survivability Conference and Exposition (DISCEX II), vol. 1 (June 2001)
Ye, N.: Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection. IEEE Transactions on Computers 51(7) (July 2002)
Ye, N., Vilbert, S., Chen, Q.: Computer Intrusion Detection through EWMA for Auto correlated and Uncorrelated Data. IEEE Transactions on Reliability 52(1) (March 2003)
Julish, K.: Data Mining for Intrusion Detection: A Critical Review. In: IBM Research Report (#93450) (February 2002)
Dubrawsky, I., Saville, R.: SAFE: IDS Deployment, Tuning, and Logging in Depth. CISCO SAFE White paper, http://www.cisco.com/go/safe
Lee, K., Stolfo, S., Chan, P.: Real Time Data Mining-Based Intrusion Detection. In: Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX II), Anaheim, CA, pp. 12–14 (June 2001)
Eskin, E., et al.: Adaptive Model Generation for Intrusion Detection Systems. In: Proceedings of the Workshop on Intrusion Detection and Prevention. 7th ACM Conference on Computer Security (November 2000)
Honig, A., et al.: Adaptive Model Generation: An Architecture for the Deployment of Data Mining-based Intrusion Detection Systems. In: Data Mining for Security Application (2002)
Hossian, M., Bridges, S.: A Framework for an Adaptive Intrusion Detection System with Data Mining. In: Proceedings of the 13th annual Canadian Information Technology Security Symposium (June 2001)
Kumar, S., Spafford, E.: A Pattern Matching Model for Misuse Intrusion Detection. In: Proceedings of the 17th National Computer Security Conference (1994)
Li, X., Ye, N.: Decision Tree Classifiers for Computer Intrusion Detection. Journal of Parallel and Distributed Computing Practices 4(2) (2003)
Ryan, J., Lin, M.J., Miikkulainen, R.: Intrusion Detection with Neural Network. In: Advances in Neural Information Processing Systems, pp. 943–949. MIT Press, Cambridge (1998)
Yu, Z., Tsai, J.: A Multi-Class SLIPPER System for Intrusion Detection. In: Proceedings of the 28th IEEE Annual International Computer Software and Applications Conference (September 2004)
Cohen, W.W., Singer, Y.: A Simple, Fast, and Effective Rule Learner. In: Proceedings of Annual Conference of American Association for Artificial Intelligence (1999)
Robert, S., Yoram, S.: Improved Boosting Algorithms using Confidence-rated Predictions. Machine Learning 37(3), 297–336 (1999)
Mukaidono, M.: Fuzzy Logic for Beginners. World Scientific Publishing Co., Ltd, Singapore (2001)
Wang, L.X.: A Course in Fuzzy Systems and Control, 1st edn. Prentice Hall, Englewood Cliffs (1996)
Pfahringer, B.: Winning the KDD 1999 Classification Cup: Bagged Boosting. ACM SIGKDD Explorations 1(2), 65–66
Elkan, C.: Results of the KDD 1999 Classifier Learning. ACM SIGKDD Explorations (January 2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yu, Z., Tsai, J.J.P. (2006). Fuzzy Model Tuning for Intrusion Detection Systems. In: Yang, L.T., Jin, H., Ma, J., Ungerer, T. (eds) Autonomic and Trusted Computing. ATC 2006. Lecture Notes in Computer Science, vol 4158. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11839569_19
Download citation
DOI: https://doi.org/10.1007/11839569_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-38619-3
Online ISBN: 978-3-540-38622-3
eBook Packages: Computer ScienceComputer Science (R0)