A fuzzy Intrusion Detection System based on categorization of attacks

Intrusion Detection Systems (IDS) play a key role in defence against variety of cyber attacks in computer systems and network environments. However, modern DoS attacks that blend normal and malicious network traffic, significantly increase the rate of false alarms, hence challenge the effectiveness of IDS. In this paper, we propose a fuzzy IDS to address the uncertainty problem in distinguishing between normal and malicious network traffic. The proposed fuzzy detection engine implements a taxonomy of DoS attacks in a decision-tree structure, to combine expert knowledge and machine intelligence. The introduction of fuzziness in misuse patterns makes it possible to focus on category of attacks rather than crisp attack thresholds which are easily bypassed by slight variations in attack methods. On the other hand, our approach is different from anomaly detection, since our defined categories are more detailed than just normal and abnormal. The proposed system is tested experimentally against KDD Cup 99 intrusion detection dataset. Comparing to other related works, our system exhibited a detection rate of 99.91%,while only produced around 1600 false alarms in more than 5 million test sessions, against DoS flooding attacks, where just a reduced number of features employed.